Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Feb 3, 2025
1 parent 72dd20d commit 69bc30b
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 58 deletions.
6 changes: 6 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,3 +182,9 @@ dabc489905525806d5130ff9640a316d
e77ac8470b1b8ea2025a31114f1ccfd2
a6ca3cad619678664faa7cbc54672f47
171da57750fb9bbcce79d0fce975ec20
6034169f482e4f5d2ef9a36102206bcd
7bee53e39e912da0bcb1380ee01b53cf
7f610d7869d6b8da8fa51685c64ce69b
b86647725a5a923481f1125b1144a7c0
33a8f909e48b2d6d1695c1b2a41384e4
6e36e27e4ce7d27ddc87e41630bb0305
Binary file modified data/cves.db
View file
Binary file not shown.
116 changes: 58 additions & 58 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2025-02-02 09:21:12 -->
<!-- RELEASE TIME : 2025-02-03 09:25:45 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,54 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>6034169f482e4f5d2ef9a36102206bcd</td>
<td>CVE-2025-0974</td>
<td>2025-02-03 02:15:26 <img src="imgs/new.gif" /></td>
<td>A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0974">详情</a></td>
</tr>

<tr>
<td>7bee53e39e912da0bcb1380ee01b53cf</td>
<td>CVE-2025-0973</td>
<td>2025-02-03 01:15:07 <img src="imgs/new.gif" /></td>
<td>A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0973">详情</a></td>
</tr>

<tr>
<td>7f610d7869d6b8da8fa51685c64ce69b</td>
<td>CVE-2025-0972</td>
<td>2025-02-03 00:15:28 <img src="imgs/new.gif" /></td>
<td>A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0972">详情</a></td>
</tr>

<tr>
<td>b86647725a5a923481f1125b1144a7c0</td>
<td>CVE-2025-0971</td>
<td>2025-02-03 00:15:27 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0971">详情</a></td>
</tr>

<tr>
<td>33a8f909e48b2d6d1695c1b2a41384e4</td>
<td>CVE-2025-0970</td>
<td>2025-02-02 23:15:19 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Account/Login. The manipulation of the argument ReturnUrl leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0970">详情</a></td>
</tr>

<tr>
<td>6e36e27e4ce7d27ddc87e41630bb0305</td>
<td>CVE-2025-0967</td>
<td>2025-02-02 16:15:27 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/add_chatroom.php. The manipulation of the argument chatname/chatpass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0967">详情</a></td>
</tr>

<tr>
<td>c4dc100bb2b202907fae148f0cbca561</td>
<td>CVE-2024-0131</td>
Expand All @@ -294,71 +342,71 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>dabc489905525806d5130ff9640a316d</td>
<td>CVE-2025-0961</td>
<td>2025-02-01 23:15:21 <img src="imgs/new.gif" /></td>
<td>2025-02-01 23:15:21</td>
<td>A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0961">详情</a></td>
</tr>

<tr>
<td>355a1a5af119f3bf8003de57b853d438</td>
<td>CVE-2025-0950</td>
<td>2025-02-01 20:15:26 <img src="imgs/new.gif" /></td>
<td>2025-02-01 20:15:26</td>
<td>A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0950">详情</a></td>
</tr>

<tr>
<td>34644832e5004ae75fee420f5b9946cc</td>
<td>CVE-2025-0949</td>
<td>2025-02-01 19:15:08 <img src="imgs/new.gif" /></td>
<td>2025-02-01 19:15:08</td>
<td>A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file partview.php. The manipulation of the argument typeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0949">详情</a></td>
</tr>

<tr>
<td>63c7b22b512480ad011b96a1990444f3</td>
<td>CVE-2025-0948</td>
<td>2025-02-01 18:15:27 <img src="imgs/new.gif" /></td>
<td>2025-02-01 18:15:27</td>
<td>A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file incview.php. The manipulation of the argument incid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0948">详情</a></td>
</tr>

<tr>
<td>9454b51162fc9fed9ce6c8d538fad45c</td>
<td>CVE-2025-0947</td>
<td>2025-02-01 17:15:08 <img src="imgs/new.gif" /></td>
<td>2025-02-01 17:15:08</td>
<td>A vulnerability, which was classified as critical, has been found in itsourcecode Tailoring Management System 1.0. Affected by this issue is some unknown functionality of the file expview.php. The manipulation of the argument expid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0947">详情</a></td>
</tr>

<tr>
<td>6d0d534cf695f4dd6c18fdcbc7040975</td>
<td>CVE-2025-0946</td>
<td>2025-02-01 16:15:27 <img src="imgs/new.gif" /></td>
<td>2025-02-01 16:15:27</td>
<td>A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file templatedelete.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0946">详情</a></td>
</tr>

<tr>
<td>e77ac8470b1b8ea2025a31114f1ccfd2</td>
<td>CVE-2025-0945</td>
<td>2025-02-01 15:15:08 <img src="imgs/new.gif" /></td>
<td>2025-02-01 15:15:08</td>
<td>A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0945">详情</a></td>
</tr>

<tr>
<td>a6ca3cad619678664faa7cbc54672f47</td>
<td>CVE-2025-0944</td>
<td>2025-02-01 13:15:23 <img src="imgs/new.gif" /></td>
<td>2025-02-01 13:15:23</td>
<td>A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0944">详情</a></td>
</tr>

<tr>
<td>171da57750fb9bbcce79d0fce975ec20</td>
<td>CVE-2024-13775</td>
<td>2025-02-01 13:15:22 <img src="imgs/new.gif" /></td>
<td>2025-02-01 13:15:22</td>
<td>The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts, and read names, emails, and capabilities of all users.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13775">详情</a></td>
</tr>
Expand Down Expand Up @@ -475,54 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47898">详情</a></td>
</tr>

<tr>
<td>5bf5669fd67015265c1d073517b47e3a</td>
<td>CVE-2024-47891</td>
<td>2025-01-31 04:15:08</td>
<td>Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47891">详情</a></td>
</tr>

<tr>
<td>6af810b036c93742e3dd9df8de5174d5</td>
<td>CVE-2024-13463</td>
<td>2025-01-31 04:15:07</td>
<td>The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13463">详情</a></td>
</tr>

<tr>
<td>369324eb6ccc8d37c02f9fc4d3b7ef66</td>
<td>CVE-2024-46974</td>
<td>2025-01-31 03:15:11</td>
<td>Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-46974">详情</a></td>
</tr>

<tr>
<td>8b0b380dae9f3b28db8a8fe16767bda6</td>
<td>CVE-2024-13817</td>
<td>2025-01-31 03:15:10</td>
<td>Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13817">详情</a></td>
</tr>

<tr>
<td>82f85f797f073500d6950d8f8e4d2ced</td>
<td>CVE-2024-13767</td>
<td>2025-01-31 03:15:10</td>
<td>The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13767">详情</a></td>
</tr>

<tr>
<td>8e4061e3c33c867ce93d04e071e1b404</td>
<td>CVE-2024-13399</td>
<td>2025-01-31 03:15:10</td>
<td>The Gosign – Posts Slider Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posts-slider-block' block in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13399">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 69bc30b

Please sign in to comment.