# Vulnerability **Repository Path**: kiang70/Vulnerability ## Basic Information - **Project Name**: Vulnerability - **Description**: 此项目将不定期从棱角社区对外进行公布一些最新漏洞。 - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: main - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 13 - **Forks**: 6 - **Created**: 2021-02-22 - **Last Updated**: 2024-07-11 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # Vulnerability

来人皆是朋友去人也不留

> 本项目多数漏洞为互联网收集(多数均注明了原作者链接🔗,如有侵权请联系我们删除,谢谢),社区小伙伴进行复现。 > > 感谢项目维护者：@shihuang、@lx、@r0eXpeR > > 如有引用**请注明文章内原作者链接**，谢谢！！！ > > 免责申明：项目所发布的资料\FOFA搜索语法\POC\EXP仅用于安全研究！ * [中新金盾信息安全管理系统默认密码漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E4%B8%AD%E6%96%B0%E9%87%91%E7%9B%BE%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E9%BB%98%E8%AE%A4%E5%AF%86%E7%A0%81%E6%BC%8F%E6%B4%9E.md) * [Adminer SSRF（CVE-2021-21311）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Adminer%20SSRF%EF%BC%88CVE-2021-21311%EF%BC%89.md) * [Apache Shiro < 1.7.1 权限绕过漏洞（CVE-2020-17523）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Apache%20Shiro%20%3C%201.7.1%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-17523%EF%BC%89.md) * [Microsoft Edge浏览器 45.9.5地址栏欺骗POC](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Microsoft%20Edge%E6%B5%8F%E8%A7%88%E5%99%A8%2045.9.5%E5%9C%B0%E5%9D%80%E6%A0%8F%E6%AC%BA%E9%AA%97POC.md) * [nagios-xi-5.7.5 多个漏洞（CVE-2021-25296~99）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/nagios-xi-5.7.5%20%E5%A4%9A%E4%B8%AA%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2021-25296~99%EF%BC%89.md) * [NPM VSCode扩展中的RCE（CVE-2021-26700）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/NPM%20VSCode%E6%89%A9%E5%B1%95%E4%B8%AD%E7%9A%84RCE%EF%BC%88CVE-2021-26700%EF%BC%89.md) * [Palo Alto PAN-OS 防火墙多个漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Palo%20Alto%20PAN-OS%20%E9%98%B2%E7%81%AB%E5%A2%99%E5%A4%9A%E4%B8%AA%E6%BC%8F%E6%B4%9E.md) * [Typora 0.9.67 XSS到RCE（CVE-2020-18737）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Typora%200.9.67%20XSS%E5%88%B0RCE%EF%BC%88CVE-2020-18737%EF%BC%89.md) * [Windows Installer File Read 0day](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Windows%20Installer%20File%20Read%200day.md) * [CVE-2021-1791 Fairplay OOB Read POC](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2021-1791%20Fairplay%20OOB%20Read%20POC.md) * [D-LInk DNS320 FW v2.06B01 命令注入（CVE-2020-25506）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/D-LInk%20DNS320%20FW%20v2.06B01%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%EF%BC%88CVE-2020-25506%EF%BC%89.md) * [D-Link DSR-250 DSR-1000N 命令注入（CVE-2020-18568）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/D-Link%20DSR-250%20DSR-1000N%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%EF%BC%88CVE-2020-18568%EF%BC%89.md) * [MinIO未授权SSRF漏洞（CVE-2021-21287）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/MinIO%E6%9C%AA%E6%8E%88%E6%9D%83SSRF%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2021-21287%EF%BC%89.md) * [TP-Link TL-WR841N远程代码执行漏洞（CVE-2020-35576）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/TP-Link%20TL-WR841N%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-35576%EF%BC%89.md) * [Windows Install(WMI)越权漏洞（CVE-2020-0683)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Windows%20Install(WMI)%E8%B6%8A%E6%9D%83%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-0683%29.md) * [Apache Druid 远程代码执行漏洞（CVE-2021-25646）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Apache%20Druid%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2021-25646%EF%BC%89.md) * [Anchor CMS 0.12.7 跨站请求伪造（CVE-2020-23342）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Anchor%20CMS%200.12.7%20%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0%EF%BC%88CVE-2020-23342%EF%BC%89.md) * [Apache Kylin API未授权访问漏洞（CVE-2020-13937）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Apache%20Kylin%20API%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-13937%EF%BC%89.md) * [Apache NiFi Api 远程代码执行(RCE)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Apache%20NiFi%20Api%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(RCE).md) * [Bypass for Microsoft Exchange远程代码执行 CVE-2020-16875](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Bypass%20for%20Microsoft%20Exchange%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%20CVE-2020-16875.md) * [CISCO ASA任意文件读取漏洞 (CVE-2020-3452)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CISCO%20ASA%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20(CVE-2020-3452).md) * [CNVD-2020-24741 JunAms内容管理系统文件上传漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CNVD-2020-24741%20JunAms%E5%86%85%E5%AE%B9%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md) * [CNVD-C-2020-121325 禅道开源版文件上传漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CNVD-C-2020-121325%20%E7%A6%85%E9%81%93%E5%BC%80%E6%BA%90%E7%89%88%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md) * [CVE-2019-12384 jackson ssrf-rce(附exp脚本)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2019-12384%20jackson%20ssrf-rce(%E9%99%84exp%E8%84%9A%E6%9C%AC).md) * [CVE-2020-10148 SolarWinds Orion API 远程代码执行漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-10148%20SolarWinds%20Orion%20API%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md) * [CVE-2020-10977 Gitlab任意文件读取导致远程命令执行](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-10977%20Gitlab%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C.md) * [CVE-2020-13935 Apache Tomcat WebSocket 拒绝服务漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-13935%20Apache%20Tomcat%20WebSocket%20%E6%8B%92%E7%BB%9D%E6%9C%8D%E5%8A%A1%E6%BC%8F%E6%B4%9E.md) * [CVE-2020-13942 Apache Unomi 远程代码执行](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-13942%20Apache%20Unomi%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.md) * [CVE-2020-14815 Oracle Business Intelligence XSS](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-14815%20Oracle%20Business%20Intelligence%20XSS.md) * [CVE-2020-16846 SaltStack远程执行代码漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-16846%20SaltStack%E8%BF%9C%E7%A8%8B%E6%89%A7%E8%A1%8C%E4%BB%A3%E7%A0%81%E6%BC%8F%E6%B4%9E.md) * [CVE-2020-16898 | Windows TCP/IP远程执行代码漏洞 Exploit](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-16898%20%7C%20Windows%20TCP-IP%E8%BF%9C%E7%A8%8B%E6%89%A7%E8%A1%8C%E4%BB%A3%E7%A0%81%E6%BC%8F%E6%B4%9E%20Exploit.md) * [CVE-2020-17083 Microsoft Exchange Server 远程执行代码漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-17083%20Microsoft%20Exchange%20Server%20%E8%BF%9C%E7%A8%8B%E6%89%A7%E8%A1%8C%E4%BB%A3%E7%A0%81%E6%BC%8F%E6%B4%9E.md) * [CVE-2020-17143 Microsoft Exchange 信息泄露漏洞 PoC](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-17143%20Microsoft%20Exchange%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%20PoC.md) * [CVE-2020-17144 Exchange2010 反序列化RCE](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-17144%20Exchange2010%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96RCE.md) * [CVE-2020-17518 Apache Flink 任意文件写入](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-17518%20Apache%20Flink%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%86%99%E5%85%A5.md) * [CVE-2020-17519 Apache Flink 任意文件读取](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-17519%20Apache%20Flink%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96.md) * [CVE-2020-17532 Apache servicecomb-java-chassis Yaml 反序列化漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-17532%20Apache%20servicecomb-java-chassis%20Yaml%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md) * [CVE-2020-26238 Cron-Utils 远程代码执行(RCE)漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-26238%20Cron-Utils%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(RCE)%E6%BC%8F%E6%B4%9E.md) * [CVE-2020-26258 XStream SSRF](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-26258%20XStream%20SSRF.md) * [CVE-2020-26259 XStream 任意文件删除](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-26259%20XStream%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md) * [CVE-2020-26935 phpmyadmin后台SQL注入](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-26935%20phpmyadmin%E5%90%8E%E5%8F%B0SQL%E6%B3%A8%E5%85%A5.md) * [CVE-2020-27131 Cisco Security Manager 反序列化RCE](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-27131%20Cisco%20Security%20Manager%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96RCE.md) * [CVE-2020-27533 DedeCMS v.5.8搜索功能 "keyword"参数XSS漏洞 PoC](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-27533%20DedeCMS%20v.5.8%E6%90%9C%E7%B4%A2%E5%8A%9F%E8%83%BD%20%22keyword%22%E5%8F%82%E6%95%B0XSS%E6%BC%8F%E6%B4%9E%20PoC.md) * [CVE-2020-27986 SonarQube api 未授权访问](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-27986%20SonarQube%20api%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md) * [CVE-2020-29133 Coremail 存储型XSS](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-29133%20Coremail%20%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md) * [CVE-2020-29564 Consul Docker images 空密码登录漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-29564%20Consul%20Docker%20images%20%E7%A9%BA%E5%AF%86%E7%A0%81%E7%99%BB%E5%BD%95%E6%BC%8F%E6%B4%9E.md) * [CVE-2020-35476 OpenTSDB 2.4.0 远程代码执行](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-35476%20OpenTSDB%202.4.0%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.md) * [CVE-2020-36179〜82 Jackson-databind SSRF＆RCE](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-36179%E3%80%9C82%20Jackson-databind%20SSRF%EF%BC%86RCE.md) * [CVE-2020-6019 Valve Game Networking Sockets 安全漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-6019%20Valve%20Game%20Networking%20Sockets%20%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E.md) * [CVE-2020-6308 SAP POC](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-6308%20SAP%20POC.md) * [CVE-2020-8209 XenMobile(Citrix Endpoint Management) 目录遍历漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-8209%20XenMobile(Citrix%20Endpoint%20Management)%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md) * [CVE-2020-8255 Pulse Connect Secure通过登录消息组件实现任意文件读取](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-8255%20Pulse%20Connect%20Secure%E9%80%9A%E8%BF%87%E7%99%BB%E5%BD%95%E6%B6%88%E6%81%AF%E7%BB%84%E4%BB%B6%E5%AE%9E%E7%8E%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96.md) * [CVE-2020-8277：Node.js通过DNS请求实现拒绝服务](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020-8277%EF%BC%9ANode.js%E9%80%9A%E8%BF%87DNS%E8%AF%B7%E6%B1%82%E5%AE%9E%E7%8E%B0%E6%8B%92%E7%BB%9D%E6%9C%8D%E5%8A%A1.md) * [CVE-2020–14882 Weblogic 未经授权绕过RCE](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020%E2%80%9314882%20Weblogic%20%E6%9C%AA%E7%BB%8F%E6%8E%88%E6%9D%83%E7%BB%95%E8%BF%87RCE.md) * [CVE-2020–24723 存储XSS的故事导致管理帐户接管](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020%E2%80%9324723%20%E5%AD%98%E5%82%A8XSS%E7%9A%84%E6%95%85%E4%BA%8B%E5%AF%BC%E8%87%B4%E7%AE%A1%E7%90%86%E5%B8%90%E6%88%B7%E6%8E%A5%E7%AE%A1.md) * [CVE-2020–4280 — IBM QRadar Java反序列化分析和绕过](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2020%E2%80%934280%20%E2%80%94%20IBM%20QRadar%20Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%86%E6%9E%90%E5%92%8C%E7%BB%95%E8%BF%87.md) * [CVE-2021-3007 zend framework3 反序列化 rce](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2021-3007%20zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md) * [CloudBees Jenkins和LTS 跨站脚本漏洞 CVE-2020-2229](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CloudBees%20Jenkins%E5%92%8CLTS%20%E8%B7%A8%E7%AB%99%E8%84%9A%E6%9C%AC%E6%BC%8F%E6%B4%9E%20CVE-2020-2229.md) * [D-link DSL-2888A 未授权访问漏洞 (CVE-2020-24579)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/D-link%20DSL-2888A%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E%20(CVE-2020-24579).md) * [D-link DSL-2888A 远程代码执行漏洞 (CVE-2020-24581)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/D-link%20DSL-2888A%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20(CVE-2020-24581).md) * [DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/DNSpooq%20PoC%20-%20dnsmasq%20cache%20poisoning%20(CVE-2020-25686%2C%20CVE-2020-25684%2C%20CVE-2020-25685).md) * [Docker 容器逃逸漏洞（CVE-2020-15257）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Docker%20%E5%AE%B9%E5%99%A8%E9%80%83%E9%80%B8%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-15257%EF%BC%89.md) * [Git <= 2.29.2 Git-LFS-RCE-Exploit-CVE-2020-27955](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Git%20%3C%3D%202.29.2%20Git-LFS-RCE-Exploit-CVE-2020-27955.md) * [Git CLI远程代码执行漏洞（CVE-2020-26233）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Git%20CLI%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-26233%EF%BC%89.md) * [Git LFS 远程代码执行漏洞 CVE-2020–27955](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Git%20LFS%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2020%E2%80%9327955.md) * [IBM Maximo Asset Management XXE漏洞（CVE-2020-4463）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/IBM%20Maximo%20Asset%20Management%20XXE%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-4463%EF%BC%89.md) * [Infinite WP管理面板中的身份验证绕过和RCE（CVE-2020-28642）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Infinite%20WP%E7%AE%A1%E7%90%86%E9%9D%A2%E6%9D%BF%E4%B8%AD%E7%9A%84%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BB%95%E8%BF%87%E5%92%8CRCE%EF%BC%88CVE-2020-28642%EF%BC%89.md) * [Jackson-databind RCE（CVE-2020-35728）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Jackson-databind%20RCE%EF%BC%88CVE-2020-35728%EF%BC%89.md) * [Joomla CMS 框架 ACL 安全访问控制漏洞（CVE-2020-35616）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Joomla%20CMS%20%E6%A1%86%E6%9E%B6%20ACL%20%E5%AE%89%E5%85%A8%E8%AE%BF%E9%97%AE%E6%8E%A7%E5%88%B6%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-35616%EF%BC%89.md) * [JumpServer远程执行漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/JumpServer%E8%BF%9C%E7%A8%8B%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md) * [Laravel <= V8.4.2 Debug模式远程代码执行漏洞（CVE-2021-3129）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Laravel%20%3C%3D%20V8.4.2%20Debug%E6%A8%A1%E5%BC%8F%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2021-3129%EF%BC%89.md) * [Microsoft Windows 10 蓝屏死机漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Microsoft%20Windows%2010%20%E8%93%9D%E5%B1%8F%E6%AD%BB%E6%9C%BA%E6%BC%8F%E6%B4%9E.md) * [Microsoft Windows NTFS磁盘损坏漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Microsoft%20Windows%20NTFS%E7%A3%81%E7%9B%98%E6%8D%9F%E5%9D%8F%E6%BC%8F%E6%B4%9E.md) * [Nacos Bypass身份验证](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Nacos%20Bypass%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81.md) * [Nagios XI 5.7.X 远程代码执行](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Nagios%20XI%205.7.X%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.md) * [Nexus Repository Manager 3 XML外部实体注入(CVE-2020-29436)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Nexus%20Repository%20Manager%203%20XML%E5%A4%96%E9%83%A8%E5%AE%9E%E4%BD%93%E6%B3%A8%E5%85%A5(CVE-2020-29436).md) * [PHP图像处理组件：Intervention/image 目录遍历漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/PHP%E5%9B%BE%E5%83%8F%E5%A4%84%E7%90%86%E7%BB%84%E4%BB%B6%EF%BC%9AIntervention-image%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md) * [Packer-Fuzzer 漏扫工具 < 1.2 远程代码执行漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Packer-Fuzzer%20%E6%BC%8F%E6%89%AB%E5%B7%A5%E5%85%B7%20%3C%201.2%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md) * [Pydio 网盘系统 RCE （CVE-2020-28913）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Pydio%20%E7%BD%91%E7%9B%98%E7%B3%BB%E7%BB%9F%20RCE%20%EF%BC%88CVE-2020-28913%EF%BC%89.md) * [SAP_EEM_CVE-2020-6207 PoC](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/SAP_EEM_CVE-2020-6207%20PoC.md) * [SeaCMS SQL注入漏洞（CVE-2020-21378）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/SeaCMS%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-21378%EF%BC%89.md) * [ShowDoc 前台文件上传漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/ShowDoc%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md) * [SonicWall SSL-VPN 未授权RCE漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/SonicWall%20SSL-VPN%20%E6%9C%AA%E6%8E%88%E6%9D%83RCE%E6%BC%8F%E6%B4%9E.md) * [Struts2 s2-061 Poc (CVE-2020-17530)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Struts2%20s2-061%20Poc%20(CVE-2020-17530).md) * [TerraMaster TOS 未授权 RCE (CVE-2020-28188)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/TerraMaster%20TOS%20%E6%9C%AA%E6%8E%88%E6%9D%83%20RCE%20(CVE-2020-28188).md) * [UCMS文件上传漏洞(CVE-2020-25483)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/UCMS%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E(CVE-2020-25483).md) * [VMware vCenter 未经身份验证任意文件读取漏洞 < 6.5u1](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/VMware%20vCenter%20%E6%9C%AA%E7%BB%8F%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20%3C%206.5u1.md) * [Weblogic Server远程代码执行漏洞 (CVE-2021-2109)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Weblogic%20Server%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20(CVE-2021-2109).md) * [Webmin <=1.962 任意命令执行（CVE-2020-35606）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Webmin%20%3C%3D1.962%20%E4%BB%BB%E6%84%8F%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%EF%BC%88CVE-2020-35606%EF%BC%89.md) * [WordPress File Manager ＜ 6.9 RCE（CVE-2020-25213）PoC](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/WordPress%20File%20Manager%20%EF%BC%9C%206.9%20RCE%EF%BC%88CVE-2020-25213%EF%BC%89PoC.md) * [Zoho 任意文件上传漏洞(CVE-2020-8394)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Zoho%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E(CVE-2020-8394).md) * [Zyxel NBG2105 身份验证绕过（CVE-2021-3297）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Zyxel%20NBG2105%20%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BB%95%E8%BF%87%EF%BC%88CVE-2021-3297%EF%BC%89.md) * [Zyxel USG Series 账户硬编码漏洞（CVE-2020-29583）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Zyxel%20USG%20Series%20%E8%B4%A6%E6%88%B7%E7%A1%AC%E7%BC%96%E7%A0%81%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-29583%EF%BC%89.md) * [arpping 2.0.0 远程代码执行（RCE）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/arpping%202.0.0%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%EF%BC%88RCE%EF%BC%89.md) * [cve-2020-14882-weblogic越权绕过登录RCE批量检测](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/cve-2020-14882-weblogic%E8%B6%8A%E6%9D%83%E7%BB%95%E8%BF%87%E7%99%BB%E5%BD%95RCE%E6%89%B9%E9%87%8F%E6%A3%80%E6%B5%8B.md) * [jQuery >=1.0.3 <3.5.0 XSS (CVE-2020-11022/CVE-2020-11023)](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/jQuery%20%3E%3D1.0.3%20%3C3.5.0%20XSS%20(CVE-2020-11022-CVE-2020-11023).md) * [lanproxy 目录遍历漏洞（CVE-2020-3019）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/lanproxy%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-3019%EF%BC%89.md) * [xxl-job 执行器 RESTful API 未授权访问 RCE](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/xxl-job%20%E6%89%A7%E8%A1%8C%E5%99%A8%20RESTful%20API%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%20RCE.md) * [yycms首页搜索框 XSS漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/yycms%E9%A6%96%E9%A1%B5%E6%90%9C%E7%B4%A2%E6%A1%86%20XSS%E6%BC%8F%E6%B4%9E.md) * [三星路由器WLAN AP WEA453e 未授权RCE等多个漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E4%B8%89%E6%98%9F%E8%B7%AF%E7%94%B1%E5%99%A8WLAN%20AP%20WEA453e%20%E6%9C%AA%E6%8E%88%E6%9D%83RCE%E7%AD%89%E5%A4%9A%E4%B8%AA%E6%BC%8F%E6%B4%9E.md) * [员工管理系统(Employee Management System)1.0 身份验证绕过](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E5%91%98%E5%B7%A5%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F(Employee%20Management%20System)1.0%20%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BB%95%E8%BF%87.md) * [用友nc 6.5 文件上传 PoC](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E7%94%A8%E5%8F%8Bnc%206.5%20%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%20PoC.md) * [锐捷-EWEB网管系统RCE](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E9%94%90%E6%8D%B7-EWEB%E7%BD%91%E7%AE%A1%E7%B3%BB%E7%BB%9FRCE.md) * [Apache OfBiz 服务器端模板注入（SSTI）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Apache%20OfBiz%20%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AB%AF%E6%A8%A1%E6%9D%BF%E6%B3%A8%E5%85%A5%EF%BC%88SSTI%EF%BC%89.md) * [Apache OfBiz 远程代码执行（RCE）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Apache%20OfBiz%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%EF%BC%88RCE%EF%BC%89.md) * [Fuel CMS 1.4.1 远程代码执行](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Fuel%20CMS%201.4.1%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.md) * [OneDev 多个高危漏洞（CVE-2021-21242~51）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/OneDev%20%E5%A4%9A%E4%B8%AA%E9%AB%98%E5%8D%B1%E6%BC%8F%E6%B4%9E%20%EF%BC%88CVE-2021-21242~51%EF%BC%89.md) * [Weblogic Server远程代码执行漏洞（CVE-2020-14756）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Weblogic%20Server%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-14756%EF%BC%89.md) * [WordPress 插件SuperForms 4.9-任意文件上传到远程代码执行](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/WordPress%20%E6%8F%92%E4%BB%B6SuperForms%204.9-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E5%88%B0%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.md) * [YouPHPTube <= 10.0 and 7.8 多个漏洞 SQL注入、XSS、文件写入](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/YouPHPTube%20%3C%3D%2010.0%20and%207.8%20%E5%A4%9A%E4%B8%AA%E6%BC%8F%E6%B4%9E%20SQL%E6%B3%A8%E5%85%A5%E3%80%81XSS%E3%80%81%E6%96%87%E4%BB%B6%E5%86%99%E5%85%A5.md) * [Zen Cart 1.5.7b 任意命令执行（CVE-2021-3291）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Zen%20Cart%201.5.7b%20%E4%BB%BB%E6%84%8F%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%EF%BC%88CVE-2021-3291%EF%BC%89.md) * [若依(RuoYi)管理系统后台任意文件读取](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E8%8B%A5%E4%BE%9D(RuoYi)%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96.md) * [BloofoxCMS 0.5.2.1 存储型XSS](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/BloofoxCMS%200.5.2.1%20%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md) * [Chrome 插件 Vue.js devtools UXSS](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Chrome%20%E6%8F%92%E4%BB%B6%20Vue.js%20devtools%20UXSS.md) * [CVE-2021-3156 (Baron Samedit) Sudo 中基于堆的缓冲区溢出漏洞](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/CVE-2021-3156%20(Baron%20Samedit)%20Sudo%20%E4%B8%AD%E5%9F%BA%E4%BA%8E%E5%A0%86%E7%9A%84%E7%BC%93%E5%86%B2%E5%8C%BA%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E.md) * [IBOS酷办公系统后台命令执行](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/IBOS%E9%85%B7%E5%8A%9E%E5%85%AC%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C.md) * [Linksys WRT160NL 身份验证命令注入（CVE-2021-25310）](https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/Linksys%20WRT160NL%20%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%EF%BC%88CVE-2021-25310%EF%BC%89.md)