Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947 memshell 此脚本不完善,仅作学习用途,请勿非法使用 基于...
9.4AI Score
Exploit for Code Injection in Vmware Spring Framework
CVE-2022-22965-rexbb springboot core...
8.9AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Function
CVE-2022-22963 (spring cloud function sple rce) spring...
9.3AI Score
0.975EPSS
CVE-2023-2982 WordPress Social Login and Register (Discord,...
9.8AI Score
0.015EPSS
ESAFENET CDG - Arbitrary File Download
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax...
7AI Score
0.046EPSS
Exploit for Vulnerability in Ncast Project Ncast
cve-2024-0305exp cve-2024-0305可用的exp,如需引用请转明出处,感谢! 0x01...
7.7AI Score
0.009EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Solr
Apache-Solr-RCE_CVE-2023-50386_POC Apache Solr Backup/Restore...
7.3AI Score
0.871EPSS
Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 plugin <= 4.2.7...
8.8CVSS
8.7AI Score
0.001EPSS
Exploit for Infinite Loop in Openssl
CVE-2022-0778 The discovered vulnerability triggers an...
8.1AI Score
0.013EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 Dirty Pipe linux内核提权分析 [toc]...
8AI Score
0.076EPSS
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
7.1AI Score
Exploit for Off-by-one Error in Sudo Project Sudo
CVE-2021-3156 [toc] 漏洞简介 漏洞编号: CVE-2021-3156...
7.9AI Score
0.97EPSS
Command Injection Vulnerability in DIR-822+ V1.0.2 of AUO Electronic Equipment (Shanghai) Co.
DIR-822 is a wireless router from D-Link, a Chinese company. A command injection vulnerability exists in the AUO Electronic Devices (Shanghai) Co. DIR-822+ version V1.0.2, which stems from the SetStaticRouteSettings function failing to correctly filter constructor command special characters,...
9.8CVSS
7.7AI Score
0.001EPSS
7.3AI Score
Exploit for Deserialization of Untrusted Data in Apache Dubbo
CVE-2021-43297 漏洞描述 Dubbo Hessian-Lite...
0.4AI Score
0.008EPSS
Beijing Yisetong Technology Development Co., Ltd. is a leading data security business provider in China. An information leakage vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd, which can be exploited by attackers to...
6.6AI Score
Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 plugin <= 4.2.7...
7.1AI Score
0.001EPSS
Exploit for Path Traversal in Lanproxy Project Lanproxy
Lanproxy 目录遍历漏洞 CVE-2021-3019 漏洞描述...
7.1AI Score
0.011EPSS
Exploit for Vulnerability in Microsoft
产生原因:对比202209和202307的AFD.sys,在函数AfdNotifyRemoveIOCompletion中,202......
7AI Score
0.004EPSS
Ltd. DSL-224 is a wireless router from D-Link, a Chinese company. An authentication bypass vulnerability exists in the AUO DSL-224 version 3.0.10, which stems from an improper restriction of too many authentication attempts. An attacker could exploit the vulnerability to cause authentication...
9.8CVSS
6.9AI Score
0.001EPSS
Exploit for Use After Free in Linux Linux Kernel
fork from https://github.com/veritas501/hbp_attack_demo...
7.1AI Score
Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that's designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and...
6.5AI Score
Arbitrary File Download Vulnerability in ES File Browser of Beijing Xiaoxiong Bowang Technology Co.
ES File Explorer is a powerful and free local and network file manager. ES File Browser has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...
6.6AI Score
Logic flaw vulnerability in n5 of the Nanqiong examination system (CNVD-2023-59091)
Nanqiong Exam System n5 is a handheld learning system that realizes online practice, mode exam, exam and result inquiry in one. A logic flaw vulnerability exists in Nanqiong Exam System n5, which can be exploited by an attacker to log into the system and obtain sensitive...
6.5AI Score
7.1AI Score
IBOS OA SQL Injection Vulnerability
IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from the lack of validation of the parameter id in the component Add User Handler against externally entered SQL statements, and can be exploited by an attacker to...
7.2CVSS
8.3AI Score
0.001EPSS
Flying Spin eBook Reader Windows Client has xss Vulnerability
Fly Turn eBook Reader is a powerful tool for reading and managing eBooks. An xss vulnerability exists in the Windows client of FlyTurn eBook Reader, which can be exploited by an attacker to obtain user cookie...
6.6AI Score
Unauthorized Access Vulnerability in Esaote Electronic Document Security Management System
Yisetong Electronic Document Security Management System is an electronic document security encryption software. There is an unauthorized access vulnerability in Yisetong Electronic Document Security Management System, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27550)
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A SQL injection...
9.8CVSS
3.4AI Score
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847-DirtyPipe 漏洞简介 3 月 7 日,国外的安全研究员 Max...
1AI Score
0.076EPSS
Exploit for Improper Initialization in Linux Linux Kernel
title: CVE-2022-0847(DirtyPipe本地提权)漏洞分析 date: 2022-03-08...
-0.1AI Score
0.076EPSS
S-CMS cross-site scripting vulnerability in Zibo Shining Network Technology Co.
S-CMS is a PHP and MySQL-based content management system (CMS) from S-CMS China. A security vulnerability exists in S-CMS Government Station Building System v5.0, which can be exploited by attackers to execute cross-site scripting attack (XSS) via...
6.1CVSS
4.2AI Score
S-CMS Cross-Site Scripting Vulnerability in Zibo Shining Network Technology Co.
S-CMS is a PHP and MySQL based content management system (CMS) from Zibo Shining Network Technology Co., Ltd. in China. A security vulnerability exists in S-CMS Government Station Building System v5.0, which can be exploited by attackers to perform cross-site scripting attacks...
6.1CVSS
2.5AI Score
Delta Electronics DIAEnergie descr parameter cross-site scripting vulnerability
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...
6.1CVSS
2AI Score
Delta Electronics DIAEnergie HandlerEnergyType Parameter Name Cross-Site Scripting Vulnerability
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...
6.1CVSS
1.5AI Score
Delta Electronics DIAEnergie .NET Request.QueryString Cross-Site Scripting Vulnerability
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...
6.1CVSS
2.1AI Score
Delta Electronics DIAEnergie name parameter cross-site scripting vulnerability
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...
6.1CVSS
2.1AI Score
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
While looking for potentially malicious implants that targeted Microsoft Exchange servers, we identified a suspicious binary that had been submitted to a multiscanner service in late 2020. Analyzing the code, we determined that the previously unknown binary is an IIS module, aimed at stealing...
8.8CVSS
0.9AI Score
About the security content of macOS Monterey 12.0.1
About the security content of macOS Monterey 12.0.1 This document describes the security content of macOS Monterey 12.0.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
9.6AI Score
0.007EPSS
S-CMS Access Control Error Vulnerability
S-CMS is a PHP and MySQL-based content management system (CMS) from S-CMS, a Chinese company. S-CMS suffers from an access control error vulnerability, which originates from an unauthorized access vulnerability in CMS Enterprise Website Construction System 5.0. An attacker can use this...
9.8CVSS
4.5AI Score
About the security content of macOS Big Sur 11.6
About the security content of macOS Big Sur 11.6 This document describes the security content of macOS Big Sur 11.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...
9.1AI Score
0.01EPSS
DIAEnergie SQL Blind Injection Vulnerability (CNVD-2021-93913)
A SQL blind injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter agid before using the value as part of a...
9.8CVSS
4.8AI Score
DIAEnergie Certification Bypass Vulnerability
DIAEnergie, an industrial energy management system from Delta Electronics, is vulnerable to an authentication bypass in DIAEnergie 1.7.5 and earlier. An attacker could use this vulnerability to add a new administrative user without authentication or authorization to be able to log in and use the...
9.8CVSS
4.9AI Score
DIAEnergie weak hash algorithm vulnerability
DIAEnergie, an industrial energy management system from Delta Electronics, is vulnerable to a weak hash algorithm vulnerability in DIAEnergie 1.7.5 and earlier versions. An attacker could exploit this vulnerability to retrieve plaintext...
5.5CVSS
4AI Score
DIAEnergie SQL Blind Bet Vulnerability
A SQL blind injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter keyword before using the value as part of a SQL...
9.8CVSS
4.7AI Score
DIAEnergie SQL Blind Injection Vulnerability (CNVD-2021-93916)
A SQL blind injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter egyid before using the value as part of a...
9.8CVSS
5.2AI Score
DIAEnergie File Upload Vulnerability
DIAEnergie, an industrial energy management system from Delta Electronics, is vulnerable to a file upload vulnerability in DIAEnergie 1.7.5 and earlier versions. An attacker could exploit this vulnerability to achieve remote code...
9.8CVSS
6.7AI Score
DIAEnergie Cross-Site Request Forgery Vulnerability
DIAEnergie, an industrial energy management system from Delta Electronics, is vulnerable to cross-site request forgery in DIAEnergie 1.7.5 and earlier versions. An attacker could exploit this vulnerability to perform unauthorized...
4.3CVSS
4.8AI Score
DIAEnergie SQL Blind Injection Vulnerability (CNVD-2021-93914)
A SQL blind injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via parameter type before using the value as part of an SQL...
9.8CVSS
4.8AI Score
Plugin's Setting Update via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress 博客社交分享组件 plugin (versions <= 1.4.5). Solution Deactivate and delete. This plugin has been closed as of September 26, 2021 and is not available for download. Reason: Security...
3.9AI Score