CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

WordPress TempTool [Show Current Template Info] plugin <= 1.3.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MD ISMAIL in WordPress Plugin TempTool Show Current Template Info versions = 1.3.1...

WordPress TempTool [Show Current Template Info] plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Denver Jackson in WordPress Plugin TempTool Show Current Template Info versions = 1.3.1...

CVE-2023-2085

The CVE-2023-2085 entry concerns the WordPress plugin Essential Blocks (versions up to and including 4.0.6). The vulnerability arises from a missing capability check in the templates function, enabling unauthorized information exposure to subscriber-level users. Although a nonce check exists, it ...

Maccms V8 后台Getshell #2（绕过过滤）

简要描述： 现在 V8版本 基本全部文件都有zend加密了。 而且还有360safe3.php保护 刚开始以为没搞头的，结果有个妹子发来微信。 妹子：在干嘛？ 我：挖洞 妹子：一个人挖？ 我：对啊！ 妹子：我过去陪你一起挖吧！ 我马上关机。擦，想跟老子抢乌云币？果断一个人作死开挖 详细说明： 注意下，这里@农村教师 WooYun: 苹果CMS全版本getshell打包第一弹 之前提交过类似的后台getshell，但是修补了。。。 不废话，直接可耻的绕过它 1. 目录浏览 maccms后台有个接口，但是限制了，只能访问目录template里的文件...