unSafe.sh - 不安全

ClemaX/Gitea-Forgejo-CVE-2025 Directory traversal in Gitea and Forgejo's repository‑template processing allows remote authenticated attackers to process arbitrary files on the filesystem, leading to remote code execution.
Create: 2025-12-01 02:04:06 +0000 UTC Push: 2025-12-01 03:55:06 +0000 UTC |

Kairo-one/CVE-2020-26217-XStream CVE-2020-26217 XStream反序列化的poc
Create: 2025-12-01 00:54:16 +0000 UTC Push: 2025-12-01 01:05:12 +0000 UTC |

0xcucumbersalad/CVE-2025-13796-PoC deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery
Create: 2025-12-01 00:13:18 +0000 UTC Push: 2025-12-01 00:14:36 +0000 UTC |

DotAdrien/CVE-2025-60655
Create: 2025-11-30 14:53:30 +0000 UTC Push: 2026-01-17 14:44:43 +0000 UTC |

DotAdrien/CVE-2025-60656
Create: 2025-11-30 14:52:32 +0000 UTC Push: 2026-01-17 14:46:41 +0000 UTC |

DotAdrien/CVE-2025-60654
Create: 2025-11-30 14:50:34 +0000 UTC Push: 2026-01-17 14:47:33 +0000 UTC |

ninajafli/DotCMS-CVE-2022-45782
Create: 2025-11-30 08:04:56 +0000 UTC Push: 2025-11-30 23:13:21 +0000 UTC |

Noxurge/CVE-2025-65900 DifuseHQ Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform user.
Create: 2025-11-30 02:07:06 +0000 UTC Push: 2025-12-04 00:06:01 +0000 UTC |

Noxurge/CVE-2025-65899 DifuseHQ Kalmia CMS version 0.2.0 is vulnerable to user enumeration through distinguishable error responses in the /kal-api/auth/jwt/create authentication endpoint.
Create: 2025-11-29 21:40:17 +0000 UTC Push: 2025-12-04 00:05:57 +0000 UTC |

graypixel2121/CVE-2025-57489
Create: 2025-11-29 21:27:08 +0000 UTC Push: 2025-12-03 20:50:01 +0000 UTC |

KylVGoi/cve-2019-1663
Create: 2025-11-29 17:54:45 +0000 UTC Push: 2025-12-01 14:19:00 +0000 UTC |

passtheticket/CVE-2025-9435 ADManager Plus Build < 7230 Elevation of Privilege
Create: 2025-11-29 12:52:50 +0000 UTC Push: 2025-12-25 21:07:29 +0000 UTC |

Ashwesker/Blackash-CVE-2025-2011 CVE-2025-2011
Create: 2025-11-28 21:16:17 +0000 UTC Push: 2025-11-28 21:16:17 +0000 UTC |

RyanRodrigues880/CVE-2023-26360 Exploit - CVE-2023-26360
Create: 2025-11-28 19:59:21 +0000 UTC Push: 2025-11-28 19:59:22 +0000 UTC |

Ashwesker/Blackash-CVE-2025-13315 CVE-2025-13315
Create: 2025-11-28 15:26:53 +0000 UTC Push: 2025-11-28 15:26:54 +0000 UTC |

Daeda1usUK/CVE-2025-59390- CVE-2025-59390 and ThreadLocalRandom Inverse
Create: 2025-11-28 14:33:08 +0000 UTC Push: 2025-11-28 14:33:36 +0000 UTC |

wasfyelbaz/CVE-2025-66022 FACTION versions before 1.7.1 allowed unauthenticated RCE. A missing auth check on /portal/AppStoreDashboard let attackers upload malicious extensions, which executed system commands through lifecycle hooks.
Create: 2025-11-28 12:07:38 +0000 UTC Push: 2025-11-28 12:07:38 +0000 UTC |

gui-ying233/CVE-2025-61638 CVE-2025-61638 PoC
Create: 2025-11-28 11:15:01 +0000 UTC Push: 2026-02-14 19:45:45 +0000 UTC |

MMAKINGDOM/CVE-2025-65881 Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php Due to invalid Content-Type
Create: 2025-11-28 10:50:46 +0000 UTC Push: 2025-11-28 10:50:46 +0000 UTC |

moehkass/CVE-2025-48988-Exploit-POC Exploit POC for the CVE-2025-48988 that affects Apache tomcat and causes a DOS
Create: 2025-11-28 10:35:47 +0000 UTC Push: 2025-11-28 10:35:47 +0000 UTC |