diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 1fdfe56f0d2..5bf20df8aa2 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -182,3 +182,13 @@ e7c8868b0315c019751e52ab5c3188d0 81e2741b7ca4447f69db8f50bcb84c12 bde34a73cc65ce91187183bf3e72cafd c1cc7c21fc1a95a34b02cbfe51739a77 +473dbd90a4b9e290e0e2754be9384a2d +b5a49b247f2c22fbf7769c911dbc002e +8518bcf5fa499213f142594f7129e83a +a8d9ece788cf61e1c99d8919b3538670 +a7ffad073dec8302f63460261a0ce193 +7fe2d154ba5e0533c1222568679c4057 +483b4937881255a7ed4cb0d9ffa1b95b +b1a610e0eee4f7c1e025ffe66d55a260 +6042493c665d7b98c23ec00dcc8a8134 +06ca956cb139c4aeef742ae6a0967e15 diff --git a/data/cves.db b/data/cves.db index fb648c02f4a..7655ad4b884 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 3b7bf3b3a84..4f401ad382f 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 473dbd90a4b9e290e0e2754be9384a2d + CVE-2024-9836 + 2024-11-12 06:15:04 + The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + 详情 + + + + b5a49b247f2c22fbf7769c911dbc002e + CVE-2024-9835 + 2024-11-12 06:15:04 + The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers + 详情 + + + + 8518bcf5fa499213f142594f7129e83a + CVE-2024-9357 + 2024-11-12 06:15:04 + The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + 详情 + + + + a8d9ece788cf61e1c99d8919b3538670 + CVE-2024-47799 + 2024-11-12 06:15:04 + Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information of the other devices connected through the Wi-Fi. + 详情 + + + + a7ffad073dec8302f63460261a0ce193 + CVE-2024-45827 + 2024-11-12 06:15:03 + Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command. + 详情 + + + + 7fe2d154ba5e0533c1222568679c4057 + CVE-2024-29075 + 2024-11-12 06:15:03 + Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device . + 详情 + + + + 483b4937881255a7ed4cb0d9ffa1b95b + CVE-2024-10790 + 2024-11-12 06:15:03 + The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This feature must be enabled, and for specific roles in order to be exploitable. + 详情 + + + + b1a610e0eee4f7c1e025ffe66d55a260 + CVE-2024-49560 + 2024-11-12 04:15:06 + Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. + 详情 + + + + 6042493c665d7b98c23ec00dcc8a8134 + CVE-2024-49558 + 2024-11-12 04:15:06 + Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. + 详情 + + + + 06ca956cb139c4aeef742ae6a0967e15 + CVE-2024-49557 + 2024-11-12 04:15:06 + Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. + 详情 + + f9c3092a49384041131c900a3b0ce829 CVE-2024-52358 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 8acae6675b2cd95a5ab08aa2a45e6efa - CVE-2024-51668 - 2024-11-09 14:15:18 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Stored XSS.This issue affects MyCurator Content Curation: from n/a through 3.78. - 详情 - - - - 01a18ae828c51cfa6e05ccf9d37bd6ff - CVE-2024-51664 - 2024-11-09 14:15:18 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.25. - 详情 - - - - a89524063ca3b41c880ff4f2f9d09b62 - CVE-2024-51663 - 2024-11-09 14:15:17 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bricksable Bricksable for Bricks Builder allows Stored XSS.This issue affects Bricksable for Bricks Builder: from n/a through 1.6.59. - 详情 - - - - 60a90e99a537b98120e1f5ab9610e6e8 - CVE-2024-51662 - 2024-11-09 14:15:17 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.6. - 详情 - - - - 06db9891eee9dd23bbbd82c6db567680 - CVE-2024-51647 - 2024-11-09 14:15:17 - Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25. - 详情 - - - - de738c57d6c8fcf4fb8f60f1268828f4 - CVE-2024-51630 - 2024-11-09 14:15:17 - Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1. - 详情 - - - - c6194bae065b996647f147c162a38fb7 - CVE-2024-51629 - 2024-11-09 14:15:16 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MetricThemes Header Footer Composer for Elementor allows DOM-Based XSS.This issue affects Header Footer Composer for Elementor: from n/a through 1.0.4. - 详情 - - - - 59dd43a4cb2d1bda0017821f878a41c6 - CVE-2024-51628 - 2024-11-09 14:15:16 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EzyOnlineBookings EzyOnlineBookings Online Booking System Widget allows DOM-Based XSS.This issue affects EzyOnlineBookings Online Booking System Widget: from n/a through 1.3. - 详情 - - - - a3e31e3b9e87bc6b56ff361c4b1016bc - CVE-2024-51627 - 2024-11-09 14:15:16 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kaedinger Audio Comparison Lite audio-comparison-lite allows Stored XSS.This issue affects Audio Comparison Lite: from n/a through 3.4. - 详情 - - - - d20e5030155fed12656c82a4a1a7d386 - CVE-2024-51623 - 2024-11-09 14:15:16 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mehrdad Farahani WP EIS allows SQL Injection.This issue affects WP EIS: from n/a through 1.3.3. - 详情 - -