Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Nov 28, 2024
1 parent f41c2e5 commit f766464
Show file tree
Hide file tree
Showing 3 changed files with 146 additions and 131 deletions.
15 changes: 15 additions & 0 deletions cache/Nsfocus.dat
Original file line number Diff line number Diff line change
Expand Up @@ -195,3 +195,18 @@ efa7cedfe038cc8c6402b98731c238f9
11021bc99038f9e526d37ad001f31830
876076e8d62fea3f9e585652cb471a43
ec2f0bb1825d1769151f6a2c997003ca
34c0f108f9a0bd5d671bf2d862b3764c
d383f195197fae1e5dcc11a9faefb4b7
3abf721754e7fa225ae46815624276dc
31fbe034774abbb50354956a3faf34a9
9fbd4d8be94c090b7579147b6f67d332
794a419519eb5fa57d6fc4166245e17b
d8dc8e6c8051f481dcb62faea6c8c438
0bf70b9667cba6814226f70fa4fcc6dc
b373b7de564f65905bcc69c56f7dbec3
589ed5982e113983061435b8be93f3cd
79323f395d72f5161a7cbbcf97c7bf26
694fd9a66ee9ecfda2f1c3d63672fb8b
c9ce8e1675bbe5a8d83c718fc916c85f
e9ff2f42cf312627a92b320ea2c679be
341c1c06b5b71ee9206962447877468e
Binary file modified data/cves.db
Binary file not shown.
262 changes: 131 additions & 131 deletions docs/index.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-11-27 15:26:45 -->
<!-- RELEASE TIME : 2024-11-28 03:37:23 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -366,79 +366,79 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>d3af3ba28ea2bfaaa42cb9f59de143c8</td>
<td>CVE-2024-11680</td>
<td>2024-11-26 10:15:04 <img src="imgs/new.gif" /></td>
<td>2024-11-26 10:15:04</td>
<td>ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11680">详情</a></td>
</tr>

<tr>
<td>cad6a980c3c4d0357176c825f507025c</td>
<td>CVE-2024-11032</td>
<td>2024-11-26 10:15:04 <img src="imgs/new.gif" /></td>
<td>2024-11-26 10:15:04</td>
<td>The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11032">详情</a></td>
</tr>

<tr>
<td>a8ad3dd98906e55b62e82236d963840a</td>
<td>CVE-2024-9170</td>
<td>2024-11-26 09:15:06 <img src="imgs/new.gif" /></td>
<td>2024-11-26 09:15:06</td>
<td>The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ShopManager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9170">详情</a></td>
</tr>

<tr>
<td>7e06c80fd75a8a2d30989e5cf6f2f42f</td>
<td>CVE-2024-11192</td>
<td>2024-11-26 09:15:05 <img src="imgs/new.gif" /></td>
<td>2024-11-26 09:15:05</td>
<td>The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11192">详情</a></td>
</tr>

<tr>
<td>25b6e1ecc2f120e85785390214eba906</td>
<td>CVE-2024-11119</td>
<td>2024-11-26 09:15:05 <img src="imgs/new.gif" /></td>
<td>2024-11-26 09:15:05</td>
<td>The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11119">详情</a></td>
</tr>

<tr>
<td>5dd2f482d3ede5362382de392681caca</td>
<td>CVE-2024-11091</td>
<td>2024-11-26 09:15:05 <img src="imgs/new.gif" /></td>
<td>2024-11-26 09:15:05</td>
<td>The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11091">详情</a></td>
</tr>

<tr>
<td>5849da7925ade5f046eccdc526525b2c</td>
<td>CVE-2018-11952</td>
<td>2024-11-26 09:15:05 <img src="imgs/new.gif" /></td>
<td>2024-11-26 09:15:05</td>
<td>An image with a version lower than the fuse version may potentially be booted lead to improper authentication.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2018-11952">详情</a></td>
</tr>

<tr>
<td>2e766aad63d0f28e7b9fbe42a63d0639</td>
<td>CVE-2018-11922</td>
<td>2024-11-26 09:15:04 <img src="imgs/new.gif" /></td>
<td>2024-11-26 09:15:04</td>
<td>Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2018-11922">详情</a></td>
</tr>

<tr>
<td>1a5fb770f0614bca096124ac0b950cf9</td>
<td>CVE-2017-18153</td>
<td>2024-11-26 09:15:04 <img src="imgs/new.gif" /></td>
<td>2024-11-26 09:15:04</td>
<td>A race condition exists in a driver potentially leading to a use-after-free condition.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2017-18153">详情</a></td>
</tr>

<tr>
<td>4c211ecdf45a307f58e3f6b0ec8afc3b</td>
<td>CVE-2017-17772</td>
<td>2024-11-26 09:15:04 <img src="imgs/new.gif" /></td>
<td>2024-11-26 09:15:04</td>
<td>In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2017-17772">详情</a></td>
</tr>
Expand Down Expand Up @@ -2019,6 +2019,126 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106935">详情</a></td>
</tr>

<tr>
<td>34c0f108f9a0bd5d671bf2d862b3764c</td>
<td>CVE-2024-43242</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件Ultimate Membership Pro不可信数据反序列化漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106989">详情</a></td>
</tr>

<tr>
<td>d383f195197fae1e5dcc11a9faefb4b7</td>
<td>CVE-2024-49616</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress plugin Rate Own Post SQL注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106988">详情</a></td>
</tr>

<tr>
<td>3abf721754e7fa225ae46815624276dc</td>
<td>CVE-2024-43272</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件icegram未认证漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106987">详情</a></td>
</tr>

<tr>
<td>31fbe034774abbb50354956a3faf34a9</td>
<td>CVE-2024-7924</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>ZZCMS路径遍历漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106986">详情</a></td>
</tr>

<tr>
<td>9fbd4d8be94c090b7579147b6f67d332</td>
<td></td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件Void Elementor Post Grid Addon for Elementor Page builder路径遍历漏洞(CVE-2</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106985">详情</a></td>
</tr>

<tr>
<td>794a419519eb5fa57d6fc4166245e17b</td>
<td>CVE-2024-43280</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件Salon Booking System输入验证错误漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106984">详情</a></td>
</tr>

<tr>
<td>d8dc8e6c8051f481dcb62faea6c8c438</td>
<td>CVE-2024-7949</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>SourceCodester Online Graduate Tracer System SQL注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106983">详情</a></td>
</tr>

<tr>
<td>0bf70b9667cba6814226f70fa4fcc6dc</td>
<td>CVE-2022-1206</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件AdRotate Banner Manager任意文件上传漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106982">详情</a></td>
</tr>

<tr>
<td>b373b7de564f65905bcc69c56f7dbec3</td>
<td>CVE-2024-5940</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件GiveWP未授权数据更改漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106981">详情</a></td>
</tr>

<tr>
<td>589ed5982e113983061435b8be93f3cd</td>
<td>CVE-2024-5941</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件GiveWP未授权数据访问和删除漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106980">详情</a></td>
</tr>

<tr>
<td>79323f395d72f5161a7cbbcf97c7bf26</td>
<td>CVE-2024-5939</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件GiveWP未授权数据访问漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106979">详情</a></td>
</tr>

<tr>
<td>694fd9a66ee9ecfda2f1c3d63672fb8b</td>
<td>CVE-2024-5932</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件GiveWP PHP对象注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106978">详情</a></td>
</tr>

<tr>
<td>c9ce8e1675bbe5a8d83c718fc916c85f</td>
<td>CVE-2024-7942</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>SourceCodester Leads Manager Tool跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106977">详情</a></td>
</tr>

<tr>
<td>e9ff2f42cf312627a92b320ea2c679be</td>
<td>CVE-2024-7927</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>ZZCMS 路径遍历漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106976">详情</a></td>
</tr>

<tr>
<td>341c1c06b5b71ee9206962447877468e</td>
<td>CVE-2024-43326</td>
<td>2024-11-28 03:35:16 <img src="imgs/new.gif" /></td>
<td>WordPress插件Plugin Notes Plus未授权漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106975">详情</a></td>
</tr>

<tr>
<td>6e359f1e29910e12097457982372b380</td>
<td>CVE-2024-45792</td>
Expand Down Expand Up @@ -2107,126 +2227,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106924">详情</a></td>
</tr>

<tr>
<td>98169601742c73a14d0da9b8826e93d1</td>
<td>CVE-2024-40088</td>
<td>2024-11-27 03:35:03 <img src="imgs/new.gif" /></td>
<td>Vilo Mesh WiFi System目录遍历漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106818">详情</a></td>
</tr>

<tr>
<td>54f35987d8927c409b18d6a2066987b5</td>
<td>CVE-2024-40087</td>
<td>2024-11-27 03:35:03 <img src="imgs/new.gif" /></td>
<td>Vilo Mesh WiFi System访问控制错误漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106817">详情</a></td>
</tr>

<tr>
<td>a538437a8c076b60c2e538369c913566</td>
<td>CVE-2024-7782</td>
<td>2024-11-27 03:35:03 <img src="imgs/new.gif" /></td>
<td>WordPress插件Contact Form by Bit Form任意文件删除漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106816">详情</a></td>
</tr>

<tr>
<td>2c196a970c6d262dcdc0595a969551b1</td>
<td>CVE-2024-40091</td>
<td>2024-11-27 03:35:03 <img src="imgs/new.gif" /></td>
<td>Vilo Mesh WiFi System信息泄露漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106815">详情</a></td>
</tr>

<tr>
<td>0995e3725554f5ef9c2c12685a333249</td>
<td>CVE-2024-7777</td>
<td>2024-11-27 03:35:03 <img src="imgs/new.gif" /></td>
<td>WordPress插件Contact Form by Bit Form任意文件读取和删除漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106814">详情</a></td>
</tr>

<tr>
<td>46b44d37b489b3e6a1af23be0f6ac9d7</td>
<td>CVE-2024-9677</td>
<td>2024-11-27 03:35:03 <img src="imgs/new.gif" /></td>
<td>Zyxel USG FLEX信息泄露漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106813">详情</a></td>
</tr>

<tr>
<td>f0947cfa9600689a6fffb0d0618e8caa</td>
<td>CVE-2024-41930</td>
<td>2024-11-26 09:24:59 <img src="imgs/new.gif" /></td>
<td>Media Fusion Teacher Performance Management System跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106694">详情</a></td>
</tr>

<tr>
<td>ea27d64ac6341fe0b61340500c40fc5a</td>
<td>CVE-2024-46256</td>
<td>2024-11-26 09:24:59 <img src="imgs/new.gif" /></td>
<td>NginxProxyManager命令注入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106693">详情</a></td>
</tr>

<tr>
<td>5fd87e8336ba8f99949ac2be34f28921</td>
<td>CVE-2024-9202</td>
<td>2024-11-26 09:24:59 <img src="imgs/new.gif" /></td>
<td>Eclipse Dataspace Components授权错误漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106692">详情</a></td>
</tr>

<tr>
<td>22624d98b994f512fb44febb30c7dc1b</td>
<td>CVE-2024-6436</td>
<td>2024-11-26 09:24:59 <img src="imgs/new.gif" /></td>
<td>Rockwell Automation Sequence Manager输入验证错误漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106691">详情</a></td>
</tr>

<tr>
<td>f379efb794d6e39a21c534144ac9dd57</td>
<td>CVE-2024-45744</td>
<td>2024-11-26 09:24:59 <img src="imgs/new.gif" /></td>
<td>TopQuadrant TopBraid EDG信息泄露漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106690">详情</a></td>
</tr>

<tr>
<td>cb8686c0422d2287fc2fdecb557c201e</td>
<td>CVE-2024-25412</td>
<td>2024-11-26 09:24:59 <img src="imgs/new.gif" /></td>
<td>Flatpress跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106689">详情</a></td>
</tr>

<tr>
<td>bec2384e7b8281d935df749a25b4f514</td>
<td>CVE-2024-25411</td>
<td>2024-11-26 09:24:59 <img src="imgs/new.gif" /></td>
<td>Flatpress跨站脚本漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106688">详情</a></td>
</tr>

<tr>
<td>0b95e76773893a41d8d0a0731e225944</td>
<td>CVE-2024-45745</td>
<td>2024-11-26 09:24:59 <img src="imgs/new.gif" /></td>
<td>TopQuadrant TopBraid EDG XML外部实体引用漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106687">详情</a></td>
</tr>

<tr>
<td>0d51b1ed0575d30d0f38fd5bdac9a0e3</td>
<td>CVE-2024-39433</td>
<td>2024-11-26 09:24:59 <img src="imgs/new.gif" /></td>
<td>Google Android越界写入漏洞</td>
<td><a target="_blank" href="http://www.nsfocus.net/vulndb/106686">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit f766464

Please sign in to comment.