Updated by Github Bot

EXP-Tools · Oct 11, 2024 · b65b783 · b65b783
1 parent 64f850a
commit b65b783
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 66 deletions.
diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat
@@ -183,3 +183,18 @@ ba973dbffa609f5155007e8944eb5185
 9dd1bbcf27a0fe513b528c267417136a
 803b03ed0a57f6a2ae5b14b1e13edc13
 7f5f025dfb1cef5c6ac4e19db783dd54
+7aeafc0758c3593ec6f58e8fc4887499
+97298db86b6af216d7a237f675d7abec
+c16a68ecae6acc5cfecb56244c15f36d
+59127b44eba6578f6ab7660f95e3b5b9
+9edb908be454e918dec8659faddb8dc1
+fc3b8f30b5bc64fee45b47a4ed0156f6
+c5ae774397caa2ea5dd49faed44dfe12
+5cdbc6c7e389a754471c4177de7250fa
+3177adc027853fda4d87379416217047
+6e401fc8041ebbcb508e66f561426d4f
+c41e75b363a0d63008aa1111a275463f
+e5aeb22cfaae8005adfe28dc40a93215
+3fd96f0c1be7d79a929bb173a63ffc0e
+82ddf24294810834c0a6812d598c2c17
+bae0474506c706f03c84a7d8291d143f
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-10-10 21:23:24 -->
+<!-- RELEASE TIME : 2024-10-11 03:28:18 -->
 <html lang="zh-cn">
 
  <head>
@@ -366,79 +366,79 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>4b0e3d6ba62b645859b02ee236ddfed6</td>
        <td>CVE-2024-9675</td>
-       <td>2024-10-09 15:15:17 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:17</td>
        <td>A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9675">详情</a></td>
       </tr>
 
       <tr>
        <td>7cc2ce445eee380aeefafd320d6e36ea</td>
        <td>CVE-2024-9671</td>
-       <td>2024-10-09 15:15:17 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:17</td>
        <td>A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9671">详情</a></td>
       </tr>
 
       <tr>
        <td>66a0e0f0247a580c96ef0720c2b26e75</td>
        <td>CVE-2024-8048</td>
-       <td>2024-10-09 15:15:17 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:17</td>
        <td>In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8048">详情</a></td>
       </tr>
 
       <tr>
        <td>b49ccbb7dc60d5a40c114eb8d749f97a</td>
        <td>CVE-2024-8015</td>
-       <td>2024-10-09 15:15:17 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:17</td>
        <td>In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8015">详情</a></td>
       </tr>
 
       <tr>
        <td>8cb5affd02ee85bee6e92671e1d7ba96</td>
        <td>CVE-2024-8014</td>
-       <td>2024-10-09 15:15:16 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:16</td>
        <td>In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8014">详情</a></td>
       </tr>
 
       <tr>
        <td>7d2929795cca282b8d51ff29d04e323e</td>
        <td>CVE-2024-7840</td>
-       <td>2024-10-09 15:15:16 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:16</td>
        <td>In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7840">详情</a></td>
       </tr>
 
       <tr>
        <td>f53bb28287e6047e747a03d247e65973</td>
        <td>CVE-2024-7294</td>
-       <td>2024-10-09 15:15:16 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:16</td>
        <td>In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7294">详情</a></td>
       </tr>
 
       <tr>
        <td>e118c55d332902b96be360221d288ebe</td>
        <td>CVE-2024-7293</td>
-       <td>2024-10-09 15:15:16 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:16</td>
        <td>In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7293">详情</a></td>
       </tr>
 
       <tr>
        <td>a527326d291d1c4543a041fe01037b2a</td>
        <td>CVE-2024-7292</td>
-       <td>2024-10-09 15:15:15 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:15</td>
        <td>In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7292">详情</a></td>
       </tr>
 
       <tr>
        <td>a3cd5d3170d5bb34afedb2701802eded</td>
        <td>CVE-2024-47673</td>
-       <td>2024-10-09 15:15:15 <img src="imgs/new.gif" /></td>
+       <td>2024-10-09 15:15:15</td>
        <td>In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING. bad state = 0 WARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] RIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] Call Trace: <TASK> iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm] iwl_mvm_config_scan+0x198/0x260 [iwlmvm] iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm] iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm] process_one_work+0x29e/0x640 worker_thread+0x2df/0x690 ? rescuer_thread+0x540/0x540 kthread+0x192/0x1e0 ? set_kthread_struct+0x90/0x90 ret_from_fork+0x22/0x30</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47673">详情</a></td>
       </tr>
@@ -2132,91 +2132,91 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       </tr>
 
       <tr>
-       <td>71d1ae770f38ebb15d3e844a37ee93c4</td>
-       <td>CVE-2024-7007</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>Positron Broadcast Signal Processor TRA7005身份认证绕过漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102684">详情</a></td>
+       <td>7aeafc0758c3593ec6f58e8fc4887499</td>
+       <td>CVE-2024-34757</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Borderless跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102769">详情</a></td>
       </tr>
 
       <tr>
-       <td>8059274cb32cd301644e18dc332f5188</td>
-       <td>CVE-2024-41672</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>DuckDB信息泄露漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102683">详情</a></td>
+       <td>97298db86b6af216d7a237f675d7abec</td>
+       <td>CVE-2022-44581</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Defender Security敏感信息存储漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102768">详情</a></td>
       </tr>
 
       <tr>
-       <td>b10fe702e5e378c1a321a963d1a64214</td>
-       <td>CVE-2024-40872</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>Absolute Secure Access权限提升漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102682">详情</a></td>
+       <td>c16a68ecae6acc5cfecb56244c15f36d</td>
+       <td>CVE-2024-3551</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress Plugin Penci Soledad Data Migrator本地文件包含漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102767">详情</a></td>
       </tr>
 
       <tr>
-       <td>73313f4f9a3d2a2ec169c961c4c0276e</td>
-       <td>CVE-2024-41666</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>Argo CD权限管理错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102681">详情</a></td>
+       <td>59127b44eba6578f6ab7660f95e3b5b9</td>
+       <td>CVE-2024-3134</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Master Addons存储型跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102766">详情</a></td>
       </tr>
 
       <tr>
-       <td>c8fc532c66d8b2f4edd1708605b73088</td>
-       <td>CVE-2024-37084</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>VMware Spring Cloud Data Flow代码注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102680">详情</a></td>
+       <td>9edb908be454e918dec8659faddb8dc1</td>
+       <td>CVE-2024-4204</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Bulk Posts Editing For WordPress存储型跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102765">详情</a></td>
       </tr>
 
       <tr>
-       <td>d6a6f261142d596aa86efd3c505b893a</td>
-       <td>CVE-2024-39671</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>Huawei EMUI和HarmonyOS访问控制错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102679">详情</a></td>
+       <td>fc3b8f30b5bc64fee45b47a4ed0156f6</td>
+       <td>CVE-2024-3609</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin ReviewX未经授权的数据删除漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102764">详情</a></td>
       </tr>
 
       <tr>
-       <td>4e9fb9a8940a70dcd1ed5f38411ca880</td>
-       <td>CVE-2024-39672</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>Huawei EMUI和HarmonyOS内存请求逻辑漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102678">详情</a></td>
+       <td>c5ae774397caa2ea5dd49faed44dfe12</td>
+       <td>CVE-2023-23700</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin OceanWP路径遍历漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102763">详情</a></td>
       </tr>
 
       <tr>
-       <td>1d65dd42b76c4ece297200c67e563570</td>
-       <td>CVE-2024-41705</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>Archer Platform跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102677">详情</a></td>
+       <td>5cdbc6c7e389a754471c4177de7250fa</td>
+       <td>CVE-2023-23645</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin MainWP Code Snippets Extension代码注入漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102762">详情</a></td>
       </tr>
 
       <tr>
-       <td>5638d6b29770d302c6a1ecadc4fcaba8</td>
-       <td>CVE-2024-6589</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>WordPress LearnPress – WordPress LMS Plugin本地文件包含漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102676">详情</a></td>
+       <td>3177adc027853fda4d87379416217047</td>
+       <td>CVE-2022-45374</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin YARPP路径遍历漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102761">详情</a></td>
       </tr>
 
       <tr>
-       <td>49d87a61bfefc95cb5e792f590d434ed</td>
-       <td>CVE-2024-39670</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>Huawei EMUI和HarmonyOS权限许可和访问控制漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102675">详情</a></td>
+       <td>6e401fc8041ebbcb508e66f561426d4f</td>
+       <td>CVE-2023-48727</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>Intel oneVPL software空指针取消引用漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102760">详情</a></td>
       </tr>
 
       <tr>
-       <td>e059a1c9c1b987b516a4a71db5310c41</td>
-       <td>CVE-2024-36537</td>
-       <td>2024-10-09 09:24:06 <img src="imgs/new.gif" /></td>
-       <td>cert-manager不安全权限漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102674">详情</a></td>
+       <td>c41e75b363a0d63008aa1111a275463f</td>
+       <td>CVE-2022-45368</td>
+       <td>2024-10-10 03:26:06 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin 1003 Mortgage Application路径遍历漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/102759">详情</a></td>
       </tr>
 
      </tbody>