一些安全研究成果

应用	编号	类型
Apache Hertzbeat	CVE-2024-45505	rce
Apache ofbiz	CVE-2024-38856	rce
dataease	CVE-2024-47074	rce
dataease	CVE-2024-52295	Authentication bypass
sofa-hessian	CVE-2024-46983	rce
FineBI	CNVD-2024-30559	rce
FineReport	CNVD-2024-30560	rce
XXL-JOB	CVE-2024-3366	rce
nginxWebUi	CVE-2024-3736	rce
nginxWebUi	CVE-2024-3737	rce
nginxWebUi	CVE-2024-3738	rce
nginxWebUi	CVE-2024-3739	rce
nginxWebUi	CVE-2024-3736-40	rce
nginx-ui	CVE-2024-49366	file writing
nginx-ui	CVE-2024-49367	file reading
nginx-ui	CVE-2024-49368	rce
aj-report	CVE-2024-5350至5356	rce，Authentication bypass,file upload

Dubbo-admin https://cn.dubbo.apache.org/zh-cn/overview/notices/admin/

…..

详细看博客文章….

2024补天白帽黑客大会speaker 【JNDI新攻击面探索】 https://forum.butian.net/share/3857