From b72de6c6ef5fa783fbe24ac250d7e8f8871879c7 Mon Sep 17 00:00:00 2001
From: Github-Bot <github-bot@example.com>
Date: Fri, 26 Jan 2024 07:20:42 +0000
Subject: [PATCH] Updated by Github Bot

---
 cache/Nsfocus.dat |  15 +++
 data/cves.db      | Bin 45776896 -> 45776896 bytes
 docs/index.html   | 278 +++++++++++++++++++++++-----------------------
 3 files changed, 154 insertions(+), 139 deletions(-)

diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat
index 49e51062674..b7f0d0f936b 100644
--- a/cache/Nsfocus.dat
+++ b/cache/Nsfocus.dat
@@ -190,3 +190,18 @@ d6cdd3c8929c506d158596250d3a440f
 705978c3bcca7a46b5c69c7b76c93466
 e61b9f8e88ef92fd7400b52ea84ab6d8
 91d0d3c16eefd006e0c90c6a7f0ae095
+52852946a92e688f7b707e239a023fdc
+cc53f4838dfd9f68426be7c5bf11084b
+60779caad34773931980277ce55d20f8
+0dc41e5131f5f16529789a22a814b131
+4f245bf85edb8636836d8c79aac53734
+2647b0eaf2f230bb2ac47d5ec09f43ce
+e9cc1ac054dd026f2305c1f6c37eae72
+41b9abdded76c53acbc886b3f4fd088b
+620f30c0c1d5d76ea3d194f4a561e30f
+324c55a393f1e02bdfdcf53c7f4f087f
+adaecdd75ecbc424bb8c76b2f30116a1
+2d05c4194b77f6c011248c9bf5634e85
+fbadcc774db2027cf050a6f5244df40a
+b67958f0959d4aaa35b7341454ac0320
+12f7d32c221575531f4ee955849cfab3
diff --git a/data/cves.db b/data/cves.db
index 6f71e4217b9ae9744cac75bbbcc2af8a49434fa9..0b0edbc3a23851f95fa7feb220ac137932684b31 100644
GIT binary patch
delta 4105
zcmajfcaRk276tIP!!9`~K>?8^$A!*4jffxug5)SFa=LqZWJ#;Am@qKHQBgrq6m^vW
zMN~vZMF|GX5p&L24489%XLye)U3|VjepOR5Rrh@N&i%gm^FL`eUzWBi+O%xH0Y#f~
zAc}|-QG+NZN{E_7EuuD2hp0=`BkB_kh=xQXqA{@-u{Y6#Xi79AniKmF`w}gPmP9LJ
zKcY3UKhcILCE610i1tJWq9f6X=uC7Wx)R-p?nDowjOa=9A`HSLEW#!n!X-SyC(=Yf
z^d=4<`Va>aeTjpJenfxbU}6Aq2r-ZtL<}YlC58|~iNlCt#BgE+F_IWXj3&kqV~KIZ
zcwz!EkvN=~L>xgJNgPE?CXObi5SmX&L_|zvh=j-z#}HGAa$*`WotQz)BxVs6#IeM2
z#B5>?QAx}tjwenaP9#nuPA29Nrx2$SrxB+U^NAdB2C;xxNRT*_IEy%&SVWvdoJ*WX
zEGCu^=MzhbWyA%<g~W2=BI06V1#t;+DRCK5MO;o?L98V5#42JnaV2pTv4*&sSW8?(
zTuWR>tRt=`))O}nHxf4y8;F~UTZmhUjl^xl?ZhTxGqHu(O58!*N!&%;O>86XA?_va
zBkm_2ARZ(hA|56lAs!_jBOWKV6HgFN5>F9N6VDLO63-FO6E6@i5-$-i6R!}j60Z@j
z6K@c25^oW26Ymi367Lc36CV&C5<7^Gh>wX+h);=~#An3k#23Vu#8<@E#5csZ#COE^
z#1F)e#81S}#4p6J#Bap!#2<@Lv=~K_k{VJhB~nvrNo}bkb)}xvmj=>M8cAc>OZJu~
z(o~vBbJ<7sl@`)cTFHLWTK1PVQYvkwowSz@(os4|XXzqcrJHn@9#SSfrI#3DiY2x<
z;)*A}q$QBva)9)a1EsGVB>kkn94rIm5E&?gWUw46Lu9BNCc|X7jF6EsN=C~V87t#t
zyiAaZa=1*ABjiXqN+!$EGDQmW4<(XVGLlGEj*+QSF4JVX%#fKfODg18IZkHF9I2GK
za=e@%C(223vdoiH<WxCLPM7(TlQU$2EELL_a+aJei{u<RSI(2gvP908rLs&ekPBtG
zTqGCE3b{lsmCK|`E|)80rQ~Imtd=X~Dp?~}%UZccu9fR#om?;L<p#M?Zjudhv)m%L
z%0{_OZkJ86S+>YlxkK)hyX0=!Cilp_a-ZBU56FY^kUT7p$fNR@JTBYi33*bUlBeYv
zc~+j2=j8=?QC^al<rR5VUX$154S7@ElDFj@c~{<(_vHimP<F^i^09m(pUO`8Og@({
z<V*QVzLsy~Tlr4DmmlOu`AL43U*uQ$O@5a@iWVWI>n|y(A;nT6HKmr+mO4^b>PdZR
zAPuFFG?u+&Z)qY;rI|FBePmy0AuXkq>?f^de`zD7(pK6@d+8t@rIU1)F49%HNq6ZX
zWzti6i6N#~Vv8fLc;ZW10_iOWNFO;+`pQAlPx{NjGC&TIfig%2%b_wvhRR_wOoqz{
z87ZS=w2YClGET<J1eqv@%Op8Mj+CQhvK%c_q%i+bB8ep<iDcy%nJVQnO{U8XnJKfR
zLXMT=WVXzaN|`Ii%L#I#oFpg9JUK;9mDA*OnJ+mxLl($Fp`0ma$=R|<&XIHFJXtJD
z<a}8w%j5#NP?pO@a<QzCOXO0yOseE^xk6S-URKF!xl*o@HFCAAm22c$xlY!}^|D@W
zkQ?PD*&sK|Epn@Dl-uNX*(94~OX@CcO|7Zu)-)CUt5NHQZi5l^7uH)<ucYp@I@{}%
z)m~ETi&}kaE-(3|WLEL^;-JRb8pWF$8?QU5{<+qyvT6@+(KWUkj5V#SpRujjvP{=^
zUE9n$NfNkj+6m%p7}-1S*tVl8KVZVZGRv^+GAC_&!OG9VRL}ZOnPHY$Ua8^tHdnOW
z*}dJMz%bHIp}M)ddgS?mo6Z`68)Td?3~e{^ZO3$6CyWi-GWMu$dFg+u?&cb@$|zJH
zsIzCIFcZhV?_?q!&X2Q(YlL3bwHzmtb&Rljb=R`&e4pYjsW$n3BetY!)~tSbuTZ|%
z?($Z~aAU^|oXGdHUTm1A<)q^v%DSHIBx$#LdE0lL|5d(MVK#nYHa&OGCd`CMoXPlZ
z5=XIPIZ>33eJ`@IwvzH~A6cJjQp50#{2x2RRIfd!J*rSKovY2NvO>i`^RO)^cHPhp
z?5vp>R+PzR;;d`Oe%8q<JzMR-wrlwA@UXHnnLV>&PG#PlzA@Fb)}Q~;T^T{HDXV%E
zGDa)IvkV<DHexg5W_&LR?TjXrbwbxO6Wges;rMCqPZ=x1l|`-c@HVGP{t`4v%>+iS
zBdfYAsPkL}Ic5}uQ6`fpC3fvlLrSN;$W|{IH6B%K#<Pt;T_khL=FF@t-SsJx#1)zR
z>IGd>?eqQA+g~H2LZq4N!K!X`6qzehW)j4)sm*kqOvbRhtYvEhO#Sz^pM;5T?V0I}
zOX67-rOx2eQ5CZ*!)QiQI<b6EdFi+@rkP&RzgEMxe-m98YhdMCvZ`xgtdo^&d5#|$
zNtm??p;2UovEyg78b*+H>^P~G>;$%DO)RgRIyQ;t&Q9{9%{bLIpWjezsdok0g`h6G
zgPg48xKTFkCYdPh*`DrmMtc{8p@yux`8Pr4{|_2j=*TGqb>1ChWOR2D*VK#RW=+qv
z0zVyumKCN=C(^fj2AS5V*-2bJr@Ug;it>e1+WpO*3@hZgxfZPIRM?Zk<UGUogE$N`
zw&VL+eKSbwE%4*Sbu-%4bhR8$zYQyo#tj)XD4(lziaP9hv(kkSFV~z^9ShBjS4gbk
zWcBu?b)|x=mv$^KO8i)ZG)=vE|6RuX&}Y`AO7lNYYLRNT=L@r|tY0YGVRu>AN^35T
r7Y0`1rPEnI@(n++>>$)ztIPYJv*$;C`VVDG3a3qPTQzTM3dR2hJ<^=Y

delta 2590
zcmWmD^Pdm~0EY41<*v)NZQHhuH{14I^;VZ{T)u4Ec3a%m!j?UR;n@%0f8hCio{*3i
zi9#?VML@*NlobLZLS+S5fmS3dvK7UOYDKf6TQRJdR*)6T3btZfajdvjJS)DHz)EN(
zvJzWKtfW>lE4h`zN@=CCQd?=Pv{pJRy_LbrXl1f8TUo5ERyHfUmBY$u<+5^Hd91uv
zJ}bXfz$$1JvI<*8tfE#itGHFdDruFnN?T>DvQ{~(yj8)fXjQT*TUD&8RyC`-Rl}-j
z)v{_^b*#EpJ*&Rez-nkUvKm`Wtfp2otGU&}YH78yT3c-_`n0v$S?#S3R!6Io)!FJ|
zb+x)#-K`#0Ppg;J+v;QWwfb58tpV0RYmhbA8e$E#hFQa{5!Og+lr`E4u|lme)>vzt
zWox`O!J24=S(B{E))Z^1HO-oC&9G)#v#i<H9BZyM&zf&7uoha2ti{$6YpJ!&T5g3~
zE3B2)Dr>d1##(Ewvm&hZ)&^^%waMCSZLzjm+pO)@4r`~i%i3-2vG!W~to_yj>!5YW
zI&2-Wj#|g8<JJl5q;<+VZJn{sTIa0u)&=XLb;-JHU9qlO*R1Q-4eO?L%lh8>!MbhT
zvF=*;tozmj>qqM+>u2ks^^5h$dTc$ho?5?Jzgf?$=hh4BrS-~sZN0JHTJNm))(7jO
z^~w6(`osFu`pf!keX+h;->ko_f2@DQ6fji*2t*`AMifLvG(<-X#6%EcAsDd{2XPS(
z@sR)tkqC*A1WAz$$&msnkqW7i25FHF>5%~$kqMcR1zC{|*^vV|kqfzz2YHbX`B4A`
zQ3!=m1VvE{#Zdw!Q3|C|24ztW<xv3@Q3;h%1yxZE)lmaAQ46(E2X#>o_0a$g(Fl#v
z1WnNl&Cvoa(F(262LJbOi*{&_4(NzZ=!`Dtif-tR9_Wc)=#4(;i+<>j0T_ru7>pqp
zieVUz5g3V47>y8wVhqM&9E|apfQbmhBuvH>OvN-z#|+HGEX>9n%*8y+#{w+GA}q!d
zEX6V`M>tksC01cI)?h8xAp+~M0UNOio3RC3u?^d?13R$`yRip*u@C!k00(ghhj9c)
zaSX?C0w-|_r*Q^naSrEk0T*!zmvIGGaShjT12=IC-{S||#vR<nJ>16w{D`0MGalj>
zJi=o<!BhN--|!62@d7XL3a{}7Z}ATA@c|$43BThH{E5Ht8DH=f-|#p7!M_1v3S@r-
zA`&7a3Zfz!q9X=kA_%b%jM#{SxQK`NNPvV$gv3aKq)3M3NP(0{h15ucv`B~a$bgK<
zgv`i-tjLD!$bp>5h1|%4yvT?AD1d?}gu*C-q9}&qD1nkFh0-X4vM7i0sDO&7gvzLb
zs;GwQsDYZOh1#ftx~PZxXn=-jgvMxsrf7!dXn~e!h1O_;|NFN^JG4g!bVMg~Mi+EN
zH*`l2^h7W8Mj!M=KlH}{48$M|#t;m}Fbu~CjKnC6MhHSN24gV}#&}G?M1)}yCSwYw
zVj8An24-RwW@8TKVjkvW0TyBr7GnvPVi}er94oLAtFRhtuomkOf%Vvcjo5_E*n+Lt
zhV9sao!Eul*n_>;hy8(vbs%tc@8Bpw;orqc6}wPy?O5Z2j>da<C184_t!a;K3W$C*
KeE5MtMg9*q6W2um

diff --git a/docs/index.html b/docs/index.html
index 739c231c74e..324b6290687 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-01-25 23:23:41 -->
+<!-- RELEASE TIME : 2024-01-26 07:20:41 -->
 <html lang="zh-cn">
 
  <head>
@@ -382,7 +382,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>54ce4d49206683566cecf16fccceeabe</td>
        <td>CVE-2024-22751</td>
-       <td>2024-01-24 21:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 21:15:08</td>
        <td>D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22751">详情</a></td>
       </tr>
@@ -390,7 +390,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>35fe7ab84a4556fd9ea138cdf540f2d7</td>
        <td>CVE-2023-24676</td>
-       <td>2024-01-24 21:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 21:15:08</td>
        <td>An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-24676">详情</a></td>
       </tr>
@@ -398,7 +398,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>e2ea9934463c4dd4a080439f00e09816</td>
        <td>CVE-2024-23646</td>
-       <td>2024-01-24 20:15:53 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 20:15:53</td>
        <td>Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23646">详情</a></td>
       </tr>
@@ -406,7 +406,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>8f0838c894d16bdab7ab5186c61ed1b7</td>
        <td>CVE-2024-23644</td>
-       <td>2024-01-24 20:15:53 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 20:15:53</td>
        <td>Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23644">详情</a></td>
       </tr>
@@ -414,7 +414,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>09f3e24f4a47f04d3815bfed54cce339</td>
        <td>CVE-2021-43584</td>
-       <td>2024-01-24 20:15:53 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 20:15:53</td>
        <td>DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-43584">详情</a></td>
       </tr>
@@ -422,7 +422,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>2be8113ee1672ade534c59feba340760</td>
        <td>CVE-2024-23641</td>
-       <td>2024-01-24 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 17:15:08</td>
        <td>SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23641">详情</a></td>
       </tr>
@@ -430,7 +430,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>dae41577d091e9c01c7fe4cabe1e5c4b</td>
        <td>CVE-2024-22229</td>
-       <td>2024-01-24 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 17:15:08</td>
        <td>Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22229">详情</a></td>
       </tr>
@@ -438,7 +438,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>b3fc7c4f78ad4ae70c09647463c0fd45</td>
        <td>CVE-2023-51887</td>
-       <td>2024-01-24 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 17:15:08</td>
        <td>Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-51887">详情</a></td>
       </tr>
@@ -446,7 +446,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>f59b6f6b0b75ae679d05e51090cf337b</td>
        <td>CVE-2023-51886</td>
-       <td>2024-01-24 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 17:15:08</td>
        <td>Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-51886">详情</a></td>
       </tr>
@@ -454,7 +454,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>77febc2ed7c0012ceef9c6bc4b68fa90</td>
        <td>CVE-2023-51885</td>
-       <td>2024-01-24 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 17:15:08</td>
        <td>Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-51885">详情</a></td>
       </tr>
@@ -462,7 +462,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>9f21d3a89b1c141a14f42961d29dbdec</td>
        <td>CVE-2024-22725</td>
-       <td>2024-01-24 16:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 16:15:08</td>
        <td>Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22725">详情</a></td>
       </tr>
@@ -470,7 +470,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>d375f9598bcfe78caf8a2126fc11dc4c</td>
        <td>CVE-2024-22651</td>
-       <td>2024-01-24 16:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 16:15:08</td>
        <td>There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22651">详情</a></td>
       </tr>
@@ -478,7 +478,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>54b4695615e84a912f868a33ca73f8b6</td>
        <td>CVE-2023-44281</td>
-       <td>2024-01-24 16:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 16:15:08</td>
        <td>Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-44281">详情</a></td>
       </tr>
@@ -486,7 +486,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>f734e1af17669dbd58eeceeec5364ef1</td>
        <td>CVE-2024-22141</td>
-       <td>2024-01-24 15:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 15:15:08</td>
        <td>Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22141">详情</a></td>
       </tr>
@@ -494,7 +494,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>558266f91ed8e4fee6d5fd8c5d73ecae</td>
        <td>CVE-2023-6697</td>
-       <td>2024-01-24 14:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 14:15:08</td>
        <td>The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6697">详情</a></td>
       </tr>
@@ -502,7 +502,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>c496ed1cc4bb1cae3665fd123b01848d</td>
        <td>CVE-2022-4964</td>
-       <td>2024-01-24 01:15:07 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 01:15:07</td>
        <td>Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-4964">详情</a></td>
       </tr>
@@ -510,7 +510,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>b5295fdc49a1caf40f021bd92d53f336</td>
        <td>CVE-2024-23638</td>
-       <td>2024-01-24 00:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 00:15:08</td>
        <td>Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23638">详情</a></td>
       </tr>
@@ -518,7 +518,7 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>22c26d9ac7a729edc05e6c41ad7b21ab</td>
        <td>CVE-2024-23633</td>
-       <td>2024-01-24 00:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-01-24 00:15:08</td>
        <td>Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. `data_import/uploader.py` lines 125C5 through 146 showed that if a URL passed the server side request forgery verification checks, the contents of the file would be downloaded using the filename in the URL. The downloaded file path could then be retrieved by sending a request to `/api/projects/{project_id}/file-uploads?ids=[{download_id}]` where `{project_id}` was the ID of the project and `{download_id}` was the ID of the downloaded file. Once the downloaded file path was retrieved by the previous API endpoint, `data_import/api.py`lines 595C1 through 616C62 demonstrated that the `Content-Type` of the response was determined by the file extension, since `mimetypes.guess_type` guesses the `Content-Type` based on the file extension. Since the `Content-Type` was determined by the file extension of the downloaded file, an attacker could import in a `.html` file that would execute JavaScript when visited. Version 1.10.1 contains a patch for this issue. Other remediation strategies are also available. For all user provided files that are downloaded by Label Studio, set the `Content-Security-Policy: sandbox;` response header when viewed on the site. The `sandbox` directive restricts a page's actions to prevent popups, execution of plugins and scripts and enforces a `same-origin` policy. Alternatively, restrict the allowed file extensions that may be downloaded.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23633">详情</a></td>
       </tr>
@@ -1971,6 +1971,126 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>52852946a92e688f7b707e239a023fdc</td>
+       <td>CVE-2023-48707</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>CodeIgniter Shield信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90098">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>cc53f4838dfd9f68426be7c5bf11084b</td>
+       <td>CVE-2023-48708</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>CodeIgniter Shield信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90097">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>60779caad34773931980277ce55d20f8</td>
+       <td>CVE-2023-6277</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>LibTIFF不受控制的资源消耗漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90096">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>0dc41e5131f5f16529789a22a814b131</td>
+       <td>CVE-2023-49312</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>Precision Bridge证书验证错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90095">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4f245bf85edb8636836d8c79aac53734</td>
+       <td>CVE-2023-49321</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>WithSecure多款产品拒绝服务漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90094">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2647b0eaf2f230bb2ac47d5ec09f43ce</td>
+       <td>CVE-2023-49322</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>WithSecure多款产品拒绝服务漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90093">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>e9cc1ac054dd026f2305c1f6c37eae72</td>
+       <td>CVE-2023-6304</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>Tecno 4G Portable WiFi TR118操作系统命令注入漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90092">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>41b9abdded76c53acbc886b3f4fd088b</td>
+       <td>CVE-2023-6309</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>moses-smt mosesdecoder操作系统命令注入漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90091">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>620f30c0c1d5d76ea3d194f4a561e30f</td>
+       <td>CVE-2023-47865</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>Mattermost访问控制错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90090">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>324c55a393f1e02bdfdcf53c7f4f087f</td>
+       <td>CVE-2023-35075</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>Mattermost注入漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90089">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>adaecdd75ecbc424bb8c76b2f30116a1</td>
+       <td>CVE-2023-40703</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>Mattermost不受控制的资源消耗漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90088">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2d05c4194b77f6c011248c9bf5634e85</td>
+       <td>CVE-2023-43754</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>Mattermost信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90087">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fbadcc774db2027cf050a6f5244df40a</td>
+       <td>CVE-2023-45223</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>Mattermost信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90086">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b67958f0959d4aaa35b7341454ac0320</td>
+       <td>CVE-2023-48268</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>Mattermost不受控制的资源消耗漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90085">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>12f7d32c221575531f4ee955849cfab3</td>
+       <td>CVE-2023-48369</td>
+       <td>2024-01-26 07:18:27 <img src="imgs/new.gif" /></td>
+       <td>Mattermost不受控制的资源消耗漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90084">详情</a></td>
+      </tr>
+
       <tr>
        <td>94d75576bdc644f0c6c296831d047f30</td>
        <td>CVE-2023-5325</td>
@@ -2091,126 +2211,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/90038">详情</a></td>
       </tr>
 
-      <tr>
-       <td>de4de870b7b82fe499e7dcbd9fc1b976</td>
-       <td>CVE-2022-41678</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Apache ActiveMQ任意代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89991">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>35eddd06295579759784c8badd5e59f2</td>
-       <td>CVE-2023-49062</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Meta Katran初始化错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89990">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9e3df88c509bf9aedaac096ed6428110</td>
-       <td>CVE-2023-41264</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Netwrix UserCube身份认证错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89989">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1926d32b40d069c4ffcf334af9d99e1b</td>
-       <td>CVE-2023-42502</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Apache Superset开放重定向漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89988">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>322b33671b833529be379431cea496cd</td>
-       <td>CVE-2023-42505</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Apache Superset信息泄露漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89987">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>afcfc826ab2961d93579e6a15b7897d6</td>
-       <td>CVE-2023-45286</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Resty竞争条件漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89986">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>33fbca2d4ec579378a10465db6449eae</td>
-       <td>CVE-2023-48848</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>UReport任意文件读取漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89985">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a225239aa9d753d9d2eeec05ce1ac326</td>
-       <td>CVE-2023-48121</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Ezviz CS Series多款产品身份认证绕过漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89984">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4bded4d5d07efb084f212d4ddb16ccc4</td>
-       <td>CVE-2023-42504</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Apache Superset拒绝服务漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89983">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>65a308236d4629ec7685bc50cc6b168d</td>
-       <td>CVE-2023-29061</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>BD FACSChorus身份认证错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89982">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3de9d246d26618fa7e8fa192355e43ab</td>
-       <td>CVE-2023-45539</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>HAProxy信息泄露漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89981">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>54b6359c792232e1d847afccb32960d4</td>
-       <td>CVE-2023-30588</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Node.js拒绝服务漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89980">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>12936ad6880cdc838c72b28c288a2e08</td>
-       <td>CVE-2023-29060</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>BD FACSChorus身份认证错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89979">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c1bfb2683743ab62c4c72d9de8604f68</td>
-       <td>CVE-2023-49652</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Jenkins Google Compute Engine Plugin授权错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89978">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>927c52393dacb55c62f72c4a935bea17</td>
-       <td>CVE-2023-40626</td>
-       <td>2024-01-24 08:27:25 <img src="imgs/new.gif" /></td>
-       <td>Joomla CMS信息泄露漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/89977">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>