unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
CerberusMrXi/CVE-2026-48909-Joomla-SP-Exploit
CVE-2026-48909 - Unauthenticated PHP Object Injection to RCE exploit for Joomla SP LMS extension versions <= 4.1.3. Exploits lmsOrders cookie deserialization to write webshell via Joomla FormattedtextLogger gadget chain. Includes interactive shell, path discovery, and cleanup. For authorized security testing only.
Create: 2026-07-15 20:27:48 +0000 UTC Push: 2026-07-15 20:27:49 +0000 UTC |
Kanak-CypherX/cve-2024-4577-lab
Create: 2026-07-15 20:23:23 +0000 UTC Push: 2026-07-15 20:23:24 +0000 UTC |
shinthink/CVE-2026-3891
Pix for WooCommerce Unauthenticated File Upload RCE via certificate_crt_path Parameter | CVSS 9.8
Create: 2026-07-15 19:24:19 +0000 UTC Push: 2026-07-15 19:24:23 +0000 UTC |
shinthink/CVE-2026-13001
Podlove Podcast Publisher Unauthenticated File Upload RCE via is_image() vs extract_file_extension() Mismatch | CVSS 9.8
Create: 2026-07-15 19:16:28 +0000 UTC Push: 2026-07-15 19:16:32 +0000 UTC |
oscerd/CVE-2026-46591
Reproducer for CVE-2026-46591: Apache Camel camel-neo4j Cypher injection via property names in CamelNeo4jMatchProperties, enabling authorization bypass / cross-label data exfiltration (fixed in 4.14.8/4.18.3/4.21.0)
Create: 2026-07-15 19:13:53 +0000 UTC Push: 2026-07-15 19:13:56 +0000 UTC |
Ch4120N/CVE-2026-58138
Create: 2026-07-15 19:07:52 +0000 UTC Push: 2026-07-15 19:07:53 +0000 UTC |
m4sh-wacker/CVE-2026-3891-Pix-for-WooCommerce-Plugin-Exploit
PoC for CVE-2026-3891 — Unauthenticated Arbitrary File Upload leading to Remote Code Execution in Pix for WooCommerce <= 1.5.0
Create: 2026-07-15 19:06:14 +0000 UTC Push: 2026-07-15 19:06:15 +0000 UTC |
shinthink/CVE-2025-32044
CVE-2025-32044 — Moodle 4.5.0-4.5.2 Unauthenticated REST API User Data Exposure via Stack Trace Args Leak | CVSS 7.5 | Mass exploit with token acquisition
Create: 2026-07-15 18:54:08 +0000 UTC Push: 2026-07-15 18:54:12 +0000 UTC |
FzRsLLaSheR/CVE-2026-14960-CVE-2026-14961
Create: 2026-07-15 18:19:51 +0000 UTC Push: 2026-07-15 18:19:52 +0000 UTC |
WhatsWrongAndWhy/CVE-2016-9793
Create: 2026-07-15 17:17:47 +0000 UTC Push: 2026-07-15 17:18:24 +0000 UTC |
WhatsWrongAndWhy/CVE-2016-8655
Create: 2026-07-15 17:15:32 +0000 UTC Push: 2026-07-15 17:15:50 +0000 UTC |
WhatsWrongAndWhy/CVE-2015-8550
Create: 2026-07-15 17:06:00 +0000 UTC Push: 2026-07-15 17:06:01 +0000 UTC |
WhatsWrongAndWhy/CVE-2015-1328
Create: 2026-07-15 17:00:54 +0000 UTC Push: 2026-07-15 17:00:55 +0000 UTC |
0xBlackash/CVE-2026-15409
CVE-2026-15409
Create: 2026-07-15 16:51:53 +0000 UTC Push: 2026-07-15 16:51:55 +0000 UTC |
remmons-r7/rapid7-CVE-2026-15409
This repo contains a proof-of-concept exploit for CVE-2026-15409. It establishes non-root remote code execution on SonicWall SMA by implementing the Erlang protocol expected by localhost:1050 and tunneling it through the websocket.
Create: 2026-07-15 15:37:11 +0000 UTC Push: 2026-07-15 15:37:13 +0000 UTC |
seqra/cve-2026-58138
Create: 2026-07-15 15:07:29 +0000 UTC Push: 2026-07-15 16:05:24 +0000 UTC |
lamaper/CVE-2026-52199
Create: 2026-07-15 14:15:27 +0000 UTC Push: 2026-07-15 14:15:29 +0000 UTC |
oscerd/CVE-2026-46590
Reproducer for CVE-2026-46590: Apache Camel camel-pqc key-lifecycle unsafe deserialization (FileBasedKeyLifecycleManager legacy .key migration via ObjectInputStream), incomplete remediation of CVE-2026-40048 (fixed in 4.18.3/4.21.0)
Create: 2026-07-15 13:15:04 +0000 UTC Push: 2026-07-15 13:15:08 +0000 UTC |
h4mr3r/CVE-2024-5082
Sonatype Nexus 2 - Authorized RCE POC
Create: 2026-07-15 12:57:00 +0000 UTC Push: 2026-07-15 12:57:00 +0000 UTC |
DavidCarliez/CVE-2026-58635-PoC
Proof of concept for CVE-2026-58635
Create: 2026-07-15 12:53:34 +0000 UTC Push: 2026-07-15 12:53:37 +0000 UTC |
Previous
6
7
8
9
10
11
12
13
Next