unSafe.sh - 不安全

Kairo-one/CVE-2020-26217-XStream CVE-2020-26217 XStream反序列化的poc
Create: 2025-12-01 00:54:16 +0000 UTC Push: 2025-12-01 01:05:12 +0000 UTC |

0xcucumbersalad/CVE-2025-13796-PoC deco-cx apps Parameter analyticsScript.ts AnalyticsScript server-side request forgery
Create: 2025-12-01 00:13:18 +0000 UTC Push: 2025-12-01 00:14:36 +0000 UTC |

ninajafli/DotCMS-CVE-2022-45782
Create: 2025-11-30 08:04:56 +0000 UTC Push: 2025-11-30 23:13:21 +0000 UTC |

Noxurge/CVE-2025-65900 DifuseHQ Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform user.
Create: 2025-11-30 02:07:06 +0000 UTC Push: 2025-12-04 00:06:01 +0000 UTC |

Noxurge/CVE-2025-65899 DifuseHQ Kalmia CMS version 0.2.0 is vulnerable to user enumeration through distinguishable error responses in the /kal-api/auth/jwt/create authentication endpoint.
Create: 2025-11-29 21:40:17 +0000 UTC Push: 2025-12-04 00:05:57 +0000 UTC |

graypixel2121/CVE-2025-57489
Create: 2025-11-29 21:27:08 +0000 UTC Push: 2025-12-03 20:50:01 +0000 UTC |

KylVGoi/cve-2019-1663
Create: 2025-11-29 17:54:45 +0000 UTC Push: 2025-12-01 14:19:00 +0000 UTC |

Ashwesker/Blackash-CVE-2025-2011 CVE-2025-2011
Create: 2025-11-28 21:16:17 +0000 UTC Push: 2025-11-28 21:16:17 +0000 UTC |

RyanRodrigues880/CVE-2023-26360 Exploit - CVE-2023-26360
Create: 2025-11-28 19:59:21 +0000 UTC Push: 2025-11-28 19:59:22 +0000 UTC |

Ashwesker/Blackash-CVE-2025-13315 CVE-2025-13315
Create: 2025-11-28 15:26:53 +0000 UTC Push: 2025-11-28 15:26:54 +0000 UTC |

Daeda1usUK/CVE-2025-59390- CVE-2025-59390 and ThreadLocalRandom Inverse
Create: 2025-11-28 14:33:08 +0000 UTC Push: 2025-11-28 14:33:36 +0000 UTC |

wasfyelbaz/CVE-2025-66022 FACTION versions before 1.7.1 allowed unauthenticated RCE. A missing auth check on /portal/AppStoreDashboard let attackers upload malicious extensions, which executed system commands through lifecycle hooks.
Create: 2025-11-28 12:07:38 +0000 UTC Push: 2025-11-28 12:07:38 +0000 UTC |

MMAKINGDOM/CVE-2025-65881 Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php Due to invalid Content-Type
Create: 2025-11-28 10:50:46 +0000 UTC Push: 2025-11-28 10:50:46 +0000 UTC |

moehkass/CVE-2025-48988-Exploit-POC Exploit POC for the CVE-2025-48988 that affects Apache tomcat and causes a DOS
Create: 2025-11-28 10:35:47 +0000 UTC Push: 2025-11-28 10:35:47 +0000 UTC |

AndrewMas99/CVE-2019-11043-Vulnerability
Create: 2025-11-28 10:20:37 +0000 UTC Push: 2025-11-28 10:21:14 +0000 UTC |

ranjithxploit/CVE-2024-25600 Modified the CVE-2024-25600
Create: 2025-11-28 08:25:06 +0000 UTC Push: 2025-11-28 08:25:06 +0000 UTC |

Nxploited/CVE-2025-39401 WordPress WPAMS Plugin <= 44.0 (17-08-2023) is vulnerable to a high priority Arbitrary File Upload
Create: 2025-11-27 23:25:15 +0000 UTC Push: 2025-11-27 23:25:16 +0000 UTC |

f3d0rq/CVE-2017-7921 CVE-2017-7921 is a critical vulnerability (CVSS score: 9.8) affecting multiple Hikvision IP camera and DVR models, first disclosed in 2017. It stems from an improper authentication flaw that allows unauthenticated remote attackers to bypass login mechanisms and gain unauthorized access to sensitive system information
Create: 2025-11-27 22:37:02 +0000 UTC Push: 2025-11-27 22:37:02 +0000 UTC |

f3d0rq/CVE-2021-43798-poc CVE-2021-43798 is a high-severity path traversal vulnerability (CVSS 3.1 score: 7.5) affecting Grafana versions 8.0.0-beta1 through 8.3.0. It allows unauthenticated attackers to read arbitrary files from the server by exploiting improper sanitization in the /public/plugins/:pluginId endpoint
Create: 2025-11-27 21:56:08 +0000 UTC Push: 2025-11-27 21:56:38 +0000 UTC |

f3d0rq/CVE-2021-43798 CVE-2021-43798 is a high-severity path traversal vulnerability (CVSS 3.1 score: 7.5) affecting Grafana versions 8.0.0-beta1 through 8.3.0. It allows unauthenticated attackers to read arbitrary files from the server by exploiting improper sanitization in the /public/plugins/:pluginId endpoint
Create: 2025-11-27 21:56:08 +0000 UTC Push: 2025-11-27 21:59:01 +0000 UTC |