diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat index 4d170329b1b..3cbd0f44cb3 100644 --- a/cache/Nsfocus.dat +++ b/cache/Nsfocus.dat @@ -174,3 +174,18 @@ f2bcb6f15ca5b3a384adad6b9b274b8f 18f091dde87340b809c8ce290fcad10d a83b3d3a05841695cca11dbd9f86f0cd eb972db5c3474f7ff75ca79911c17183 +9ea2c609df521778ee7b22e4bb5bf2ef +6ab57499e8087a7bad704e22cc1e4113 +2032e624af260a38d95703f1eb608453 +0231009bb6c4e2a20109870fd05043e5 +d3b7720c5865eec4bef51aba279c0e58 +4cc3b07cdad9e12d239dcf4ef07b6923 +3606118770080255ce2b78681707e850 +b6fea3c4d37a40ffa4728b0157a37c87 +5ea033babfbc40feaa1b998b7dc40440 +c13c36912d759a0e6e12186774d5508a +81de850f5b5eb5c6e87851211e6adec4 +981eac6dcbaf1d5f2222b39537aac104 +a44fe25de485f1164b0dee4913383f10 +c7ed7bc844865bab33e23315602ce1de +6947b25c806e2f609277ccb7d14385b3 diff --git a/data/cves.db b/data/cves.db index eb8bdca5d51..315c5f08980 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index d9f1f3acb72..5e85b739259 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -310,7 +310,7 @@

眈眈探求 | + 2024-12-07 23:15:34 WeGIA 3.2.0 before 3998672 does not verify permission to change a password. 详情 @@ -318,7 +318,7 @@

眈眈探求 | + 2024-12-07 15:15:04 IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 详情 @@ -326,7 +326,7 @@

眈眈探求 | + 2024-12-07 14:15:17 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. 详情 @@ -334,7 +334,7 @@

眈眈探求 | + 2024-12-07 13:19:14 IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. 详情 @@ -342,7 +342,7 @@

眈眈探求 | + 2024-12-07 13:15:04 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. 详情 @@ -350,7 +350,7 @@

眈眈探求 | + 2024-12-07 12:15:19 The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 详情 @@ -358,7 +358,7 @@

眈眈探求 | + 2024-12-07 12:15:19 The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 详情 @@ -366,7 +366,7 @@

眈眈探求 | + 2024-12-07 12:15:19 The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 详情 @@ -374,7 +374,7 @@

眈眈探求 | + 2024-12-07 12:15:17 The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -382,7 +382,7 @@

眈眈探求 | + 2024-12-07 10:15:06 The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 详情 @@ -390,7 +390,7 @@

眈眈探求 | + 2024-12-07 10:15:06 The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users). 详情 @@ -398,7 +398,7 @@

眈眈探求 | + 2024-12-07 10:15:05 The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 详情 @@ -406,7 +406,7 @@

眈眈探求 | + 2024-12-07 10:15:05 The TWChat – Send or receive messages from users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 详情 @@ -414,7 +414,7 @@

眈眈探求 | + 2024-12-07 10:15:05 The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 详情 @@ -422,7 +422,7 @@

眈眈探求 | + 2024-12-07 10:15:04 The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 详情 @@ -1987,6 +1987,126 @@

眈眈探求 | TITLE URL + + 9ea2c609df521778ee7b22e4bb5bf2ef + CVE-2024-35419 + 2024-12-09 09:26:38 + wac堆缓冲区溢出漏洞 + 详情 + + + + 6ab57499e8087a7bad704e22cc1e4113 + CVE-2024-35418 + 2024-12-09 09:26:38 + wac堆缓冲区溢出漏洞 + 详情 + + + + 2032e624af260a38d95703f1eb608453 + CVE-2024-35410 + 2024-12-09 09:26:38 + wac堆缓冲区溢出漏洞 + 详情 + + + + 0231009bb6c4e2a20109870fd05043e5 + CVE-2024-27528 + 2024-12-09 09:26:38 + Wasm3越界读取漏洞 + 详情 + + + + d3b7720c5865eec4bef51aba279c0e58 + CVE-2024-50809 + 2024-12-09 09:26:38 + SDCMS命令执行漏洞 + 详情 + + + + 4cc3b07cdad9e12d239dcf4ef07b6923 + CVE-2024-50808 + 2024-12-09 09:26:38 + SeaCMS代码注入漏洞 + 详情 + + + + 3606118770080255ce2b78681707e850 + CVE-2024-21994 + 2024-12-09 09:26:38 + NetApp StorageGRID拒绝服务漏洞 + 详情 + + + + b6fea3c4d37a40ffa4728b0157a37c87 + CVE-2024-51055 + 2024-12-09 09:26:38 + Hoosk跨站脚本漏洞 + 详情 + + + + 5ea033babfbc40feaa1b998b7dc40440 + CVE-2024-50810 + 2024-12-09 09:26:38 + izone跨站脚本漏洞 + 详情 + + + + c13c36912d759a0e6e12186774d5508a + CVE-2024-44765 + 2024-12-09 09:26:38 + MGT-COMMERCE CloudPanel授权错误漏洞 + 详情 + + + + 81de850f5b5eb5c6e87851211e6adec4 + CVE-2024-51152 + 2024-12-09 09:26:38 + Laravel CMS任意文件上传漏洞 + 详情 + + + + 981eac6dcbaf1d5f2222b39537aac104 + CVE-2024-51032 + 2024-12-09 09:26:38 + Toll Tax Management System跨站脚本漏洞 + 详情 + + + + a44fe25de485f1164b0dee4913383f10 + CVE-2024-51031 + 2024-12-09 09:26:38 + Cab Management System跨站脚本漏洞 + 详情 + + + + c7ed7bc844865bab33e23315602ce1de + CVE-2024-51030 + 2024-12-09 09:26:38 + Cab Management System SQL注入漏洞 + 详情 + + + + 6947b25c806e2f609277ccb7d14385b3 + CVE-2024-40240 + 2024-12-09 09:26:38 + HomeServe Home Repair访问控制错误漏洞 + 详情 + + 48b001e9c127b958ea5060e5e715c999 CVE-2024-48744 @@ -2107,126 +2227,6 @@

眈眈探求 | 详情 - - 7e0ddc2aece5d9ebb3eeede48c37ca39 - CVE-2024-6861 - 2024-12-05 09:25:10 - Foreman信息泄露漏洞 - 详情 - - - - 9ad8bd6a44684fd486e9ff6343d6e1e2 - CVE-2024-20457 - 2024-12-05 09:25:10 - Cisco Unified Communications Manager信息泄露漏洞 - 详情 - - - - 3dc6080ec48867ff49a774381c46a1b4 - CVE-2024-20476 - 2024-12-05 09:25:10 - Cisco Identity Services Engine (ISE)服务器端安全性客户端实施漏洞 - 详情 - - - - e2f1bea74f07795cd2ae4bd62bacfcc1 - CVE-2024-20484 - 2024-12-05 09:25:10 - Cisco Enterprise Chat and Email (ECE)输入验证错误漏洞 - 详情 - - - - fb388bd438794753552f2fdf68f38669 - CVE-2024-20418 - 2024-12-05 09:25:10 - Cisco Unified Industrial Wireless Software命令注入漏洞 - 详情 - - - - 8c30326d198d89e974cb296212f352aa - CVE-2024-35146 - 2024-12-05 09:25:10 - IBM Maximo Application Suite - Monitor Component跨站脚本漏洞 - 详情 - - - - 04d20843e31708318906cd2452c9dd22 - CVE-2024-20540 - 2024-12-05 09:25:10 - Cisco Unified Contact Center Management Portal跨站脚本漏洞 - 详情 - - - - fb75ac2d683bc5bb113e01b8bd9020d7 - CVE-2024-20528 - 2024-12-05 09:25:10 - Cisco Identity Services Engine (ISE)路径遍历漏洞 - 详情 - - - - 270ea47d9f30d84b2e33215dcd864130 - CVE-2024-20529 - 2024-12-05 09:25:10 - Cisco Identity Services Engine (ISE)路径遍历漏洞 - 详情 - - - - af85cd757b27d1e5e74ff121a2bfe135 - CVE-2024-20531 - 2024-12-05 09:25:10 - Cisco Identity Services Engine (ISE)服务器端请求伪造漏洞 - 详情 - - - - b1ad37494a3ffaee02cb379f3b441339 - CVE-2024-20538 - 2024-12-05 09:25:10 - Cisco Identity Services Engine (ISE)跨站脚本漏洞 - 详情 - - - - dc2a3fa3cae3187ca2cc88918775ab60 - CVE-2024-20530 - 2024-12-05 09:25:10 - Cisco Identity Services Engine (ISE)跨站脚本漏洞 - 详情 - - - - c1b57d94cf6d71bb9ef4133faf38e990 - CVE-2024-20504 - 2024-12-05 09:25:10 - Cisco AsyncOS Software跨站脚本漏洞 - 详情 - - - - 8e884e48b7fa155062d89f3a91f125dd - CVE-2024-20507 - 2024-12-05 09:25:10 - Cisco Meeting Server信息泄露漏洞 - 详情 - - - - 555caaea8e57b95df7fa3723d455acb4 - CVE-2024-20487 - 2024-12-05 09:25:10 - Cisco Identity Services Engine (ISE)跨站脚本漏洞 - 详情 - -