漏洞环境

CVE-2023-27524Created 3 months ago

Apache Superset Hardcoded JWT Secret Key Leads to Authentication Bypass

探索Apache Superset Hardcoded JWT Secret Key Leads to Authentication Bypass漏洞并学习如何利用它。

Auth BypassFramework

Next.js Middleware Authorization Bypass

探索Next.js Middleware Authorization Bypass漏洞并学习如何利用它。

CVE-2025-29927Created 3 months ago

CVE-2024-43441Created 4 months ago

Apache HugeGraph JWT Token Secret Hardcoding Leads to Authentication Bypass

探索Apache HugeGraph JWT Token Secret Hardcoding Leads to Authentication Bypass漏洞并学习如何利用它。

RCEAuth Bypass

Apache OFBiz Authentication Bypass Leads to RCE

探索Apache OFBiz Authentication Bypass Leads to RCE漏洞并学习如何利用它。

CVE-2024-45195Created 10 months ago

查看全部 39 个 Auth Bypass 环境

Backdoor

RCEBackdoor

PHP 8.1.0-dev User-Agentt Backdoor Remote Code Execution

探索PHP 8.1.0-dev User-Agentt Backdoor Remote Code Execution漏洞并学习如何利用它。

暂无Created 4 years ago

CMS

RCECMS

CraftCMS ConditionsController Pre-Auth Remote Code Execution

探索CraftCMS ConditionsController Pre-Auth Remote Code Execution漏洞并学习如何利用它。

CVE-2023-41892Created 3 months ago

RCECMS

CraftCMS register_argc_argv Leads to Remote Code Execution

探索CraftCMS register_argc_argv Leads to Remote Code Execution漏洞并学习如何利用它。

CVE-2024-56145Created 6 months ago

Auth BypassCMS

Joomla 4.2.7 Permission Bypass

探索Joomla 4.2.7 Permission Bypass漏洞并学习如何利用它。

CVE-2023-23752Created 2 years ago

SQL InjectionCMS

ECShop 4.x collection_list SQL Injection

探索ECShop 4.x collection_list SQL Injection漏洞并学习如何利用它。

暂无Created 4 years ago

查看全部 15 个 CMS 环境

Database

CVE-2018-10054Created 2 months ago

H2 Database Web Console Authentication Remote Code Execution

探索H2 Database Web Console Authentication Remote Code Execution漏洞并学习如何利用它。

CVE-2021-42392Created 2 months ago

H2 Database Web Console Pre-Auth JNDI Injection RCE

探索H2 Database Web Console Pre-Auth JNDI Injection RCE漏洞并学习如何利用它。

CVE-2022-23221Created 2 months ago

H2 Database Web Console Pre-Auth JDBC Attack RCE

探索H2 Database Web Console Pre-Auth JDBC Attack RCE漏洞并学习如何利用它。

SSRFDatabase

Adminer Server-side Request Forgery on Error Page of Elasticsearch and ClickHouse

探索Adminer Server-side Request Forgery on Error Page of Elasticsearch and ClickHouse漏洞并学习如何利用它。

CVE-2021-21311Created 2 years ago

查看全部 17 个 Database 环境

Deserialization

RCEDeserialization

Apache Superset Python Pickle Deserialization Leads to RCE

探索Apache Superset Python Pickle Deserialization Leads to RCE漏洞并学习如何利用它。

CVE-2023-37941Created 3 months ago

CVE-2025-24813Created 3 months ago

Tomcat Session Deserialization Remote Code Execution

探索Tomcat Session Deserialization Remote Code Execution漏洞并学习如何利用它。

RCEDeserialization

Apache HertzBeat SnakeYaml Deserialization Remote Code Execution

探索Apache HertzBeat SnakeYaml Deserialization Remote Code Execution漏洞并学习如何利用它。

CVE-2024-42323Created 4 months ago

CVE-2023-29300Created a year ago

Adobe ColdFusion XML Deserialization Leads to RCE

探索Adobe ColdFusion XML Deserialization Leads to RCE漏洞并学习如何利用它。

查看全部 35 个 Deserialization 环境

DoS

OpenSSL Infinite Loop Leads to DoS

探索OpenSSL Infinite Loop Leads to DoS漏洞并学习如何利用它。

CVE-2022-0778Created 3 years ago

Environment Injection

CGI Application Environment Variable Injection by HTTPoxy

探索CGI Application Environment Variable Injection by HTTPoxy漏洞并学习如何利用它。

CVE-2016-5385Created 3 years ago

RCEEnvironment Injection

GoAhead Web Server Environment Variables Injection and `LD_PRELOAD` Remote Code Execution

探索GoAhead Web Server Environment Variables Injection and `LD_PRELOAD` Remote Code Execution漏洞并学习如何利用它。

CVE-2021-42342Created 3 years ago

RCEEnvironment Injection

GoAhead Web Server Environment Variables Injection and `LD_PRELOAD` Remote Code Execution

探索GoAhead Web Server Environment Variables Injection and `LD_PRELOAD` Remote Code Execution漏洞并学习如何利用它。

CVE-2017-17562Created 8 years ago

Expression Injection

RCEExpression Injection

GeoServer Unauthenticated Remote Code Execution in Evaluating Property Name Expressions

探索GeoServer Unauthenticated Remote Code Execution in Evaluating Property Name Expressions漏洞并学习如何利用它。

CVE-2024-36401Created a year ago

RCEExpression Injection

Atlassian Confluence Pre-Auth Remote Code Execution via OGNL Injection

探索Atlassian Confluence Pre-Auth Remote Code Execution via OGNL Injection漏洞并学习如何利用它。

CVE-2023-22527Created a year ago

RCEExpression Injection

Atlassian Confluence Pre-Auth Remote Code Execution via OGNL Injection

探索Atlassian Confluence Pre-Auth Remote Code Execution via OGNL Injection漏洞并学习如何利用它。

CVE-2022-26134Created 3 years ago

RCEExpression InjectionFramework

Spring Cloud Function SpEL Expression Command Injection

探索Spring Cloud Function SpEL Expression Command Injection漏洞并学习如何利用它。

CVE-2022-22963Created 3 years ago

查看全部 9 个 Expression Injection 环境

File Deletion

Discuz!X <= 3.4 Arbitrary File Deletion

探索Discuz!X <= 3.4 Arbitrary File Deletion漏洞并学习如何利用它。

暂无Created 8 years ago

File Upload

File UploadMessage Queue

Apache RocketMQ NameServer Arbitrary File Write

探索Apache RocketMQ NameServer Arbitrary File Write漏洞并学习如何利用它。

CVE-2023-37582Created 5 months ago

File UploadPath Traversal

SaltStack Arbitrary File Read and Write

探索SaltStack Arbitrary File Read and Write漏洞并学习如何利用它。

CVE-2020-11652Created 5 years ago

XSSFile UploadCMS

Drupal Cross-Site Scripting by File Upload

探索Drupal Cross-Site Scripting by File Upload漏洞并学习如何利用它。

CVE-2019-6341Created 6 years ago

File UploadWebserver

WebLogic Arbitrary File Upload

探索WebLogic Arbitrary File Upload漏洞并学习如何利用它。

CVE-2018-2894Created 7 years ago

查看全部 8 个 File Upload 环境

Framework

Auth BypassFramework

Next.js Middleware Authorization Bypass

探索Next.js Middleware Authorization Bypass漏洞并学习如何利用它。

CVE-2025-29927Created 3 months ago

Path TraversalFramework

Struts2 S2-067 Upload Path Traversal

探索Struts2 S2-067 Upload Path Traversal漏洞并学习如何利用它。

CVE-2024-53677Created 5 months ago

Path TraversalFramework

Struts2 S2-066 Upload Path Traversal

探索Struts2 S2-066 Upload Path Traversal漏洞并学习如何利用它。

CVE-2023-50164Created 5 months ago

Auth BypassFramework

Spring Security Authorization Bypass in RegexRequestMatcher

探索Spring Security Authorization Bypass in RegexRequestMatcher漏洞并学习如何利用它。

CVE-2022-22978Created 3 years ago

查看全部 40 个 Framework 环境

Hard Coding

CVE-2023-27524Created 3 months ago

Apache Superset Hardcoded JWT Secret Key Leads to Authentication Bypass

探索Apache Superset Hardcoded JWT Secret Key Leads to Authentication Bypass漏洞并学习如何利用它。

CVE-2024-43441Created 4 months ago

Apache HugeGraph JWT Token Secret Hardcoding Leads to Authentication Bypass

探索Apache HugeGraph JWT Token Secret Hardcoding Leads to Authentication Bypass漏洞并学习如何利用它。

CVE-2019-20933Created 3 years ago

InfluxDB Empty JWT Secret Key Authentication Bypass

探索InfluxDB Empty JWT Secret Key Authentication Bypass漏洞并学习如何利用它。

RCEHard CodingWebserver

Apache APISIX Hardcoded API Token Leads to RCE

探索Apache APISIX Hardcoded API Token Leads to RCE漏洞并学习如何利用它。

CVE-2020-13945Created 3 years ago

查看全部 5 个 Hard Coding 环境

Info Disclosure

MinIO Cluster Mode Information Disclosure

探索MinIO Cluster Mode Information Disclosure漏洞并学习如何利用它。

CVE-2023-28432Created 2 years ago

Info Disclosure

OpenSSL Heartbleed Memory Leak Leads to Information Disclosure

探索OpenSSL Heartbleed Memory Leak Leads to Information Disclosure漏洞并学习如何利用它。

CVE-2014-0160Created 3 years ago

Info DisclosureWebserver

Jetty WEB-INF Sensitive Information Disclosure

探索Jetty WEB-INF Sensitive Information Disclosure漏洞并学习如何利用它。

CVE-2021-34429Created 4 years ago

Info DisclosureWebserver

Jetty WEB-INF Sensitive Information Disclosure

探索Jetty WEB-INF Sensitive Information Disclosure漏洞并学习如何利用它。

CVE-2021-28164Created 4 years ago

查看全部 9 个 Info Disclosure 环境

LLM

CVE-2024-1561Created 2 months ago

Gradio Arbitrary File Read

探索Gradio Arbitrary File Read漏洞并学习如何利用它。

CVE-2023-51449Created 2 months ago

Gradio File Path Traversal

探索Gradio File Path Traversal漏洞并学习如何利用它。

LLMRCE

Langflow `validate/code` API Pre-Auth Remote Code Execution

探索Langflow `validate/code` API Pre-Auth Remote Code Execution漏洞并学习如何利用它。

CVE-2025-3248Created 2 months ago

Message Queue

File UploadMessage Queue

Apache RocketMQ NameServer Arbitrary File Write

探索Apache RocketMQ NameServer Arbitrary File Write漏洞并学习如何利用它。

CVE-2023-37582Created 5 months ago

RCEMessage Queue

Apache ActiveMQ Jolokia Authenticated Remote Code Execution

探索Apache ActiveMQ Jolokia Authenticated Remote Code Execution漏洞并学习如何利用它。

CVE-2022-41678Created 2 years ago

RCEDeserializationMessage Queue

Apache ActiveMQ OpenWire Protocol Deserialization RCE

探索Apache ActiveMQ OpenWire Protocol Deserialization RCE漏洞并学习如何利用它。

CVE-2023-46604Created 2 years ago

RCEMessage Queue

Apache RocketMQ Broker Remote Command Execution

探索Apache RocketMQ Broker Remote Command Execution漏洞并学习如何利用它。

CVE-2023-33246Created 2 years ago

查看全部 7 个 Message Queue 环境

Other

DNS Domain Transfer

探索DNS Domain Transfer漏洞并学习如何利用它。

暂无Created 7 years ago

Path Traversal

CVE-2024-1561Created 2 months ago

Gradio Arbitrary File Read

探索Gradio Arbitrary File Read漏洞并学习如何利用它。

CVE-2023-51449Created 2 months ago

Gradio File Path Traversal

探索Gradio File Path Traversal漏洞并学习如何利用它。

Path Traversal

Vite Development Server Arbitrary File Read

探索Vite Development Server Arbitrary File Read漏洞并学习如何利用它。

暂无Created 3 months ago

Path Traversal

Vite Development Server Arbitrary File Read Bypass

探索Vite Development Server Arbitrary File Read Bypass漏洞并学习如何利用它。

CVE-2025-30208Created 3 months ago

查看全部 44 个 Path Traversal 环境

Privilege Escalation

V2board 1.6.1 Privilege Escalation

探索V2board 1.6.1 Privilege Escalation漏洞并学习如何利用它。

暂无Created 3 years ago

Privilege Escalation

Polkit pkexec Privilege Escalation

探索Polkit pkexec Privilege Escalation漏洞并学习如何利用它。

CVE-2021-4034Created 3 years ago

Privilege EscalationInfo Disclosure

SaltStack Information Disclosure Leads to Privilege Escalation

探索SaltStack Information Disclosure Leads to Privilege Escalation漏洞并学习如何利用它。

CVE-2020-11651Created 5 years ago

Privilege EscalationDatabase

PostgreSQL Privilege Escalation

探索PostgreSQL Privilege Escalation漏洞并学习如何利用它。

CVE-2018-1058Created 7 years ago

RCE

Unauthenticated Remote Code Execution in Erlang/OTP SSH

探索Unauthenticated Remote Code Execution in Erlang/OTP SSH漏洞并学习如何利用它。

CVE-2025-32433Created 2 months ago

LLMRCE

Langflow `validate/code` API Pre-Auth Remote Code Execution

探索Langflow `validate/code` API Pre-Auth Remote Code Execution漏洞并学习如何利用它。

CVE-2025-3248Created 2 months ago

CVE-2018-10054Created 2 months ago

H2 Database Web Console Authentication Remote Code Execution

探索H2 Database Web Console Authentication Remote Code Execution漏洞并学习如何利用它。

CVE-2021-42392Created 2 months ago

H2 Database Web Console Pre-Auth JNDI Injection RCE

探索H2 Database Web Console Pre-Auth JNDI Injection RCE漏洞并学习如何利用它。

查看全部 187 个 RCE 环境

SQL Injection

SQL InjectionRCE

Cacti graph_view.php SQL Injection Leads to RCE

探索Cacti graph_view.php SQL Injection Leads to RCE漏洞并学习如何利用它。

CVE-2023-39361Created 3 months ago

SQL Injection

ShowDoc 3.2.5 SQL Injection

探索ShowDoc 3.2.5 SQL Injection漏洞并学习如何利用它。

暂无Created a year ago

SQL Injection

MeterSphere v1.15.4 Authenticated SQL Injection

探索MeterSphere v1.15.4 Authenticated SQL Injection漏洞并学习如何利用它。

CVE-2021-45788Created a year ago

SQL Injection

CMS Made Simple (CMSMS) < 2.2.10 Unauthenticated SQL Injection

探索CMS Made Simple (CMSMS) < 2.2.10 Unauthenticated SQL Injection漏洞并学习如何利用它。

CVE-2019-9053Created a year ago

查看全部 19 个 SQL Injection 环境

SSRF

Apache CXF Aegis DataBinding Server-Side Request Forgery

探索Apache CXF Aegis DataBinding Server-Side Request Forgery漏洞并学习如何利用它。

CVE-2024-28752Created 5 days ago

SSRF

GeoServer Unauthenticated Server-Side Request Forgery

探索GeoServer Unauthenticated Server-Side Request Forgery漏洞并学习如何利用它。

CVE-2021-40822Created 5 months ago

RCESSRF

Apache OFBiz SSRF and Remote Code Execution

探索Apache OFBiz SSRF and Remote Code Execution漏洞并学习如何利用它。

CVE-2024-45507Created 10 months ago

SSRFDatabase

Adminer Server-side Request Forgery on Error Page of Elasticsearch and ClickHouse

探索Adminer Server-side Request Forgery on Error Page of Elasticsearch and ClickHouse漏洞并学习如何利用它。

CVE-2021-21311Created 2 years ago

查看全部 9 个 SSRF 环境

SSTI

RCESSTI

JeecgBoot JimuReport FreeMarker Server Side Template Injection RCE

探索JeecgBoot JimuReport FreeMarker Server Side Template Injection RCE漏洞并学习如何利用它。

CVE-2023-4450Created a year ago

SSTIRCE

Atlassian Jira Template Injection

探索Atlassian Jira Template Injection漏洞并学习如何利用它。

CVE-2019-11581Created 6 years ago

SSTIRCEFramework

Flask (Jinja2) Server-Side Template Injection

探索Flask (Jinja2) Server-Side Template Injection漏洞并学习如何利用它。

暂无Created 8 years ago

Webserver

RCEWebserver

Kubernetes Ingress-NGINX Unauthenticated Remote Code Execution

探索Kubernetes Ingress-NGINX Unauthenticated Remote Code Execution漏洞并学习如何利用它。

CVE-2025-1974Created 2 months ago

CVE-2025-24813Created 3 months ago

Tomcat Session Deserialization Remote Code Execution

探索Tomcat Session Deserialization Remote Code Execution漏洞并学习如何利用它。

Path TraversalWebserver

GlassFish 4.1.0 Arbitrary File Read

探索GlassFish 4.1.0 Arbitrary File Read漏洞并学习如何利用它。

CVE-2017-1000028Created 4 months ago