220'212

条目总数

77.5

每日新增数量 ø

125.4

每日更新数量 ø

4'513

每日提交数量 ø

60'404

覆盖产品数量

社区

自1970年以来，记录和解释安全漏洞，威胁和漏洞的第一大漏洞数据库。

VulDB Data Team just updated VDB-113601

VulDB Mod Team just queued a new entry to be reviewed

fbaggins and 2 others joined the community

VulDB CTI Team identified activities by APT actor "Dealply"

som3one and 2 others joined the community

本日漏洞

OpenSSL X.509 Certificate Verification 内存损坏

在OpenSSL 直到3.0.7 中已发现分类为致命的漏洞。受此漏洞影响的是未知功能的组件X.509 Certificate Verification。手动调试的不合法输入可导致内存损坏。阅读公告的网址是openssl.org。该漏洞被称作为CVE-2022-4203，攻击可以远程发起，没有可利用漏洞。建议对受到影响的组件升级。

威胁情报

10.00

SourceCodester Online Flight Booking Management System POST Parameter review_search.php SQL注入

7.23

KeePass XML Configuration File 弱加密

5.69

nginx 权限升级

2.86

SourceCodester Canteen Management System Add Customer createcustomer.php 跨网站脚本

2.64

SourceCodester Online Tours & Travels Management System payment_operation.php SQL注入

最近

Wicked Folders Plugin ajax_save_sort_order 跨网站请求伪造

wallabag 跨网站脚本

wallabag 跨网站请求伪造

LogicalDOC Community Edition/Enterprise Edition Document Version Comment 跨网站脚本

LogicalDOC Community Edition/Enterprise Edition Document File Name 跨网站脚本

更新

nickzren alsdb SQL注入

Bricco Authenticator Plugin DBAuthenticator.java compare SQL注入

evandro-machado Trabalho-Web2 ClienteDAO.java SQL注入

SourceCodester Online Tours & Travels Management System page-login.php SQL注入

Apache Superset REST API Get Endpoint 权限升级

CVSS当前Top

9.8

ChangingTech MegaServiSignAdapter Registry 权限升级

9.6

Schneider Electric IGSS Data Server Messages IGSSdataServer.exe 内存损坏

9.6

Schneider Electric IGSS Data Server Message IGSSdataServer.exe 内存损坏

9.6

Schneider Electric C-Bus Network Automation Controller 弱身份验证

9.6

Schneider Electric IGSS Data Server Log IGSSdataServer.exe 内存损坏

攻击价格当前Top

$10k-$25k

F5 BIG-IP iControl SOAP Format String

$10k-$25k

Google Android Car Settings App 未知漏洞

$10k-$25k

Trend Micro Apex One Header fcgiOfcDDA.exe 权限升级

$10k-$25k

Google Chrome GuestView 内存损坏

$10k-$25k

Google Chrome ServiceWorker API 权限升级

最新攻击

POC

GNU C Library sprintf 未知漏洞

POC

MobileDetect Example session_example.php initLayoutType 未知漏洞

POC

YAFNET Signature 未知漏洞

POC

FastCMS Template Management 未知漏洞

POC

dst-admin sendBroadcast 未知漏洞

最新视频

YouTube

Linksys WRT54GL upnp soap_action 拒绝服务

YouTube

Linksys WUMC710 httpd setNTP.cgi do_setNTP 权限升级

YouTube

Linksys WRT54GL httpd apply.cgi Start_EPI 内存损坏

YouTube

Linksys WRT54GL httpd apply.cgi Check_TSSI 权限升级

YouTube

Centos Panel 7 HTTP Request index.php 权限升级

Interested in the pricing of exploits?

See the underground prices here!