[webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
WP Publications WordPress插件(版本≤1.2)存在存储型XSS漏洞,因未对文件名进行转义处理。高权限用户可注入JavaScript代码,在管理面板执行恶意脚本,甚至绕过多站点环境的`unfiltered_html`保护。建议更新或禁用该插件以修复漏洞。
Aggregator
[hardware] TOTOLINK N300RB 8.54 - Command Execution
7 months 1 week ago
TOTOLINK N300RB 8.54固件中存在隐藏远程支持功能漏洞,攻击者可利用静态密钥执行任意OS命令并获取root权限。
[webapps] SugarCRM 14.0.0 - SSRF/Code Injection
7 months 1 week ago
SugarCRM 14.0.0及以下版本存在SSRF和代码注入漏洞,攻击者可通过GET参数注入恶意LESS代码,导致服务器读取任意文件或触发SSRF。
[local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
7 months 1 week ago
文章介绍了一个针对Windows 11 Pro系统的本地权限提升漏洞(CVE-2025-49744),涉及gdi32.dll和win32kfull.sys组件。提供了一个PowerShell脚本来检测系统是否易受攻击,通过检查Windows版本、已安装的热修复补丁(如KB5039302)、关键文件的时间戳以及GDI32 API交互测试来判断系统是否已打补丁。
[remote] Keras 2.15 - Remote Code Execution (RCE)
7 months 1 week ago
Keras 2.15及以下版本存在远程代码执行漏洞(CVE-2025-1550),攻击者通过恶意.keras文件利用反序列化漏洞,在加载模型时执行任意系统命令。该漏洞已修复于2025年4月更新中。
[webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
7 months 1 week ago
PivotX v3.0.0 RC3 存在存储型 XSS 漏洞,攻击者可通过未过滤的 title 和 subtitle 字段注入恶意脚本窃取管理员 cookie,并进一步实现远程代码执行(RCE)。
[webapps] Langflow 1.2.x - Remote Code Execution (RCE)
7 months 1 week ago
Langflow 1.2.x版本存在未认证远程代码执行漏洞(CVE-2025-3248),攻击者通过API端点发送恶意代码,利用exec()函数执行系统命令。
My `Blind Date` with CVE-2025-29824
7 months 1 week ago
微软修补了Windows CLFS驱动中的CVE-2025-29824漏洞,该漏洞被用于勒索软件攻击链,通过入侵Cisco ASA防火墙并利用此漏洞实现权限提升。微软通过调整资源释放逻辑修复了该漏洞。
[local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
7 months 1 week ago
微软Windows 11版本22H2中发现提权漏洞CVE-2025-49677,该漏洞允许攻击者通过利用计划任务和批处理脚本获取SYSTEM权限并执行任意命令。
[remote] Keras 2.15 - Remote Code Execution (RCE)
7 months 1 week ago
Keras 2.15 - Remote Code Execution (RCE)
[local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
7 months 1 week ago
Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
[webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
7 months 1 week ago
PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
[local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
7 months 1 week ago
Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
[hardware] TOTOLINK N300RB 8.54 - Command Execution
7 months 1 week ago
TOTOLINK N300RB 8.54 - Command Execution
[webapps] Langflow 1.2.x - Remote Code Execution (RCE)
7 months 1 week ago
Langflow 1.2.x - Remote Code Execution (RCE)
[webapps] SugarCRM 14.0.0 - SSRF/Code Injection
7 months 1 week ago
SugarCRM 14.0.0 - SSRF/Code Injection
[remote] MikroTik RouterOS 7.19.1 - Reflected XSS
7 months 1 week ago
MikroTik RouterOS 7.19.1 - Reflected XSS
[webapps] White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
7 months 1 week ago
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
[webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
7 months 1 week ago
WP Publications WordPress Plugin 1.2 - Stored XSS
[remote] NodeJS 24.x - Path Traversal
7 months 1 week ago
NodeJS 24.x - Path Traversal