Elymaro/CVE
GitHub: Elymaro/CVE
个人安全漏洞研究仓库,收录已注册的 CVE 编号及对应的概念验证详情,涵盖 SQL 注入、RCE、XSS 等多种 Web 漏洞类型。
Stars: 0 | Forks: 0
# 漏洞研究
此仓库包含我已注册的 CVE 的信息和概念验证。
### 1. [EasyVirt](https://www.easyvirt.com/)
| CVE ID | 漏洞 | 产品 |
|--------------|------------------------|-----------------------|
| [CVE-2024-53354](https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53354.md)| 多个 SQL 注入 | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| [CVE-2024-53355](https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53355.md)| 访问控制失效 | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| [CVE-2024-53356](https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53356.md)| JWT 密钥弱强度 | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| [CVE-2024-53357](https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-53357.md)| 敏感数据泄露 | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| [CVE-2024-55062](https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55062.md)| 远程代码执行(未授权) | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| [CVE-2024-55063](https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55063.md)| 多个远程代码执行 | DC NetScope <= 8.7.0 |
| [CVE-2024-55064](https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-55064.md)| 多个存储型 XSS | DC NetScope <= 8.6.4 |
| [CVE-2024-57587](https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2024-57587.md)| 多个 SQL 注入(未授权) | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| [CVE-2025-28076](https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2025-28076.md)| 多个 SQL 注入 | DCScope <= 8.6.4 / Co2Scope <= 1.3.4 |
### 2. [GreaterWMS](https://github.com/GreaterWMS/GreaterWMS)
| CVE ID | 漏洞 | 产品 |
|--------------|------------------------|-----------------------|
| [CVE-2025-26201](https://github.com/Elymaro/CVE/blob/main/GreaterWMS/CVE-2025-26201.md)| 通过凭据泄露绕过认证 | GreaterWMS <= 2.1.49 |
### 3. [Wordpress](https://wordpress.org/)
| CVE ID | 漏洞 | 产品 |
|--------------|------------------------|-----------------------|
| [CVE-2025-6716](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-2608-authenticated-author-stored-cross-site-scripting)| 存储型 XSS(作者及以上) | (插件) [contest-gallery](https://wordpress.org/plugins/contest-gallery/) <= 26.0.8 |
| [CVE-2025-6717](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/b1-accounting/b1lt-for-woocommerce-2256-authenticated-subscriber-sql-injection)| SQL 注入(订阅者及以上) | (插件) [b1-accounting](https://wordpress.org/plugins/b1-accounting/) <= 2.2.56 |
| [CVE-2025-6718](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/b1-accounting/b1lt-for-woocommerce-2256-missing-authorization-to-authenticated-subscriber-arbitrary-sql-injection)| 访问控制失效 + SQL 注入(订阅者及以上) | (插件) [b1-accounting](https://wordpress.org/plugins/b1-accounting/) <= 2.2.56 |
| [CVE-2025-6719](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-2608-authenticated-author-stored-cross-site-scripting)| 存储型 XSS(管理员及以上) | (插件) [terms-descriptions](https://wordpress.org/plugins/terms-descriptions/) <= 3.4.8 |
| [CVE-2025-6722](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bitfire/bitfire-45-unauthenticated-information-exposure)| 未授权信息泄露 - WAF 配置 | (插件) [BitFire](https://wordpress.org/plugins/bitfire/) <= 4.5 |
| [CVE-2025-10055](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/time-sheets/time-sheets-213-cross-site-request-forgery)| CSRF 权限提升 | (插件) [time-sheets](https://wordpress.org/plugins/time-sheets/) <= 2.1.3 |
| [CVE-2025-10380](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/acf-views/advanced-views-display-posts-custom-fields-and-more-3719-authenticated-author-remote-code-execution-via-ssti)| SSTI(作者及以上) | (插件) [Advanced Views](https://wordpress.org/plugins/acf-views/) <= 3.7.19 |
| [CVE-2025-10383](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-upload-vote-sell-with-paypal-and-stripe-2702-authenticated-author-stored-cross-site-scripting)| 存储型 XSS(作者及以上) | (插件) [contest-gallery](https://wordpress.org/plugins/contest-gallery) <= 27.0.2 |
| [CVE-2025-10490](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/zephyr-project-manager/zephyr-project-manager-33202-authenticated-admin-stored-cross-site-scripting)| 存储型 XSS(管理员及以上) | (插件) [zephyr-project-manager](https://wordpress.org/plugins/zephyr-project-manager/) <= 3.3.202 |
| [CVE-2025-10744](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/softdiscover-db-file-manager/file-manager-code-editor-backup-by-managefy-161-unauthenticated-information-exposure)| 未授权信息泄露 - 数据库渗出 | (插件) [softdiscover-db-file-manager](https://wordpress.org/plugins/softdiscover-db-file-manager/) <= 1.6.1 |
| [CVE-2025-11254](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-upload-vote-sell-with-paypal-and-stripe-2703-unauthenticated-csv-injection)| 未授权 CSV 注入 | (插件) [contest-gallery](https://wordpress.org/plugins/contest-gallery/) <= 27.0.3 |
| [CVE-2026-52693](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-355-unauthenticated-sql-injection)| 未授权 SQL 注入 | (插件) [ecommerce-product-catalog](https://wordpress.org/plugins/ecommerce-product-catalog/) <= 3.5.6 |
| [CVE-2026-56035](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bitfire/bitfire-security-firewall-malware-scanner-bot-blocker-login-protection-503-missing-authorization)| 未授权信息泄露 - 数据库渗出 | (插件) [bitfire](https://wordpress.org/plugins/bitfire/) <= 5.0.3 |
| [CVE-2026-57756](https://patchstack.com/database/wordpress/plugin/nicen-localize-image/vulnerability/wordpress-nicen-localize-image-plugin-1-4-9-sql-injection-vulnerability?_s_id=cve)| SQL 注入(投稿者及以上) | (插件) [nicen-localize-image](https://wordpress.org/plugins/nicen-localize-image/) <= 1.4.9 |
标签:CISA项目, Web报告查看器, 情报收集, 漏洞研究, 漏洞验证程序, 防御加固