Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed May 25, 2024
1 parent b329a2b commit 57aa89b
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,3 +107,13 @@ c519161d468261c9d83db48b2d78cdd5
d966fc4d3a469b3f98fe82495bd83a77
2f4298b754046d75b54f6c23beb4a44c
ecf581cf281a64a57445d2af72657632
e19908e78bde8095351ec3397c8ba578
f97029c4707775c7defde2099eb91a42
ac2e1220f86f66d784b17e23721509df
5abafe3b2066b9c81a1406299a25a465
affce00f8cb0eecc43fc6f0bc9cdcae5
bca3c00035cab8892fef4c830b66b541
a9cbb84d8d76f9c97465e0e95d42b197
d6ef5baf79dae8e78e6527489e3175ec
c09dfa4f0d0bce420deb0b8b2e0fc4a9
b3a14707a8ac3c74594bca178e232333
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-05-25 03:25:14 -->
<!-- RELEASE TIME : 2024-05-25 12:34:58 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>e19908e78bde8095351ec3397c8ba578</td>
<td>CVE-2024-4045</td>
<td>2024-05-25 06:15:08 <img src="imgs/new.gif" /></td>
<td>The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4045">详情</a></td>
</tr>

<tr>
<td>f97029c4707775c7defde2099eb91a42</td>
<td>CVE-2024-5218</td>
<td>2024-05-25 04:15:11 <img src="imgs/new.gif" /></td>
<td>The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5218">详情</a></td>
</tr>

<tr>
<td>ac2e1220f86f66d784b17e23721509df</td>
<td>CVE-2024-5229</td>
<td>2024-05-25 03:15:08 <img src="imgs/new.gif" /></td>
<td>The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5229">详情</a></td>
</tr>

<tr>
<td>5abafe3b2066b9c81a1406299a25a465</td>
<td>CVE-2024-4858</td>
<td>2024-05-25 03:15:08 <img src="imgs/new.gif" /></td>
<td>The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4858">详情</a></td>
</tr>

<tr>
<td>affce00f8cb0eecc43fc6f0bc9cdcae5</td>
<td>CVE-2024-5220</td>
<td>2024-05-25 02:15:41 <img src="imgs/new.gif" /></td>
<td>The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5220">详情</a></td>
</tr>

<tr>
<td>bca3c00035cab8892fef4c830b66b541</td>
<td>CVE-2024-36079</td>
<td>2024-05-24 22:15:08 <img src="imgs/new.gif" /></td>
<td>An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36079">详情</a></td>
</tr>

<tr>
<td>a9cbb84d8d76f9c97465e0e95d42b197</td>
<td>CVE-2024-35374</td>
<td>2024-05-24 21:15:59 <img src="imgs/new.gif" /></td>
<td>Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35374">详情</a></td>
</tr>

<tr>
<td>d6ef5baf79dae8e78e6527489e3175ec</td>
<td>CVE-2024-35373</td>
<td>2024-05-24 21:15:59 <img src="imgs/new.gif" /></td>
<td>Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35373">详情</a></td>
</tr>

<tr>
<td>c09dfa4f0d0bce420deb0b8b2e0fc4a9</td>
<td>CVE-2024-35232</td>
<td>2024-05-24 21:15:59 <img src="imgs/new.gif" /></td>
<td>github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35232">详情</a></td>
</tr>

<tr>
<td>b3a14707a8ac3c74594bca178e232333</td>
<td>CVE-2024-35388</td>
<td>2024-05-24 19:15:10 <img src="imgs/new.gif" /></td>
<td>TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35388">详情</a></td>
</tr>

<tr>
<td>54bab2a36410d7fcc7530eac17a4fef6</td>
<td>CVE-2024-35618</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1332">详情</a></td>
</tr>

<tr>
<td>246b67011ccbf949b51bffe9222cd19b</td>
<td>CVE-2024-5165</td>
<td>2024-05-23 10:15:10</td>
<td>In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. the last performed "search queries", resulting in a "Reflected XSS" vulnerability. However, several other inputs were persisted at the backend of Eclipse Ditto, leading to a "Stored XSS" vulnerability. Those mean that authenticated and authorized users at Eclipse Ditto can persist Things in Ditto which can - when being displayed by other users also being authorized to see those Things in the Eclipse Ditto UI - cause scripts to be executed in the browser of other users.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5165">详情</a></td>
</tr>

<tr>
<td>6d57b4eac8f6755e76a28a46fd4f4552</td>
<td>CVE-2024-4779</td>
<td>2024-05-23 10:15:09</td>
<td>The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4779">详情</a></td>
</tr>

<tr>
<td>6bcfd2bbab7992d9bcb2ce1da8f71311</td>
<td>CVE-2024-2861</td>
<td>2024-05-23 10:15:09</td>
<td>The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2861">详情</a></td>
</tr>

<tr>
<td>eb575c54d5faaa3488b12dd37087042d</td>
<td>CVE-2024-5264</td>
<td>2024-05-23 09:15:10</td>
<td>Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5264">详情</a></td>
</tr>

<tr>
<td>34ce8efa2e732247a1c8c0bb010080b5</td>
<td>CVE-2024-35223</td>
<td>2024-05-23 09:15:09</td>
<td>Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Dapr sends the app token of the invoker app instead of the app token of the invoked app. This causes of a leak of the application token of the invoker app to the invoked app when using Dapr as a gRPC proxy for remote service invocation. This vulnerability impacts Dapr users who use Dapr as a gRPC proxy for remote service invocation as well as the Dapr App API token functionality. An attacker could exploit this vulnerability to gain access to the app token of the invoker app, potentially compromising security and authentication mechanisms. This vulnerability was patched in version 1.13.3.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35223">详情</a></td>
</tr>

<tr>
<td>ff2b61015056d648e003d93e248bd310</td>
<td>CVE-2024-35186</td>
<td>2024-05-23 09:15:09</td>
<td>gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0.36.0.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35186">详情</a></td>
</tr>

<tr>
<td>089d072f5224ae5604dca8ff444565b0</td>
<td>CVE-2024-32969</td>
<td>2024-05-23 09:15:09</td>
<td>vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32969">详情</a></td>
</tr>

<tr>
<td>894d5d9161dea6df0d1bbf00cdbde0d6</td>
<td>CVE-2024-30280</td>
<td>2024-05-23 09:15:09</td>
<td>Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30280">详情</a></td>
</tr>

<tr>
<td>2ce48c355a261b41ae64d9c8d853914d</td>
<td>CVE-2024-30279</td>
<td>2024-05-23 09:15:08</td>
<td>Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30279">详情</a></td>
</tr>

<tr>
<td>0da7eddf13c3953739e9d3661472af76</td>
<td>CVE-2024-4706</td>
<td>2024-05-23 08:15:08</td>
<td>The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pintra' shortcode in all versions up to, and including, 27.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4706">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 57aa89b

Please sign in to comment.