Updated by Github Bot

EXP-Tools · Jun 24, 2024 · b7aacda · b7aacda
1 parent 469ddee
commit b7aacda
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -154,3 +154,13 @@ eb7fc32b39199aefc374db1acd6f1021
 416b136909a016e4948e759b17bf19a1
 1fcee9b080c8d2926478ce7a25ae4e0a
 a43499c8aab0d26ca783c9c658ca517a
+7de89a3de59e9801c17de151a145ea64
+65ee62800aa4582440e7feb97a2bee24
+c0946bb440b579fcb08a0ee8b0d398e2
+6762b4689bfde24f805b07b03370ebe9
+698e403dae8aeec3df231f60292de920
+a1a20feca6978ef75b6ef6b750f0f352
+69c8f91a14cb06c3b07573e25e0e8334
+e88b3fba55c466c08a51856bc524c897
+430683c3155dbbeaae12f8a33cafbd59
+f9241e09be7111c9a6846d83edda7001
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-06-24 12:39:01 -->
+<!-- RELEASE TIME : 2024-06-24 18:27:20 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>7de89a3de59e9801c17de151a145ea64</td>
+       <td>CVE-2024-5862</td>
+       <td>2024-06-24 13:15:12 <img src="imgs/new.gif" /></td>
+       <td>Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before 1.0.14.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5862">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>65ee62800aa4582440e7feb97a2bee24</td>
+       <td>CVE-2024-4839</td>
+       <td>2024-06-24 13:15:11 <img src="imgs/new.gif" /></td>
+       <td>A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4839">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c0946bb440b579fcb08a0ee8b0d398e2</td>
+       <td>CVE-2024-37233</td>
+       <td>2024-06-24 13:15:11 <img src="imgs/new.gif" /></td>
+       <td>Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through 3.6.4.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37233">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6762b4689bfde24f805b07b03370ebe9</td>
+       <td>CVE-2024-37231</td>
+       <td>2024-06-24 13:15:11 <img src="imgs/new.gif" /></td>
+       <td>Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37231">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>698e403dae8aeec3df231f60292de920</td>
+       <td>CVE-2024-3264</td>
+       <td>2024-06-24 13:15:11 <img src="imgs/new.gif" /></td>
+       <td>Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation.This issue affects Mia-Med Health Aplication: before 1.0.14.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3264">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a1a20feca6978ef75b6ef6b750f0f352</td>
+       <td>CVE-2024-37228</td>
+       <td>2024-06-24 13:15:10 <img src="imgs/new.gif" /></td>
+       <td>Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37228">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>69c8f91a14cb06c3b07573e25e0e8334</td>
+       <td>CVE-2024-37111</td>
+       <td>2024-06-24 13:15:10 <img src="imgs/new.gif" /></td>
+       <td>Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through 3.25.1.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37111">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>e88b3fba55c466c08a51856bc524c897</td>
+       <td>CVE-2024-37109</td>
+       <td>2024-06-24 13:15:10 <img src="imgs/new.gif" /></td>
+       <td>Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through 3.25.1.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37109">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>430683c3155dbbeaae12f8a33cafbd59</td>
+       <td>CVE-2024-37107</td>
+       <td>2024-06-24 13:15:10 <img src="imgs/new.gif" /></td>
+       <td>Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through 3.25.1.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37107">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f9241e09be7111c9a6846d83edda7001</td>
+       <td>CVE-2024-37092</td>
+       <td>2024-06-24 13:15:10 <img src="imgs/new.gif" /></td>
+       <td>Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37092">详情</a></td>
+      </tr>
+
       <tr>
        <td>cd99aee8c48e943becdaba74cec3de59</td>
        <td>CVE-2024-6269</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35772">详情</a></td>
       </tr>
 
-      <tr>
-       <td>b528fadc9d837858e20cd62eaa6da96c</td>
-       <td>CVE-2024-35771</td>
-       <td>2024-06-21 13:15:11</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35771">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d8996c9174c4ee022158e80f77e946df</td>
-       <td>CVE-2024-35770</td>
-       <td>2024-06-21 13:15:11</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35770">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>655d7c544108b0b1eea4704bca99bb72</td>
-       <td>CVE-2024-35768</td>
-       <td>2024-06-21 13:15:11</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35768">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>12ef3ac23fdfe16de53f239e99546cd0</td>
-       <td>CVE-2024-35766</td>
-       <td>2024-06-21 13:15:11</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through 3.18.13.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35766">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9d3375cb032f298108647d4802618d77</td>
-       <td>CVE-2024-35764</td>
-       <td>2024-06-21 13:15:10</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35764">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4fd816ce9e63c33f2b31b9fc26e82897</td>
-       <td>CVE-2024-35763</td>
-       <td>2024-06-21 13:15:10</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Excellent allows Stored XSS.This issue affects Excellent: from n/a through 1.2.9.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35763">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>46d95bb43f83b0511c3fc0c0fb1b67fd</td>
-       <td>CVE-2024-35762</td>
-       <td>2024-06-21 13:15:10</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cryout Creations Serious Slider allows Stored XSS.This issue affects Serious Slider: from n/a through 1.2.4.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-35762">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>309fe26991f1857c68892f8d00363c1c</td>
-       <td>CVE-2024-5756</td>
-       <td>2024-06-21 05:15:10</td>
-       <td>The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5756">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e44d93a41a3399068b81daee96ed5010</td>
-       <td>CVE-2024-5455</td>
-       <td>2024-06-21 04:15:11</td>
-       <td>The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5455">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>57bf54961c2c61017871e00cd721ee2b</td>
-       <td>CVE-2024-3961</td>
-       <td>2024-06-21 04:15:11</td>
-       <td>The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3961">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>