Updated by Github Bot

cache/Tenable (Nessus).dat

@@ -138,3 +138,13 @@ be6d551f744835946998a7219c67f895
 bffb1850509bf03cb97fefe7c5b83687
 4571101982628b560ac359d9fed57057
 75508d355027c666c98c0eea80a9b34e
+6ef3af727eb04d9fb4c43ad16e6db9df
+9aa20a833c520e03bd522cadda9df036
+217cfaa9e6233a04fc43cc8767962c90
+3d74df6ef9f8eddaf7c49c733f4db9fa
+072a54c202441464684878bf29a5d7ff
+b59997fd2729c49c1b31a22454c521ab
+36f430982d18bed4c07cf445a1584d55
+861e51f51a27d948f55a498515fc2508
+593fbe0d06bb1faad6234fa9429028aa
+66e7d9be46166f8da63f26bf33f82f79

docs/index.html

@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-02-24 03:27:00 -->
+<!-- RELEASE TIME : 2024-02-24 04:26:08 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>6ef3af727eb04d9fb4c43ad16e6db9df</td>
+       <td>CVE-2024-22395</td>
+       <td>2024-02-24 00:15:45 <img src="imgs/new.gif" /></td>
+       <td>Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22395">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>9aa20a833c520e03bd522cadda9df036</td>
+       <td>CVE-2024-26192</td>
+       <td>2024-02-23 23:15:09 <img src="imgs/new.gif" /></td>
+       <td>Microsoft Edge (Chromium-based) Information Disclosure Vulnerability</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26192">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>217cfaa9e6233a04fc43cc8767962c90</td>
+       <td>CVE-2024-26188</td>
+       <td>2024-02-23 23:15:09 <img src="imgs/new.gif" /></td>
+       <td>Microsoft Edge (Chromium-based) Spoofing Vulnerability</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26188">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3d74df6ef9f8eddaf7c49c733f4db9fa</td>
+       <td>CVE-2024-25469</td>
+       <td>2024-02-23 23:15:09 <img src="imgs/new.gif" /></td>
+       <td>SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25469">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>072a54c202441464684878bf29a5d7ff</td>
+       <td>CVE-2024-24681</td>
+       <td>2024-02-23 23:15:09 <img src="imgs/new.gif" /></td>
+       <td>Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24681">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b59997fd2729c49c1b31a22454c521ab</td>
+       <td>CVE-2024-22988</td>
+       <td>2024-02-23 23:15:09 <img src="imgs/new.gif" /></td>
+       <td>An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22988">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>36f430982d18bed4c07cf445a1584d55</td>
+       <td>CVE-2024-27133</td>
+       <td>2024-02-23 22:15:55 <img src="imgs/new.gif" /></td>
+       <td>Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-27133">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>861e51f51a27d948f55a498515fc2508</td>
+       <td>CVE-2024-27132</td>
+       <td>2024-02-23 22:15:55 <img src="imgs/new.gif" /></td>
+       <td>Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-27132">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>593fbe0d06bb1faad6234fa9429028aa</td>
+       <td>CVE-2024-25730</td>
+       <td>2024-02-23 22:15:55 <img src="imgs/new.gif" /></td>
+       <td>Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25730">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>66e7d9be46166f8da63f26bf33f82f79</td>
+       <td>CVE-2024-24310</td>
+       <td>2024-02-23 22:15:54 <img src="imgs/new.gif" /></td>
+       <td>In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24310">详情</a></td>
+      </tr>
+
       <tr>
        <td>9b8817a4cdf6c801151b440311017df3</td>
        <td>CVE-2024-23320</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-52450">详情</a></td>
       </tr>
 
-      <tr>
-       <td>640710eaf71aecdc74a8d95125237edf</td>
-       <td>CVE-2024-26445</td>
-       <td>2024-02-22 14:15:47</td>
-       <td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26445">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d8cd9690eea9b704088fb7439252d0ed</td>
-       <td>CVE-2024-26352</td>
-       <td>2024-02-22 14:15:47</td>
-       <td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26352">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>bd9db3e6c33812282c832255a42b5dde</td>
-       <td>CVE-2024-26351</td>
-       <td>2024-02-22 14:15:47</td>
-       <td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26351">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4e2c207be20516a7fc6205ce0f4df149</td>
-       <td>CVE-2024-26350</td>
-       <td>2024-02-22 14:15:47</td>
-       <td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26350">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e6933fc77c361acca21adbd8d0ea40dc</td>
-       <td>CVE-2024-26349</td>
-       <td>2024-02-22 14:15:47</td>
-       <td>flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26349">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f3d1d56ec04c70c0095f6c8902f1abfb</td>
-       <td>CVE-2024-25876</td>
-       <td>2024-02-22 14:15:47</td>
-       <td>A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25876">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f7ac6e7a50464b80d3f03045c13a88b8</td>
-       <td>CVE-2024-25875</td>
-       <td>2024-02-22 14:15:46</td>
-       <td>A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25875">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ee41dd336a3674ec126b82f4f5664a66</td>
-       <td>CVE-2024-25874</td>
-       <td>2024-02-22 14:15:46</td>
-       <td>A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25874">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1ede93ed4c1c623b9536e70688154c64</td>
-       <td>CVE-2024-25873</td>
-       <td>2024-02-22 14:15:46</td>
-       <td>Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25873">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>0b860e00df8cf398294f1315db259d8a</td>
-       <td>CVE-2024-23094</td>
-       <td>2024-02-22 14:15:46</td>
-       <td>Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23094">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>