CVE-2026-39962

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...

CVE-2024-13504

The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it possible for...

vulhub2

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

蓝太平洋网站决策支持系统webeng~1.bz2配置文件下载漏洞

蓝太平洋网站决策支持系统WebEngine存在利用短文件漏洞下载明文系统配置文件可泄漏管理员明文密码等系统敏感配置信息 部分部署安装在win+apache环境下存在缺陷通过短文件漏洞实现利用。 配置文件中包涵了账号密码： poc导出的密码：...