diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat index 2dd46037ccb..8b48364986d 100644 --- a/cache/Nsfocus.dat +++ b/cache/Nsfocus.dat @@ -183,3 +183,18 @@ e41e6a81b63f4dc08dd965c073cb39d0 31d12bd64f7ba23c1031994fb50c420e b5ab393eadb03a6777e13da8d9317878 fb1453820f896c78166f2b62dd1e4356 +d3b4fd9837f6546b2bfa1ca69f70cddf +0b63c3233a88e2d0f547c88851976488 +11a8fa8b1b394c760afdf06ef93e95b1 +674946d649f569456ad5d9534ebbbd7e +dd598f14fe27b697edb169005b5605c2 +6bbe2569f99dad5ae16bbe04994e8ccd +c098474ff2a726654e0b381912000f33 +4f17061e95e94da0d17dc36fb3a4f9f4 +b69683ab568e9e583cfcb9b2a27558b2 +d89152a91aa10d137715707aa8ed8fcc +cb8f03ae777d46210d78720dac4a2c93 +d6da9d75e6d1892cb3f72a2eb7151eec +f2cc3a92223f427c69539de22a09c6ed +3c85c27095449cd103ce5382b9452cbc +a8e205e0f50a82bf3c0949ca74e46795 diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 66053d62765..6ed65926a62 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -132,3 +132,13 @@ d9695d1d87eda1178e0471a00551c451 b1b9a644388df6faac1056112348b5c3 ff40b24a628cf6c9dfba323cd6ad9113 83f92f9a231d6605dcfb8ae470bc73f2 +2d9be68420cba2948c175e712a063298 +c75f9c10b0188bbe784303346f82c4ad +790ea72696b2e509d34b4cd85ddd8380 +5667d789165fae694b80032a973dbe17 +365082e158b0768c01c20d1227bbbbd1 +7ee3bc3ab6d06c7967175aecc59cf4bb +a6c271677f8b5c4d62dcb2e8082098de +f0ea29e053227cf62051a1a5725afc5d +3b27ca14bad075026017b1c9b37ba3a7 +6cbdf5d08ee14f65dcf9ef372bada2a5 diff --git a/data/cves.db b/data/cves.db index 383b6badfa6..c8ac5f98373 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index c75e28cdb93..62305db075b 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 2d9be68420cba2948c175e712a063298 + CVE-2024-2913 + 2024-05-07 00:15:08 + A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. + 详情 + + + + c75f9c10b0188bbe784303346f82c4ad + CVE-2024-29941 + 2024-05-06 23:15:06 + Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption. + 详情 + + + + 790ea72696b2e509d34b4cd85ddd8380 + CVE-2024-30973 + 2024-05-06 22:15:08 + An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. + 详情 + + + + 5667d789165fae694b80032a973dbe17 + CVE-2024-34534 + 2024-05-06 21:15:48 + A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. + 详情 + + + + 365082e158b0768c01c20d1227bbbbd1 + CVE-2024-34533 + 2024-05-06 21:15:48 + A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. + 详情 + + + + 7ee3bc3ab6d06c7967175aecc59cf4bb + CVE-2024-34532 + 2024-05-06 21:15:48 + A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. + 详情 + + + + a6c271677f8b5c4d62dcb2e8082098de + CVE-2024-34413 + 2024-05-06 21:15:48 + Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10. + 详情 + + + + f0ea29e053227cf62051a1a5725afc5d + CVE-2024-28725 + 2024-05-06 21:15:48 + Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. + 详情 + + + + 3b27ca14bad075026017b1c9b37ba3a7 + CVE-2024-1695 + 2024-05-06 21:15:48 + A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. + 详情 + + + + 6cbdf5d08ee14f65dcf9ef372bada2a5 + CVE-2023-33548 + 2024-05-06 21:15:48 + Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field. + 详情 + + a17cc9c6a507e5918bd1cbcd0f975cfd CVE-2024-4519 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - fc1a27f16e5f43377c29cad78c94340b - CVE-2024-3240 - 2024-05-04 04:15:08 - The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. - 详情 - - - - a5e5f8850dde5cf63e891e107928126e - CVE-2024-3237 - 2024-05-04 04:15:08 - The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true. - 详情 - - - - bfb568cd314c4d8f23dd34cc6488ad4e - CVE-2024-3868 - 2024-05-04 03:15:07 - The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 76d9f0294bfd30d96aeab78ff0845310 - CVE-2024-34455 - 2024-05-03 19:15:07 - Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. - 详情 - - - - 8d955c1d3675c9637123c5aea288147c - CVE-2023-40695 - 2024-05-03 19:15:07 - IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938. - 详情 - - - - f5db04c7c066d973413371dd09c1ae33 - CVE-2022-33010 - 2024-05-03 19:15:07 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. - 详情 - - - - da0dfdddc65eb25d967ebeecdd541962 - CVE-2022-22364 - 2024-05-03 19:15:07 - IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903. - 详情 - - - - 1a892dafa93f37fa9a0dacbfa63d8b32 - CVE-2021-20451 - 2024-05-03 19:15:07 - IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643. - 详情 - - - - 27175ba2b6e79ee0f5c750b431bc847d - CVE-2024-34453 - 2024-05-03 18:15:10 - TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php). - 详情 - - - - bc8975127c1aff019beb186534ea5604 - CVE-2024-34075 - 2024-05-03 18:15:09 - kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the `MarkovData#getNext` method used in `Markov#generate` and `Markov#choose` allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a string contains a forbidden substring (i.e. `__proto__`) followed by a space character, the code will access a special property in `MarkovData#finalData` by removing the last character of the string, bypassing the dataset sanitization (as it is supposed to be already sanitized before this function is called). Any dataset can be contaminated with the substring making it unable to properly generate anything in some cases. This issue has been addressed in version 3.2.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. - 详情 - - @@ -1971,6 +1971,126 @@

眈眈探求 | TITLE URL + + d3b4fd9837f6546b2bfa1ca69f70cddf + CVE-2024-28193 + 2024-05-07 07:26:52 + YourSpotify信息泄露漏洞 + 详情 + + + + 0b63c3233a88e2d0f547c88851976488 + CVE-2024-2237 + 2024-05-07 07:26:52 + WordPress Premium Addons PRO Plugin跨站脚本漏洞 + 详情 + + + + 11a8fa8b1b394c760afdf06ef93e95b1 + CVE-2024-2252 + 2024-05-07 07:26:52 + WordPress Droit Elementor Addons Plugin跨站脚本漏洞 + 详情 + + + + 674946d649f569456ad5d9534ebbbd7e + CVE-2024-2238 + 2024-05-07 07:26:52 + WordPress Premium Addons PRO Plugin跨站脚本漏洞 + 详情 + + + + dd598f14fe27b697edb169005b5605c2 + CVE-2024-2286 + 2024-05-07 07:26:52 + WordPress Sky Addons for Elementor Plugin跨站脚本漏洞 + 详情 + + + + 6bbe2569f99dad5ae16bbe04994e8ccd + CVE-2024-2293 + 2024-05-07 07:26:52 + WordPress Site Reviews Plugin跨站脚本漏洞 + 详情 + + + + c098474ff2a726654e0b381912000f33 + CVE-2024-0154 + 2024-05-07 07:26:52 + Dell PowerEdge Server BIOS和Dell Precision Rack BIOS参数初始化错误漏洞 + 详情 + + + + 4f17061e95e94da0d17dc36fb3a4f9f4 + CVE-2024-24105 + 2024-05-07 07:26:52 + Computer Science Time Table System SQL注入漏洞 + 详情 + + + + b69683ab568e9e583cfcb9b2a27558b2 + CVE-2024-0163 + 2024-05-07 07:26:52 + Dell PowerEdge Server BIOS和Dell Precision Rack BIOS竞争条件漏洞 + 详情 + + + + d89152a91aa10d137715707aa8ed8fcc + CVE-2024-0162 + 2024-05-07 07:26:52 + Dell PowerEdge Server BIOS和Dell Precision Rack BIOS通信缓冲区验证错误漏洞 + 详情 + + + + cb8f03ae777d46210d78720dac4a2c93 + CVE-2024-2239 + 2024-05-07 07:26:52 + WordPress Premium Addons PRO Plugin跨站脚本漏洞 + 详情 + + + + d6da9d75e6d1892cb3f72a2eb7151eec + CVE-2024-0173 + 2024-05-07 07:26:52 + Dell PowerEdge Server BIOS和Dell Precision Rack BIOS参数初始化错误漏洞 + 详情 + + + + f2cc3a92223f427c69539de22a09c6ed + CVE-2024-20262 + 2024-05-07 07:26:52 + Cisco IOS XR拒绝服务漏洞 + 详情 + + + + 3c85c27095449cd103ce5382b9452cbc + CVE-2024-25250 + 2024-05-07 07:26:52 + Computer Science Time Table System SQL注入漏洞 + 详情 + + + + a8e205e0f50a82bf3c0949ca74e46795 + CVE-2024-22167 + 2024-05-07 07:26:52 + Western Digital SanDisk PrivateAccess DLL劫持漏洞 + 详情 + + cb59eb70d7428377f8783d5397287f1f CVE-2024-1772 @@ -2091,126 +2211,6 @@

眈眈探求 | 详情 - - 90bcd60e47b9021a55c78b42ed2c444d - CVE-2024-0499 - 2024-05-06 03:25:26 - SourceCodester House Rental Management System跨站脚本漏洞 - 详情 - - - - 7c9cd966edcc6435d525afdad76324c2 - CVE-2023-51070 - 2024-05-06 03:25:26 - QStar Archive Solutions访问控制错误漏洞 - 详情 - - - - d9d19930a6250e0dfd690e3a8bafc8f8 - CVE-2023-51068 - 2024-05-06 03:25:26 - QStar Archive Solutions跨站脚本漏洞 - 详情 - - - - dbf5e2f75715ffd2b107553311f4061d - CVE-2024-0251 - 2024-05-06 03:25:26 - WordPress Plugin Advanced Woo Search跨站脚本漏洞 - 详情 - - - - 6a49c7588feadb20464eb848cf0e895a - CVE-2023-52289 - 2024-05-06 03:25:26 - Flaskcode路径遍历漏洞 - 详情 - - - - 6173dca00b18f45efa99ed05fdbb95e6 - CVE-2024-0502 - 2024-05-06 03:25:26 - SourceCodester House Rental Management System SQL注入漏洞 - 详情 - - - - 50189184b6661d6d79056b5568b97209 - CVE-2024-21640 - 2024-05-06 03:25:26 - Chromium Embedded Framework缓冲区错误漏洞 - 详情 - - - - e137c673497069db3898151945cd0039 - CVE-2024-0480 - 2024-05-06 03:25:26 - Taokeyun SQL注入漏洞 - 详情 - - - - ea2d9c7432e1da8903c1f853a3d36079 - CVE-2024-0482 - 2024-05-06 03:25:26 - Taokeyun SQL注入漏洞 - 详情 - - - - 286f3596bbde448c479d03c329e42d93 - CVE-2024-0481 - 2024-05-06 03:25:26 - Taokeyun SQL注入漏洞 - 详情 - - - - 0226366a6e0ea225ed7d1f35a9d7c377 - CVE-2024-22209 - 2024-05-06 03:25:26 - EDX Open edX Platform访问控制错误漏洞 - 详情 - - - - e41e6a81b63f4dc08dd965c073cb39d0 - CVE-2024-0483 - 2024-05-06 03:25:26 - Taokeyun SQL注入漏洞 - 详情 - - - - 31d12bd64f7ba23c1031994fb50c420e - CVE-2024-0484 - 2024-05-06 03:25:26 - Fighting Cock Information System SQL注入漏洞 - 详情 - - - - b5ab393eadb03a6777e13da8d9317878 - CVE-2024-0488 - 2024-05-06 03:25:26 - Fighting Cock Information System SQL注入漏洞 - 详情 - - - - fb1453820f896c78166f2b62dd1e4356 - CVE-2024-0487 - 2024-05-06 03:25:26 - Fighting Cock Information System SQL注入漏洞 - 详情 - -