From 1d5ddfa9df3a3cbbef299f2f530e0f6695c08ee0 Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Tue, 14 Jan 2025 15:24:32 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 50864128 -> 50880512 bytes docs/index.html | 162 ++++++++++++++++++------------------- 3 files changed, 91 insertions(+), 81 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 0ebef4ed50e..d524633515a 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -189,3 +189,13 @@ d0793ed7267a9c5ed4c6e57e17ad616f ac737a04e97484577f1b984868302e58 936994ae62893114d153ed9a236d34c9 501c0fdc5c798076d0a715769d66a278 +e94c87f8335f9897060ae76c6c75733e +8f9de32f50270320f7fd685e9710468b +a6ee9f455c903af316f7dd775052edd1 +e5cf6f8b748ddf999ba4cb099cbc2c0e +cfe653de65cfedbc22787dcd57d81295 +77938c8776326d4d76bb820ff6e59775 +602a0ebcb988c0ed7059c804a9c18b39 +500111c2de1b2f8e1099fdab77e6da46 +2492e820a751fb1ec6ca073f97c71b97 +7c006ad7e5240a93cba10442b66a54c8 diff --git a/data/cves.db b/data/cves.db index 8d7fbf4327b7f40197cf0872772a7d8b6121685a..c23c6d328a1a4c6d90ccd4ff72a30e65495f2517 100644 GIT binary patch delta 12293 zcmeI&2Xquw+XrxF(jZN03ZV>ALI{D`zAH750HH%b!Io!hvXI6m0Z|bU9*PKpZ55OY zHbhath9XF?A&LqXtVlpb#UNmRZM^^4luZNlJKy_#=RJpW_$_4TncMH3o4L#@Uzaei ze0{>oq_C0AnyHIcDTAbu^NC4fl9@u7LYcyt!kHqNnlrUvie!pnie`#oiedw@IDVeD!Qwmcr zrc|chOleGgnEEoQOgbh#lYz;|WMVQiS(vO$Hl|CM`Z4uq8o)G=X%N$3rgWwuOhcJ6 zm@=7$F%4%L!IZ@`l4%svXr?htW0}S=jc1y`G?6KrX%f?9rc0SFW17M=mFaS(E10fi zx{B#)rW_`;kDbZE|nX(1CcEn-^Cw1jCX(@jjvm~LiT&a{H* z7N(UNj%hp7^GrLKb~3%d zw2P^nX*bi0OfNCL%=8M=t4w>CUSrzJ^g7cUO#7JLWO|F~ZKnN92bkVrdY9=vruUf+ zGJU}GA=5`pA2WTz^eNLJrq7rTGgUAhVLHn6Inx(RUostI`ikjmrf-;zGkwcc$#jD0 zJEoINr360-nEqt?i|Nc#l9rPMGK4@Vgh4n& zKyzpTkq`yZ5CgGr5wwI>&>Gr6TWAMy5Dy8E2<;&WIzUJ01f4;FE^sk)g>KLtdO$Mt zgcRrnsn8qJpbzu~6?C8n0~o;sX0U)2Y;XzmgZ?l82Erg14CycghC&8p!Y~*PBOnV# z!YCLGV_+276QW}SPV;GDcl6h z;AU73E8rGb39H~%xD9THJK#?6!(DJUtcEpk58MlDLBKj#5BI_S@Blmr55Wd_7&gKq z@F;A8$KY|;3|n9;JONL_Q}8rA1KZ$Pcn-G1^RNSU!V9nq%3(LW2rt3Q@Cv*Nd*C(L z3$Mc)un*pZx8QBq4+r2Kco*J-_u(LX03X6f@G*P>pTZ&d3=TsD9D$?oIeY zSuhet!Dtu*V__VOhY2tdvSAWThD+fxm;zJba<~Gngsb3c$N{bW?ce|>xWEk_$b~%c z!Zer;`A`6bPz1#=1AI^drBDVlVHR8iv*B8}4z7nea0ASRc`zStgaxn=7#6`|SOQDo zCRheH!*W;wx4=qR1-HU&a68-qcY+`8g1ccgtbu#rURVnP*1>wX5AKHt;6Zo@Ho(KM z5gvg@VG}$CkHcoz0$bq;coLq1r{Njc2G7ECupOR<9k3H#fL%}yyWvH630{U*;8oZI zufbk;9o~R_@Fu(kZ^M2#0Pn!N@E*Jm2jK(w5I%yB;S=~24#8(|7%Jch9EH!}3-}U_ z!B_A#d;`bfTd0H+@Ex3lQ*au-hacca_z8Z7U*K2x7yJgl!yoV``~_#^r4)kc4>E*6 zXvj_q3wa=?d2I8w&9pu8u4w$6Ap5u2uL#}MT8)-(mUk(|Ub!+PT4k;rjF=m_a=Klnw2p<&DiQa>s6p`8_5*+8=cyYCxpF#pxEK!vEaXa^-u=~5RUX|;H)27}3Cv)U}GS+%<@W~bR{Fjz*W-2COT9&fee|l{l&0#^bVfxdMBH&X-oG-bywg8UzIjdZ z!k)WV(nT24wDRh9jY@1D@^pAdOt5BJ#wEzJL>V|hxwOvcs&1a7p0yoSf9$o&TaSsb ze@T=aDjvmWbzcOAtq5LBk}-d}LFC}GUK-lhebG(p0+*Ept?L`l zsx2v6`Q`+#)-UDmsah#V^*YN0QWE3k?BFz57A33Nbim(jge6r=IWR@qSk;u?N_N)x ziQ^_^4pmHwC3~uvk8*WF^c2LUHZ?nsOxN;GYacJSt23oV)z`1%uDGhy(LzEXs(L2Z zuRw9{+6(nolfFq>>5B2$M60Y#t1VK!n_4Q`O>37oy#%ca+*PwCY+Vs0+a#<1$eM%Q z#h?~*G3ClVNm6KHvAr};u{)jak`k{YA0yXmS4#8TUZ1~W`ROh~d3>9sh`}4UJESGCk$SWED@y|9-2 z@2n;M^23KBMMb|dsl6z_{IDF_-)yvLPqeJ@qbFx8*_Je&UR9N$<0mURz0NpnsFE?X zZ{Uy8)0{qB`z}qFKFp}5nWhX;#qQOerM5j9#7-PNwNCJe`oY}-!6qd=kZhe$Q<`qb zaHOlRP4~Q^#=jpLEN$270yL}_@=vdy|M?;tXJ3_O{Ys6fpJ+{`&Kmj;QVmwBI@QL# zRa2{AX!ol6H_@|NY)xnR%Tp&Otlcvh58?KGr^v1RD^Jhs;;(4;O@!EXZMM|TU%vgN z)}kUzNHPACu|I|T*X`RA+F2Vm1w}5m;+UXhay$RJ zW7{MBS?%XWi^tB)ky?n(4`s<=Vr9loDXfLvm+LOohM#{^@5!BF>Tc<39(?;B&Xqg+ zv+f%f-4(-8H?(Fb<;UEP_6F9 zCTfHkADEfJM78EbWWyS1OM^DrgMrmaHfl~p2IfVB$l7vd46W(Qn&l=KsnsaBFx9D% zmT2P|nVP6k%~}&oRI3pp8`h|1`UC^D8r25Y$sCbQ)X3CCjcTS@FiovS!N>-Q)~}IP zPD|r*V%ZM1d|*+oS`qX$lOwn!*No4G>+Cr~8!k!u>UOHL(A5ml#;I2KeZ2w%MsuT7 z>s2f8tkH(EHtQOtdiKy@swshmu690QNKH)78Xb5t=`km&lh!qOh8P>S7{*nTPo{H( z21`-Z59bICuFO@>8)Mx;So_4S{}4G}WH9^lMFw-PDQKhqs+p?|JE5kabw)u=XfXft zrW!0jRe#l8R_gW_k`9dUV1HFT$bu_DV9ls)Fm2id)4s4psp<$*732@vc*i!5%uK*?Y|*t`B{@nP^o}Ani$AJQ=TA zwO3<{t}-mT%I@^I%_f5jANZHc;neFbR*TE&GFe=Bt(Le$?ii}m>y6^nOdGacS3Gl2 zjuK}vIx6cQ$hmCr?lgh%3im+lgs34g?C+}rkV z+$&3>{FCsIWL0le8E^0gX~kSP!LSf-@K8Ln$Lg>ctuB|xX0ti$MyEry*_toSke}^xm=3*B%lQDjE`>id-{=06&+maQBw@4!z?EBt2bV!c# zuiG#z{y&l1bg^aHNja>q)wE?6R}Rz~V)IOr>~jdlcMm2DfqAu)F#Gd{ z2J=5}Xs`fttJ=TL&gEm^;dG82!MdImE{ofQ=dayna60TbFE#2NX0zR7bXq653+>t|LC>)`FYpicLSC0`=;8%E+m`tm1#$eqN>UKR3S zp+5Mc>=Avphlhkk;dD&3X}blz?thjT{r;`I$WT?BrCzSg(4Lq}W*C;tuStFi29M3+wCEgS_eh)uH`nQHI@_c?_nJh1NGF|gblz=BrpHs{E6qn; zl`-xD2hP^=yu~HGm5FX=na`)aL>h0OUEnS(Em3+1dgVB_IHrMRQnG*C=V#)?BKJwT zN2tD!&L9r-+K!W*Eg9YAuwDfvImM2g;;I{Sd~TQ5=XRFnwjl$9WL z|LGgYcB?s&QIdm}rNmq6u6G8cYW=5LE;M3X&%fJ<;)o*-yVb$T zFUX-P1|Y|C<?{e!LdXLqu!+zJ}vO6pmx7lSE={JYSi4mqW zyc^e9PqxN?ZrkPEsR7Id|nRlQwx zJDd)i)#_B;E{kfiIjySEZgc9ysUAggQdKjWOjV^H@=uzv=@u00SM!4c5i5po`sNu^FuRFB2BCL2q^$ zT^6&$fhE-AF}qDRi+_IP_(ZJzdeyA=PjFXuyz_8bR7w*g?4LDFNP&H}7(96p{)dsIRo4Ero;QM8{sZ%8CjTGgo|1AIeqpRwyt;j0u$cAg FzX7J|zeWH6 delta 2950 zcmW;ORd5i77KCAv5FilTLV*@{DAwZc?ruwqQ;NIG;_mM5(BhI%pitbM;_mKn|K5l1 z%$$ewvNJn#21G0f8xS!+Y<$w-qLCtHA2cCFk$|EDWd&G)R*)6h3bvwHQLSiJh!x$6 zVTD>TtyorUD~=V{if6^Q5?BeXL{?%e%t~T?XC<|gS;?*MtskruR!S?CmD);UrM1#o z>8%V_Mk|w**~(&NwX#`1TG_1}R!%FImD~Es`q|23<+buz`KtPgCm`>sPCp)!b@fwX|AUt*tgzTkAKgo%Orb-s)g=v^rUxtu9tqtDDu`>S6V? zdRe`#K2~3=pVi+QU=6eeS%a-1maU=IFl)Fq!WwCfvPN5Dtg+TOYrHkVnrKb3CR z+Gzb@{b_BoHd|Y)t=2YcyS2mGY3;IhTj5rOwa5C)+H38z_FI2j2dsnEKh`1Zuyw>b zY8|tVTPLiO)+y_>b;detowLqc7p#lcCF`$Ua9dTYJ2-di86kJcyav-QRLYJD4_fH4X{Ac7DX z!H9yWh=veEM+}4_CSoBr;vg>KAwCiyArc`m!jJ^tAt{m}IljjaNP(0{h15ucv`B~a z$bgKkb<{vj)Ix34L0!~CeKbHrG(uxE!GHNT#V`03&Cnbz&=RfC8g0-P zzo8v|M|*TYM|47GbU{~iLwEE*PxL}>^g&!|7)!7e%di|PuoA1V8f&l?>#!ah zun~XYPi(?wY{6D+!*=YzPVB;Ngd+lb@E7)CANJ#K9Kb>RgF`rsBRGm@hxD40;xX&5roJHMifLvG=v~JVjvVT5eu;q2XPS(@sR)tkqC(q zh9vk7Ns$c6@jZS(3Zz6Tq(&N~MLMKM24qAgWJVTbMK=71?8t$f$c5ba2|ptb@**Gd zqW}t`5DKFRilP{bqXbH#6iTBE%Ay>~qXH_T5-Ot#s-haIqXufC7HXpo>Y^U%qX8PC z5gMZj{>#59e!;J3hURF2mS~06XoI%+4ejtd+M@$Hq7yo!3%a5kx}yhrq8ECj5Bj1X z`eOhFVh{#n2#lc^hT#~2kr;*17=y7Ghw+$ziI{}Rn1ZR8hUu7rnV5yyn1i{Phxu55 zg;<2eSc0WkhUHj+l~{$9UcX*Ev_=r#Vj4$|#Z-FBeMEwznAVdz@rQo2& zO`?THTOH}YA2~dfJuGluyohrFGs9Di&lmVSc--1n!9k2DLE&p#MGdOGEOGRZ3Xx(r skF`4Hr@qfqo|AumG0<7WRHkU#MMXK$l~S4a{qXj7E`0aWd38UO$Q diff --git a/docs/index.html b/docs/index.html index abbc94d692f..47cfe917281 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + e94c87f8335f9897060ae76c6c75733e + CVE-2024-56841 + 2025-01-14 11:15:17 + A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification. + 详情 + + + + 8f9de32f50270320f7fd685e9710468b + CVE-2024-53649 + 2025-01-14 11:15:16 + A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.80), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V9.80), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V9.80), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V9.80), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.80), SIPROTEC 5 7SX82 (CP150) (All versions < V9.80), SIPROTEC 5 7SX85 (CP300) (All versions < V9.80), SIPROTEC 5 7SY82 (CP150) (All versions < V9.80), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V9.80), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VU85 (CP300) (All versions < V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.80). Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices. + 详情 + + + + a6ee9f455c903af316f7dd775052edd1 + CVE-2024-47100 + 2025-01-14 11:15:16 + A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0). The web interface of the affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change the CPU mode by tricking a legitimate and authenticated user with sufficient permissions on the target CPU to click on a malicious link. + 详情 + + + + e5cf6f8b748ddf999ba4cb099cbc2c0e + CVE-2024-45385 + 2025-01-14 11:15:15 + A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. + 详情 + + + + cfe653de65cfedbc22787dcd57d81295 + CVE-2024-12240 + 2025-01-14 11:15:15 + The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + 77938c8776326d4d76bb820ff6e59775 + CVE-2025-20620 + 2025-01-14 10:15:07 + SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page. + 详情 + + + + 602a0ebcb988c0ed7059c804a9c18b39 + CVE-2025-20055 + 2025-01-14 10:15:07 + OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute an arbitrary OS command. + 详情 + + + + 500111c2de1b2f8e1099fdab77e6da46 + CVE-2025-20016 + 2025-01-14 10:15:07 + OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation. A user with an administrative privilege who logged in to the web management page of the affected product may execute an arbitrary OS command. + 详情 + + + + 2492e820a751fb1ec6ca073f97c71b97 + CVE-2024-12919 + 2025-01-14 10:15:07 + The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site. + 详情 + + + + 7c006ad7e5240a93cba10442b66a54c8 + CVE-2025-0394 + 2025-01-14 09:15:21 + The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + 详情 + + 9066fc19f9ab09983470e5ca1bbbe50d CVE-2024-52938 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 1f3bf47ad6802bea703dc8b48f6f6386 - CVE-2025-0391 - 2025-01-11 09:15:05 - A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. - 详情 - - - - 2af6798bb8809c92340044fc9750c765 - CVE-2025-0390 - 2025-01-11 08:15:26 - A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. - 详情 - - - - 00d0a6bb17ca0fed377f526acae1885e - CVE-2024-42175 - 2025-01-11 08:15:26 - HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow. - 详情 - - - - 73384de32b34cde5b4ecd0af1d277e88 - CVE-2024-12877 - 2025-01-11 08:15:26 - The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server that makes remote code execution possible. Please note this was only partially patched in 3.19.3, a fully sufficient patch was not released until 3.19.4. However, another CVE was assigned by another CNA for version 3.19.3 so we will leave this as affecting 3.19.2 and before. We have recommended the vendor use JSON encoding to prevent any further deserialization vulnerabilities from being present. - 详情 - - - - 168ccecef81623b2353929a9ecd89415 - CVE-2024-12527 - 2025-01-11 08:15:25 - The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 855ee6de0fa1b70b8c6ac2357d3b68f4 - CVE-2024-12520 - 2025-01-11 08:15:25 - The Dominion – Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - cf5bacf4cd6f67ab826180357d7d0737 - CVE-2024-12519 - 2025-01-11 08:15:25 - The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - c450d07f808787e40f3ea50d569994d4 - CVE-2024-12412 - 2025-01-11 08:15:25 - The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘active_tab’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - d41569d00c4ba7adc687e7d15f91f2d0 - CVE-2024-12407 - 2025-01-11 08:15:25 - The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - 详情 - - - - 44a15a609969c45fa1c11af597029f00 - CVE-2024-12116 - 2025-01-11 08:15:24 - The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. - 详情 - -