unSafe.sh - 不安全

im-nymii/CVE-2025-59528 Technical PoC for CVE-2025-59528 (Flowise < 3.0.5), demonstrating authenticated RCE through customMCP mcpServerConfig injection, with clear bilingual documentation and reproducible steps for authorized security testing.
Create: 2026-05-16 18:06:19 +0000 UTC Push: 2026-05-16 18:06:47 +0000 UTC |

vincent-vbg/CVE-2025-58434-PoC Python script to change passwords without authenticating in flowise version 3.0.5 and lower.
Create: 2026-05-16 17:25:53 +0000 UTC Push: 2026-05-16 17:25:54 +0000 UTC |

tralsesec/CVE-2023-23946
Create: 2026-05-16 17:08:07 +0000 UTC Push: 2026-05-16 17:08:07 +0000 UTC |

tralsesec/CVE-2023-20052
Create: 2026-05-16 17:00:22 +0000 UTC Push: 2026-05-16 17:00:22 +0000 UTC |

lwd3c/CVE-2026-46586
Create: 2026-05-16 16:52:24 +0000 UTC Push: 2026-05-27 15:58:19 +0000 UTC |

whosfault/CVE-2026-43284 dirty frag
Create: 2026-05-16 16:12:15 +0000 UTC Push: 2026-05-16 16:13:10 +0000 UTC |

adityasingh108/CVE-2026-31431-Metasploit-exploit Automated Metasploit post-exploitation module for CVE-2026-31431 ("Copy Fail"). Weaponizes a deterministic logic flaw in the Linux kernel AF_ALG subsystem to achieve local privilege escalation (LPE) to root by safely corrupting a setuid binary directly in the shared Page Cache (RAM) without modifying files on disk
Create: 2026-05-16 16:02:14 +0000 UTC Push: 2026-05-16 16:02:15 +0000 UTC |

minanagehsalalma/cve-2026-34473-root-cause-analysis Root cause analysis of CVE-2026-34473 on ZTE ZXHN H168N V3.5
Create: 2026-05-16 14:57:50 +0000 UTC Push: 2026-05-16 14:57:52 +0000 UTC |

minanagehsalalma/cve-2026-34473-no-login-zte-router-dos Original reporter write-up for CVE-2026-34473, a no-login ZTE router DoS triggered by a single oversized POST request.
Create: 2026-05-16 14:57:50 +0000 UTC Push: 2026-05-16 14:57:52 +0000 UTC |

minanagehsalalma/cve-2026-34473-unauthenticated-dos-zte-routers Technical breakdown of CVE-2026-34473, an unauthenticated denial of service affecting 17+ ZTE router models.
Create: 2026-05-16 14:57:50 +0000 UTC Push: 2026-05-16 15:34:15 +0000 UTC |

0xBlackash/CVE-2026-44578 CVE-2026-44578
Create: 2026-05-16 14:41:12 +0000 UTC Push: 2026-05-16 14:41:13 +0000 UTC |

VampXDH/CVE-2026-46333 CVE-2026-46333 ssh-key-sign-pwn
Create: 2026-05-16 13:45:44 +0000 UTC Push: 2026-05-16 13:45:45 +0000 UTC |

CharBay/Linux-CVE-2026-31431_Public 这个库保存了linux最新远程连接漏洞的可执行文件
Create: 2026-05-16 13:43:53 +0000 UTC Push: 2026-05-16 13:57:12 +0000 UTC |

Insaida/cve-2024-0519-rca-research CVE-2024-0519 root cause analysis — V8 TOCTOU race in GetOwnFastDataPropertyFromHeap
Create: 2026-05-16 12:43:21 +0000 UTC Push: 2026-05-16 12:43:22 +0000 UTC |

1475210817/Axis1.4-CVE-2019-0227 Apache Axis1.4 远程命令执行漏洞利用工具 - 支持随机化服务名和Webshell文件名
Create: 2026-05-16 12:37:34 +0000 UTC Push: 2026-05-16 12:38:25 +0000 UTC |

xShadow-Here/CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
Create: 2026-05-16 12:18:24 +0000 UTC Push: 2026-05-16 12:18:24 +0000 UTC |

whattheslime/CVE-2026-8181 Exploit for the CVE-2026-8181 - Burst Statistics WordPress Plugin Authentication Bypass
Create: 2026-05-16 11:06:03 +0000 UTC Push: 2026-05-16 11:06:03 +0000 UTC |

dinosn/CVE-2026-44578 CVE-2026-44578: Next.js WebSocket Upgrade SSRF — pre-auth credential theft via localhost:80. Lab + exploit + audit.
Create: 2026-05-16 10:15:20 +0000 UTC Push: 2026-05-16 10:15:23 +0000 UTC |

murrez/CVE-2026-6433 PoC for CVE-2026-6433: WordPress FlipperCode Custom CSS, JS & PHP (≤2.0.7) — unauthenticated SQLi to RCE. Python 3 stdlib; single target or bulk multi-threaded scanning. Authorized testing & research only.
Create: 2026-05-16 09:29:58 +0000 UTC Push: 2026-05-16 09:30:30 +0000 UTC |

sibersan/apache_audit_cve-2026-23918 Python toolkit to audit Apache HTTP Server against CVE-2026-23918 (HTTP/2 double-free RCE) and 4 related CVEs. Passive scanner with ALPN verification + read-only local auditor. No exploits.
Create: 2026-05-16 09:18:34 +0000 UTC Push: 2026-05-16 09:18:35 +0000 UTC |