Updated by Github Bot

EXP-Tools · Sep 9, 2024 · e32bf38 · e32bf38
1 parent dcdaf59
commit e32bf38
Show file tree

Hide file tree

Showing 3 changed files with 142 additions and 127 deletions.
diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat
@@ -127,3 +127,18 @@ f1a7c4419c46df834b89b51536ddb615
 31ec19869cdb35e3015ab9e55de0e202
 cd5e1f01752bdad002a88c7fa658df60
 35a30cf087d7a29b1aecccad6743a6f2
+48834267f222a0c76e61277d19b79cf6
+aff91e8ce2eef6b7b3af311c0dd00b56
+b58e1bf9486c564048ea4fc08b2e1558
+b263ebf648bf73c46703b709890cd868
+496f6c6938f2e9d51181943a0c088382
+4cc032c5a6e6c4aeca2e5f4c4365afec
+d738d7c69daf6f5b92e74d68b011feb8
+c402d1296b85813a8fc1a7240f05eff2
+2f09648c354f1830e6dee16ab601e8d2
+d0777432fbc9ffe1107a68ef376463b7
+dc6be20e1d1c3310f9068634ab799028
+b579b815355a4bab9016d3445e314e2f
+2091995d72011ad88fd1c104c38be3d2
+d298a74388929b4199e4596950b2d4ed
+d34bcb865e7d75256c46d066efae19a1
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-09-08 15:23:58 -->
+<!-- RELEASE TIME : 2024-09-09 06:34:29 -->
 <html lang="zh-cn">
 
  <head>
@@ -366,47 +366,47 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>d7ef48ca2dbfd48f6ed83c1d06e3d7ef</td>
        <td>CVE-2024-8538</td>
-       <td>2024-09-07 09:15:03 <img src="imgs/new.gif" /></td>
+       <td>2024-09-07 09:15:03</td>
        <td>The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with author-level access and above, to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8538">详情</a></td>
       </tr>
 
       <tr>
        <td>576dc19669bfa90e3a7758993504cb34</td>
        <td>CVE-2024-8523</td>
-       <td>2024-09-07 09:15:02 <img src="imgs/new.gif" /></td>
+       <td>2024-09-07 09:15:02</td>
        <td>A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8523">详情</a></td>
       </tr>
 
       <tr>
        <td>5b7b55a5130f5fc21dc3e5ed81276375</td>
        <td>CVE-2024-6849</td>
-       <td>2024-09-07 09:15:01 <img src="imgs/new.gif" /></td>
+       <td>2024-09-07 09:15:01</td>
        <td>The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6849">详情</a></td>
       </tr>
 
       <tr>
        <td>46599ca7abecdf36a8d6fbb4f22e13c0</td>
        <td>CVE-2024-8521</td>
-       <td>2024-09-07 08:15:11 <img src="imgs/new.gif" /></td>
+       <td>2024-09-07 08:15:11</td>
        <td>A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8521">详情</a></td>
       </tr>
 
       <tr>
        <td>0a9a3d66d41c1dc3d87d8fcd9ef11d34</td>
        <td>CVE-2024-45498</td>
-       <td>2024-09-07 08:15:11 <img src="imgs/new.gif" /></td>
+       <td>2024-09-07 08:15:11</td>
        <td>Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45498">详情</a></td>
       </tr>
 
       <tr>
        <td>efe5b646d149e1497b3247d438943c74</td>
        <td>CVE-2024-45034</td>
-       <td>2024-09-07 08:15:11 <img src="imgs/new.gif" /></td>
+       <td>2024-09-07 08:15:11</td>
        <td>Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45034">详情</a></td>
       </tr>
@@ -1979,6 +1979,126 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>48834267f222a0c76e61277d19b79cf6</td>
+       <td>CVE-2024-4889</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>LiteLLM代码注入漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101209">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>aff91e8ce2eef6b7b3af311c0dd00b56</td>
+       <td>CVE-2024-4941</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Gradio 本地文件包含漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101208">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b58e1bf9486c564048ea4fc08b2e1558</td>
+       <td>CVE-2024-5127</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Lunary访问控制错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101207">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b263ebf648bf73c46703b709890cd868</td>
+       <td>CVE-2024-5256</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Sonos Era 100整数下溢漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101206">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>496f6c6938f2e9d51181943a0c088382</td>
+       <td>CVE-2024-5267</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Sonos Era 100越界写入漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101205">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4cc032c5a6e6c4aeca2e5f4c4365afec</td>
+       <td>CVE-2023-46694</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Vtenext身份验证绕过漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101204">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d738d7c69daf6f5b92e74d68b011feb8</td>
+       <td>CVE-2024-5268</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Sonos Era 100越界读取漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101203">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c402d1296b85813a8fc1a7240f05eff2</td>
+       <td>CVE-2024-5269</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Sonos Era 100释放后重用漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101202">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2f09648c354f1830e6dee16ab601e8d2</td>
+       <td>CVE-2023-30313</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Wavlink QUANTUM D2G会话劫持漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101201">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d0777432fbc9ffe1107a68ef376463b7</td>
+       <td>CVE-2024-28060</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Apiris Kafeo DLL劫持漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101200">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>dc6be20e1d1c3310f9068634ab799028</td>
+       <td>CVE-2024-5301</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Kofax Power PDF堆缓冲区溢出漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101199">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b579b815355a4bab9016d3445e314e2f</td>
+       <td>CVE-2024-28061</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Apiris Kafeo身份认证绕过漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101198">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2091995d72011ad88fd1c104c38be3d2</td>
+       <td>CVE-2024-5303</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Kofax Power PDF越界写入漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101197">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d298a74388929b4199e4596950b2d4ed</td>
+       <td>CVE-2024-35510</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Desdev DedeCMS任意文件上传漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101196">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d34bcb865e7d75256c46d066efae19a1</td>
+       <td>CVE-2024-5452</td>
+       <td>2024-09-09 06:32:17 <img src="imgs/new.gif" /></td>
+       <td>Pytorch-Lightning远程代码执行漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/101195">详情</a></td>
+      </tr>
+
       <tr>
        <td>0e07c6475177d5237d81c903a0a2ab89</td>
        <td>CVE-2024-20931</td>
@@ -2099,126 +2219,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/99082">详情</a></td>
       </tr>
 
-      <tr>
-       <td>0a3f5eb4456977032e8fbd62be008472</td>
-       <td>CVE-2024-1648</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Electron-PDF跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/99000">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d42b6f720ca92d70e0314d6900af9649</td>
-       <td>CVE-2024-1608</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>OPPO Usercenter Credit SDK权限提升漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98999">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e3c3696efd24652a8aa97ae91d6d7816</td>
-       <td>CVE-2024-25604</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Liferay Portal和Liferay DXP授权错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98998">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>10eacfcd215080032deabc6db047ed91</td>
-       <td>CVE-2024-25605</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Liferay Portal和Liferay DXP默认权限错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98997">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f5035417996cb21ba7de9b9002e87154</td>
-       <td>CVE-2024-25606</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Liferay Portal和Liferay DXP XML外部实体引用漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98996">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2a8e84408864730d3325e6c2189e4bf8</td>
-       <td>CVE-2023-49250</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Apache DolphinScheduler证书验证错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98995">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2e43c0859f9975222946cea9f83441b6</td>
-       <td>CVE-2023-6398</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Zyxel多款产品命令注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98994">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c9b2fc28f109ac9c4d6df74889193941</td>
-       <td>CVE-2023-6399</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Zyxel多款产品格式化字符串错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98993">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>82ee11e731034cff19796ae373b8032a</td>
-       <td>CVE-2024-25149</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Liferay Portal和Liferay DXP授权错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98992">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>430f0acce997ae1dfaadbef1ce9d1339</td>
-       <td>CVE-2024-21892</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Node.js权限提升漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98991">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6960028273b421f789f90ebb54925ba2</td>
-       <td>CVE-2023-5190</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Liferay Portal和Liferay DXP开放重定向漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98990">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5253657a28772a15b1b0cca70ad126e4</td>
-       <td>CVE-2023-6764</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Zyxel多款产品格式化字符串错误漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98989">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6d75dc6ed550f9c98e3f1340df44e2ad</td>
-       <td>CVE-2024-22019</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Node.js拒绝服务漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98988">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b1086aef4634dabb38e29fd8dd39418e</td>
-       <td>CVE-2024-25973</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>OpenOlat LMS跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98987">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d6f3c9f633c4dc8998b5f24b6bec6b1f</td>
-       <td>CVE-2023-44308</td>
-       <td>2024-07-18 09:20:36</td>
-       <td>Liferay DXP开放重定向漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/98986">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>