9.8CVSS
9.5AI Score
0.01EPSS
SourceCodester Student Attendance Management System文件上传漏洞
SourceCodester Student Attendance Management System is an attendance management system used to maintain daily attendance records. SourceCodester Student Attendance Management System version 1.0 contains a file upload vulnerability, which is caused by the lack of validation of uploaded files by the....
9.8CVSS
3.2AI Score
0.003EPSS
Jenkins Pipeline Phoenix AutoTest Plugin 文件上传漏洞
Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.The Jenkins Pipeline Phoenix AutoTest Plugin 1.3 and earlier versions are vulnerable to a path traversal vulnerability that could be exploited by an attacker with...
6.5CVSS
4.2AI Score
0.001EPSS
Jenkins Continuous Integration with Toad Edge Plugin任意文件读取漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker with Item/Configure privileges can read arbitrary files on the...
6.5CVSS
2.7AI Score
0.001EPSS
Exploit for Code Injection in Vmware Spring Framework
CVE-2022-22965: Spring-Core-Rce EXP 特性: 漏洞探测(不写入...
-0.2AI Score
Plugin Logs Reset vulnerability discovered in WordPress WP Express Checkout (Accept PayPal Payments) plugin (versions <= 2.1.8). Solution Update the WordPress WP Express Checkout (Accept PayPal Payments) plugin to the latest available version (at least...
2.7AI Score
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
在王政代码基础上添加了,两种反弹shell,出网探测, 运行行时缺少什么模块。使用pip下载哪个模块就行了。...
10CVSS
10AI Score
0.975EPSS
Exploit for Improper Privilege Management in Linux Linux Kernel
CVE-2022-25636 netfilter内核提权 [toc] 漏洞简介 漏洞编号:...
8.4CVSS
0.6AI Score
0.001EPSS
FIDO: Here’s Another Knife to Help Murder Passwords
We all hate passwords, but none of us want to make logging into our accounts a hassle with extra time, steps and devices. That’s why the Fast Identity Online Alliance (FIDO) published a white paper (PDF) on Thursday, outlining different use cases for the adoption of their FIDO2 set of...
10CVSS
-0.2AI Score
0.976EPSS
Jenkins Extended Choice Parameter Plugin任意文件读取漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Extended Choice Parameter Plugin...
6.5CVSS
2.4AI Score
0.001EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目,该项目是基于...
10CVSS
9.9AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目,该项目是基于...
10CVSS
9.9AI Score
0.975EPSS
CVE-2022-24990...
7.5CVSS
7.8AI Score
0.96EPSS
Beijing Eastcom Technology Co., Ltd. has an arbitrary file download vulnerability in TongWeb
TongWeb is an application server of Beijing Eastcom Technology Co. Ltd. TongWeb has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive files on the...
4.7AI Score
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl...
6.1CVSS
6.6AI Score
0.002EPSS
Nacos Cross-Site Scripting Vulnerability
Nacos is a dynamic service discovery, configuration and service management platform for Alibaba (China). It supports DNS-based and RPC-based service discovery, and can provide features such as providing real-time health checks and blocking services from sending requests to unhealthy hosts or...
6.1CVSS
2.1AI Score
0.001EPSS
About the security content of iOS 15.4 and iPadOS 15.4
About the security content of iOS 15.4 and iPadOS 15.4 This document describes the security content of iOS 15.4 and iPadOS 15.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
9.8CVSS
9.5AI Score
0.005EPSS
Description (1) Checkout URL and Custom order id parameters are vulnerable to stored XSS, which are located in Shop > Settings > other settings > Advanced (2) From e-mail address and From name parameters are vulnerable to stored XSS, which are located in Shop Settings > Autorespond E-ma...
5.4CVSS
-0.1AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228 Log4j2组件命令执行RCE Code By:Jun_sheng...
10CVSS
10AI Score
0.976EPSS
Exploit for Improper Authentication in Linux Linux Kernel
CVE-2022-0492 容器逃逸分析 [toc] 漏洞简介 漏洞编号: CVE-2022-0492...
7.8CVSS
8.2AI Score
0.095EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Metabase
CVE-2021-41277...
10CVSS
8.7AI Score
0.954EPSS
1.3AI Score
0.96EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847-DirtyPipe 漏洞简介 3 月 7 日,国外的安全研究员 Max...
7.8CVSS
1AI Score
0.076EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 Dirty Pipe linux内核提权分析 [toc]...
7.8CVSS
8AI Score
0.076EPSS
Exploit for Improper Initialization in Linux Linux Kernel
gcc exploit.c -o exploit -std=c99 # ./expl...
7.8CVSS
8.1AI Score
0.076EPSS
Orders Status Change (via PayPal Standard Gateway) vulnerability discovered in WordPress WooCommerce plugin (versions <= 6.3.0). Solution Update the WordPress WooCommerce plugin to the latest available version (at least...
4.1AI Score
WooCommerce < 6.3.1 - Orders Marked as Paid (via PayPal Standard Gateway)
The PayPal Standard payment gateway (deprecated since July 2021) of the plugin could allow attackers to mark an order as paid without actually making a payment, when PDT is...
4.6AI Score
Exploit for Improper Initialization in Linux Linux Kernel
title: CVE-2022-0847(DirtyPipe本地提权)漏洞分析 date: 2022-03-08...
7.8CVSS
-0.1AI Score
0.076EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 原文地址 https://dirtypipe.cm4all.com/ 使用...
7.8CVSS
8.2AI Score
0.076EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
Spring Cloud Gateway Actuator API...
10CVSS
10AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
SpEL Spring Cloud Gateway Actuator API...
9.8AI Score
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE...
10CVSS
10AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
漏洞描述 Spring Cloud GateWay是Spring Cloud的⼀个全新项⽬,⽬标是取代Netflix...
10CVSS
10AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947-Rce_POC...
10CVSS
10AI Score
0.975EPSS
Exploit for Code Injection in Vmware Spring Cloud Gateway
CVE-2022-22947-POC 欢迎关注chaosec公众号,禁止一切违法操作...
10CVSS
0.1AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947 Spring Cloud...
10CVSS
10AI Score
0.975EPSS
AI Score
-1.1AI Score
Russia Leaks Data From a Thousand Cuts–Podcast
Information about nuclear plants and air force capabilities. Conti ransomware gang crooks conjecturing that the National Security Agency (NSA) was maybe behind the mysterious, months-long TrickBot lull. Doxxed data about 120K Russian soldiers. Those are just some of the sensitive, valuable data...
10CVSS
0.5AI Score
0.976EPSS
Install git clone https://github.com/j3ers3/Searpy pip install -r requirement.txt 配置API及账号 ./config.py python Searpy -h 2. Help baidu Engine --google Using google Engine --so Using 360so Engine --bing Using bing Engine --shodan Using shodan Engine --fofa Using fofa Engine --zoomeye Using...
7.4AI Score
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
Spring-Cloud-Gateway-CVE-2022-22947 Spring Cloud...
10CVSS
9.9AI Score
0.975EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
Spring-Cloud-Gateway-CVE-2022-22947 Spring Cloud...
10CVSS
9.9AI Score
0.975EPSS
Break into Ethical Hacking with 18 Advanced Online Courses for Just $42.99
It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-One....
-0.1AI Score
Sourcecodester Hospital Patient Records Management System本地文件包含漏洞
Sourcecodester Hospital Patient Records Management System is a web-based application that provides hospitals with an automated platform to store and manage their patient records. sourcecodester Hospital Patient Record Management System v1.0 contains a local file inclusion vulnerability that can be....
2.8AI Score
Unauthorised AJAX Calls via Freemius
The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle....
6.7AI Score
WordPress Quick Paypal Payments plugin < 5.7.22 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Quick Paypal Payments plugin (versions < 5.7.22). Solution Update the WordPress Quick Paypal Payments plugin to the latest available version (at least...
2.6AI Score
Sensitive Information Disclosure vulnerability discovered in WordPress Quick Paypal Payments plugin (versions < 5.7.22). Solution Update the WordPress Quick Paypal Payments plugin to the latest available version (at least...
3.7AI Score
WordPress Quick Paypal Payments plugin < 5.7.22 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Quick Paypal Payments plugin (versions < 5.7.22). Solution Update the WordPress Quick Paypal Payments plugin to the latest available version (at least...
2.6AI Score
Sensitive Information Disclosure vulnerability discovered in WordPress Quick Paypal Payments plugin (versions < 5.7.22). Solution Update the WordPress Quick Paypal Payments plugin to the latest available version (at least...
3.7AI Score
9.8CVSS
2AI Score
0.97EPSS