diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat
index 405c596ab76..671b0bf6f1c 100644
--- a/cache/RedQueen.dat
+++ b/cache/RedQueen.dat
@@ -123,3 +123,5 @@ e931320dc7e9495c3de6fe2b53cdeabf
1d16869d758290db1f57ae0b71a7c5f4
e2c92c9de042d97490c76eb5f11a8370
9b13fa8a9ec1935a32dafe94dbbf540b
+a0b64ae641fda184c64f3228fa1ef598
+816b4abadfa1f026f7458c1c011567a9
diff --git a/data/cves.db b/data/cves.db
index 75bee882c20..6a9a8716594 100644
Binary files a/data/cves.db and b/data/cves.db differ
diff --git a/docs/index.html b/docs/index.html
index 2d5627276e7..21831a216c4 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1,4 +1,4 @@
-
+
@@ -438,7 +438,7 @@ 眈眈探求 |
+ 2024-06-15 19:15:48 |
A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268724. |
详情 |
@@ -446,7 +446,7 @@ 眈眈探求 |
+ 2024-06-15 13:15:51 |
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
详情 |
@@ -454,7 +454,7 @@ 眈眈探求 |
+ 2024-06-15 12:15:49 |
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
详情 |
@@ -462,7 +462,7 @@ 眈眈探求 |
+ 2024-06-15 10:15:11 |
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
详情 |
@@ -470,7 +470,7 @@ 眈眈探求 |
+ 2024-06-15 10:15:11 |
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
详情 |
@@ -478,7 +478,7 @@ 眈眈探求 |
+ 2024-06-15 09:15:12 |
The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles. |
详情 |
@@ -486,7 +486,7 @@ 眈眈探求 |
+ 2024-06-15 09:15:12 |
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
详情 |
@@ -494,7 +494,7 @@ 眈眈探求 |
+ 2024-06-15 09:15:12 |
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
详情 |
@@ -502,7 +502,7 @@ 眈眈探求 |
+ 2024-06-15 09:15:12 |
The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
详情 |
@@ -510,7 +510,7 @@ 眈眈探求 |
+ 2024-06-15 09:15:11 |
The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. |
详情 |
@@ -518,7 +518,7 @@ 眈眈探求 |
+ 2024-06-15 09:15:11 |
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
详情 |