unsafe.sh - 不安全

V35HR4J/CVE-2022-1598 The plugin, used as a companion for the Discy and Himer themes, does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks
Create: 2022-05-16 23:33:48 +0800 CST Push: 2022-05-16 23:33:49 +0800 CST |

0730Nophone/CVE-2022-22947 Spring Cloud Gateway Actuator API SpEL表达式注入命令执行（CVE-2022-22947）注入哥斯拉内存马
Create: 2022-05-16 23:27:41 +0800 CST Push: 2022-05-16 23:27:42 +0800 CST |

0730Nophone/CVE-2022-22947- Spring Cloud Gateway Actuator API SpEL表达式注入命令执行（CVE-2022-22947）注入哥斯拉内存马
Create: 2022-05-16 23:27:41 +0800 CST Push: 2022-05-16 23:31:01 +0800 CST |

ratiros01/CVE-2014-8609-exploit
Create: 2022-05-16 21:24:39 +0800 CST Push: 2022-05-16 21:24:48 +0800 CST |

ratiros01/CVE-2014-8609_PoC My PoC of CVE-2014-8609
Create: 2022-05-16 21:23:13 +0800 CST Push: 2022-05-16 21:23:14 +0800 CST |

user16-et/cve-2021-21972_PoC
Create: 2022-05-16 19:57:42 +0800 CST Push: 2022-05-16 19:57:42 +0800 CST |

patrickdeanramos/CVE-2022-28598 Persistent XSS on 'Last_known_version' field (My Settings)
Create: 2022-05-16 17:49:13 +0800 CST Push: 2022-05-16 17:49:13 +0800 CST |

superzerosec/CVE-2022-30525 CVE-2022-30525 POC exploit
Create: 2022-05-16 17:15:43 +0800 CST Push: 2022-05-16 17:15:44 +0800 CST |

H3rmesk1t/CVE-2021-21315-ENV CVE-2021-21315-ENV
Create: 2022-05-16 16:30:31 +0800 CST Push: 2022-05-16 16:30:37 +0800 CST |

YGoldking/CVE-2022-30525 CVE-2022-30525（Zxyel 防火墙命令注入）的概念证明漏洞利用
Create: 2022-05-16 12:45:43 +0800 CST Push: 2022-05-16 12:45:44 +0800 CST |

Wrin9/CVE-2022-1388
Create: 2022-05-16 09:49:44 +0800 CST Push: 2022-05-16 09:49:44 +0800 CST |

lavclash75/mybb-CVE-2022-24734 MyBB 1.8.29 - Remote Code Execution
Create: 2022-05-16 03:18:32 +0800 CST Push: 2022-05-16 03:18:33 +0800 CST |

iveresk/cve-2022-1388-iveresk-command-shell Improved POC for CVE-2022-1388 that affects multiple F5 products.
Create: 2022-05-15 16:58:22 +0800 CST Push: 2022-05-15 16:58:23 +0800 CST |

Inplex-sys/CVE-2022-29464-loader A bots loader for CVE-2022-29464 with multithreading
Create: 2022-05-15 16:51:16 +0800 CST Push: 2022-05-15 16:51:17 +0800 CST |

M4fiaB0y/CVE-2022-30525
Create: 2022-05-15 14:20:06 +0800 CST Push: 2022-05-15 14:20:06 +0800 CST |

twseptian/cve-2021-38314 Unauthenticated Sensitive Information Disclosure
Create: 2022-05-15 10:10:01 +0800 CST Push: 2022-05-15 10:10:02 +0800 CST |

ahsentekdemir/CVE-2022-28346 An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Create: 2022-05-15 08:24:19 +0800 CST Push: 2022-05-15 08:24:19 +0800 CST |

PsychoSec2/CVE-2022-1388-POC An improved Proof of Concept for CVE-2022-1388 w/ Interactive Shell
Create: 2022-05-15 03:23:16 +0800 CST Push: 2022-05-15 03:23:16 +0800 CST |

LudovicPatho/CVE-2022-26923_AD-Certificate-Services In essence, the vulnerability allowed a low-privileged user to escalate privileges to domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed.
Create: 2022-05-14 17:27:06 +0800 CST Push: 2022-05-14 17:42:26 +0800 CST |

LudovicPatho/CVE-2022-26923_AD_Certificate_services In essence, the vulnerability allowed a low-privileged user to escalate privileges to domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed.
Create: 2022-05-14 17:27:06 +0800 CST Push: 2022-05-14 17:39:48 +0800 CST |