Updated by Github Bot

EXP-Tools · Nov 12, 2024 · ebfcf83 · ebfcf83
1 parent 47faffd
commit ebfcf83
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -182,3 +182,13 @@ e7c8868b0315c019751e52ab5c3188d0
 81e2741b7ca4447f69db8f50bcb84c12
 bde34a73cc65ce91187183bf3e72cafd
 c1cc7c21fc1a95a34b02cbfe51739a77
+473dbd90a4b9e290e0e2754be9384a2d
+b5a49b247f2c22fbf7769c911dbc002e
+8518bcf5fa499213f142594f7129e83a
+a8d9ece788cf61e1c99d8919b3538670
+a7ffad073dec8302f63460261a0ce193
+7fe2d154ba5e0533c1222568679c4057
+483b4937881255a7ed4cb0d9ffa1b95b
+b1a610e0eee4f7c1e025ffe66d55a260
+6042493c665d7b98c23ec00dcc8a8134
+06ca956cb139c4aeef742ae6a0967e15
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-11-12 03:25:55 -->
+<!-- RELEASE TIME : 2024-11-12 09:24:37 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>473dbd90a4b9e290e0e2754be9384a2d</td>
+       <td>CVE-2024-9836</td>
+       <td>2024-11-12 06:15:04 <img src="imgs/new.gif" /></td>
+       <td>The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9836">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b5a49b247f2c22fbf7769c911dbc002e</td>
+       <td>CVE-2024-9835</td>
+       <td>2024-11-12 06:15:04 <img src="imgs/new.gif" /></td>
+       <td>The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9835">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8518bcf5fa499213f142594f7129e83a</td>
+       <td>CVE-2024-9357</td>
+       <td>2024-11-12 06:15:04 <img src="imgs/new.gif" /></td>
+       <td>The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9357">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a8d9ece788cf61e1c99d8919b3538670</td>
+       <td>CVE-2024-47799</td>
+       <td>2024-11-12 06:15:04 <img src="imgs/new.gif" /></td>
+       <td>Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information of the other devices connected through the Wi-Fi.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47799">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a7ffad073dec8302f63460261a0ce193</td>
+       <td>CVE-2024-45827</td>
+       <td>2024-11-12 06:15:03 <img src="imgs/new.gif" /></td>
+       <td>Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45827">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7fe2d154ba5e0533c1222568679c4057</td>
+       <td>CVE-2024-29075</td>
+       <td>2024-11-12 06:15:03 <img src="imgs/new.gif" /></td>
+       <td>Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device .</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29075">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>483b4937881255a7ed4cb0d9ffa1b95b</td>
+       <td>CVE-2024-10790</td>
+       <td>2024-11-12 06:15:03 <img src="imgs/new.gif" /></td>
+       <td>The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This feature must be enabled, and for specific roles in order to be exploitable.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10790">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b1a610e0eee4f7c1e025ffe66d55a260</td>
+       <td>CVE-2024-49560</td>
+       <td>2024-11-12 04:15:06 <img src="imgs/new.gif" /></td>
+       <td>Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-49560">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6042493c665d7b98c23ec00dcc8a8134</td>
+       <td>CVE-2024-49558</td>
+       <td>2024-11-12 04:15:06 <img src="imgs/new.gif" /></td>
+       <td>Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-49558">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>06ca956cb139c4aeef742ae6a0967e15</td>
+       <td>CVE-2024-49557</td>
+       <td>2024-11-12 04:15:06 <img src="imgs/new.gif" /></td>
+       <td>Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-49557">详情</a></td>
+      </tr>
+
       <tr>
        <td>f9c3092a49384041131c900a3b0ce829</td>
        <td>CVE-2024-52358</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51580">详情</a></td>
       </tr>
 
-      <tr>
-       <td>8acae6675b2cd95a5ab08aa2a45e6efa</td>
-       <td>CVE-2024-51668</td>
-       <td>2024-11-09 14:15:18</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Stored XSS.This issue affects MyCurator Content Curation: from n/a through 3.78.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51668">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>01a18ae828c51cfa6e05ccf9d37bd6ff</td>
-       <td>CVE-2024-51664</td>
-       <td>2024-11-09 14:15:18</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.25.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51664">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a89524063ca3b41c880ff4f2f9d09b62</td>
-       <td>CVE-2024-51663</td>
-       <td>2024-11-09 14:15:17</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bricksable Bricksable for Bricks Builder allows Stored XSS.This issue affects Bricksable for Bricks Builder: from n/a through 1.6.59.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51663">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>60a90e99a537b98120e1f5ab9610e6e8</td>
-       <td>CVE-2024-51662</td>
-       <td>2024-11-09 14:15:17</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.6.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51662">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>06db9891eee9dd23bbbd82c6db567680</td>
-       <td>CVE-2024-51647</td>
-       <td>2024-11-09 14:15:17</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51647">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>de738c57d6c8fcf4fb8f60f1268828f4</td>
-       <td>CVE-2024-51630</td>
-       <td>2024-11-09 14:15:17</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51630">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c6194bae065b996647f147c162a38fb7</td>
-       <td>CVE-2024-51629</td>
-       <td>2024-11-09 14:15:16</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MetricThemes Header Footer Composer for Elementor allows DOM-Based XSS.This issue affects Header Footer Composer for Elementor: from n/a through 1.0.4.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51629">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>59dd43a4cb2d1bda0017821f878a41c6</td>
-       <td>CVE-2024-51628</td>
-       <td>2024-11-09 14:15:16</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EzyOnlineBookings EzyOnlineBookings Online Booking System Widget allows DOM-Based XSS.This issue affects EzyOnlineBookings Online Booking System Widget: from n/a through 1.3.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51628">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a3e31e3b9e87bc6b56ff361c4b1016bc</td>
-       <td>CVE-2024-51627</td>
-       <td>2024-11-09 14:15:16</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kaedinger Audio Comparison Lite audio-comparison-lite allows Stored XSS.This issue affects Audio Comparison Lite: from n/a through 3.4.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51627">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d20e5030155fed12656c82a4a1a7d386</td>
-       <td>CVE-2024-51623</td>
-       <td>2024-11-09 14:15:16</td>
-       <td>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mehrdad Farahani WP EIS allows SQL Injection.This issue affects WP EIS: from n/a through 1.3.3.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51623">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>