unSafe.sh - 不安全

portbuster1337/CVE-2026-20182 CVE-2026-20182 PoC - Cisco Catalyst SD-WAN Controller / Manager Authentication Bypass (CVSS 10.0)
Create: 2026-05-22 21:17:01 +0000 UTC Push: 2026-05-22 21:17:03 +0000 UTC |

ridhinva/CVE-2025-34291-Langflow-Scanner Langflow Origin Validation Error / CORS Misconfiguration Scanner
Create: 2026-05-22 20:44:28 +0000 UTC Push: 2026-05-22 20:44:31 +0000 UTC |

ridhinva/CVE-2026-1731-BeyondTrust-RCE BeyondTrust Remote Support / PRA Pre-auth RCE Scanner
Create: 2026-05-22 20:44:24 +0000 UTC Push: 2026-05-22 20:44:27 +0000 UTC |

ridhinva/CVE-2026-3854-GHE-RCE GitHub Enterprise Server Pre-auth RCE via Push Option Injection Scanner
Create: 2026-05-22 20:44:20 +0000 UTC Push: 2026-05-22 20:44:21 +0000 UTC |

ridhinva/CVE-2026-0073-ADBD-Bypass Android ADB Authentication Bypass - Wireless ADB RCE Scanner
Create: 2026-05-22 20:44:16 +0000 UTC Push: 2026-05-22 20:44:19 +0000 UTC |

ridhinva/CVE-2026-0300-PANOS-RCE PAN-OS User-ID Captive Portal Buffer Overflow RCE Scanner & Checker
Create: 2026-05-22 20:44:11 +0000 UTC Push: 2026-05-22 20:44:15 +0000 UTC |

ridhinva/CVE-2026-9082 Drupal PostgreSQL SQLi Scanner - Unauthenticated SQL Injection in Drupal Core via JSON:API (CISA KEV May 2026)
Create: 2026-05-22 19:49:06 +0000 UTC Push: 2026-05-22 19:49:07 +0000 UTC |

0xBlackash/CVE-2026-43494 CVE-2026-43494
Create: 2026-05-22 19:29:17 +0000 UTC Push: 2026-05-22 19:29:18 +0000 UTC |

BishopFox/CVE-2026-27886-check Detect whether a Strapi instance is vulnerable to CVE-2026-27886 (unauthenticated boolean-oracle exfiltration of administrator secrets).
Create: 2026-05-22 19:07:00 +0000 UTC Push: 2026-05-22 19:07:17 +0000 UTC |

F2u0a0d3/CVE-2026-42945-nginx-rift-poc PoC for CVE-2026-42945 (nginx Rift) — heap buffer overflow in ngx_http_rewrite_module. Includes detect/probe/exploit modes, dual-fixture Docker lab, empirical address discovery, OOB-verified offset sweep. Original disclosure by depthfirst.
Create: 2026-05-22 18:23:24 +0000 UTC Push: 2026-05-22 18:23:26 +0000 UTC |

Yucaerin/CVE-2026-8181 The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation
Create: 2026-05-22 17:05:11 +0000 UTC Push: 2026-05-22 17:05:12 +0000 UTC |

SpeatX/CVE-2019-8942-WordPress-RCE Python exploit toolkit for WordPress Crop Image RCE — CVE-2019-8942 & CVE-2019-8943
Create: 2026-05-22 16:36:35 +0000 UTC Push: 2026-05-23 22:59:47 +0000 UTC |

SpeatX/WordPress-RCE-CVE-2019-8942 Python exploit toolkit for WordPress Crop Image RCE — CVE-2019-8942 & CVE-2019-8943
Create: 2026-05-22 16:36:35 +0000 UTC Push: 2026-05-23 22:59:47 +0000 UTC |

x48ps/CVE-2026-8181 This vulnerability allows unauthenticated attackers who know a valid administrator username to impersonate that admin during REST API requests by using any incorrect password in a Basic Authentication header. Attackers could abuse this flaw to create a new administrator account without prior authentication.
Create: 2026-05-22 16:12:48 +0000 UTC Push: 2026-05-22 16:12:49 +0000 UTC |

Pumila03/CVE-2026-6009
Create: 2026-05-22 15:43:22 +0000 UTC Push: 2026-05-23 21:08:41 +0000 UTC |

NullByte8080/CVE-2026-36226
Create: 2026-05-22 14:18:27 +0000 UTC Push: 2026-05-22 14:18:37 +0000 UTC |

NullByte8080/CVE-2026-36228
Create: 2026-05-22 13:46:12 +0000 UTC Push: 2026-05-22 13:46:13 +0000 UTC |

NullByte8080/CVE-2026-36227
Create: 2026-05-22 13:36:01 +0000 UTC Push: 2026-05-22 13:36:01 +0000 UTC |

ahmedFarhat80/CVE-2025-0680-Exploit CVE-2025-0680 Exploit — New Rock Technologies MX8G/OM500/NRP1302 Cloud RPC OS Command Injection (CWE-78) | CVSS 9.8 CRITICAL | Pre-Auth RCE → Root User Injection
Create: 2026-05-22 13:18:56 +0000 UTC Push: 2026-05-22 13:18:57 +0000 UTC |

GraoMelo/CVE-2026-AES-Wrap-PAD-PoC Heap Buffer Overflow in AES Wrap with Padding (OpenSSL 4.0.0) — CVE-2026 draft PoC
Create: 2026-05-22 12:50:22 +0000 UTC Push: 2026-05-22 12:50:23 +0000 UTC |