unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
thecodeb0ss/Advanced-CVE-2026-53753
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore.
Create: 2026-07-03 02:17:54 +0000 UTC Push: 2026-07-03 02:17:55 +0000 UTC |
qwqqaqqwq00/opensource_defect_repare_cc
Redis 7.0.0 核心模块重构与漏洞修复交付(重构 sds/adlist/intset/listpack,相似度≤20%;修复 CVE-2023-25155/28856、CVE-2024-31449、CVE-2022-36021、CVE-2022-31144 等漏洞)
Create: 2026-07-03 00:55:25 +0000 UTC Push: 2026-07-03 00:55:25 +0000 UTC |
qwqqaqqwq00/opensource_defect_repair_cc
Redis 7.0.0 核心模块重构与漏洞修复交付(重构 sds/adlist/intset/listpack,相似度≤20%;修复 CVE-2023-25155/28856、CVE-2024-31449、CVE-2022-36021、CVE-2022-31144 等漏洞)
Create: 2026-07-03 00:54:46 +0000 UTC Push: 2026-07-03 00:54:46 +0000 UTC |
BastianXploited/CVE-2026-0740-mass
Create: 2026-07-02 23:18:38 +0000 UTC Push: 2026-07-02 23:18:54 +0000 UTC |
thecodeb0ss/CVE-2026-56782
Gorse < 0.5.10 contains an authentication bypass caused by empty admin_api_key in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty admin_api_key configuration.
Create: 2026-07-02 23:12:44 +0000 UTC Push: 2026-07-02 23:12:45 +0000 UTC |
MichaelAdamGroberman/CVE-2026-54477
CVE-2026-54477: Admin Panel Missing Security Headers (clickjacking/XSS) - Gardyn (ICSA-26-183-03)
Create: 2026-07-02 20:18:29 +0000 UTC Push: 2026-07-02 20:18:32 +0000 UTC |
MichaelAdamGroberman/CVE-2026-55726
CVE-2026-55726: Publicly Listable Azure Blob Storage Container (device logs) - Gardyn (ICSA-26-183-03)
Create: 2026-07-02 20:18:26 +0000 UTC Push: 2026-07-02 20:18:29 +0000 UTC |
teteco/CVE-2026-52217-VTEX-Checkout-CrossTenant-IDOR
The VTEX Checkout Service exposes OrderForm data through the endpoints `/api/checkout/pub/orderForm/{orderFormId}` and `/attachments/*`. These endpoints do not validate the tenant (store account) of the authenticated session against the ownership of the requested OrderForm.
Create: 2026-07-02 20:06:01 +0000 UTC Push: 2026-07-02 20:06:01 +0000 UTC |
MichaelAdamGroberman/CVE-2026-13768
CVE-2026-13768: Privileged iothubowner IoT Hub credential — fleet enumeration, device RCE, home-network pivot — Gardyn (ICSA-26-183-03)
Create: 2026-07-02 19:38:56 +0000 UTC Push: 2026-07-02 20:18:15 +0000 UTC |
Mkps/CVE-2026-38751-OpenSTAManager-Arbitrary-File-Upload-PoC
This repository contains a proof-of-concept (PoC) exploit for CVE-2026-38751, affecting OpenSTAManager ≤ 2.10. The vulnerability allows an authenticated attacker to upload a malicious module via the module update functionality, leading to arbitrary file upload and remote code execution (RCE).
Create: 2026-07-02 19:29:00 +0000 UTC Push: 2026-07-02 19:29:00 +0000 UTC |
K3ysTr0K3R/CVE-2025-57819
Create: 2026-07-02 19:07:36 +0000 UTC Push: 2026-07-02 19:07:37 +0000 UTC |
J4ck3LSyN-Gen2/CVE-2026-48558
SimpleHelp OIDC Authentication Bypass PoC
Create: 2026-07-02 16:11:50 +0000 UTC Push: 2026-07-02 16:12:20 +0000 UTC |
sentinel-aidefense/CVE-2025-5777
Create: 2026-07-02 13:04:30 +0000 UTC Push: 2026-07-02 13:04:31 +0000 UTC |
vrtlbob/Linux-Kernel-Vulnerabilities-CVE-2026-23111
High Severity LPE vulnerability in Linux Kernel, with a CVS score of 7.8. An inverted check from user enables a process inside the container to break out of the sandbox along with full root privileges on user PC. I have been investigating about this vulnerability and has a lightweight script that runs in the terminal to check if you are vulnerable.
Create: 2026-07-02 09:54:54 +0000 UTC Push: 2026-07-02 09:54:55 +0000 UTC |
c0gnit00/CVE-2026-33017
Python POC, Exploit for CVE-2026-33017
Create: 2026-07-02 09:47:58 +0000 UTC Push: 2026-07-02 09:47:59 +0000 UTC |
FzRsLLaSheR/CVE-2026-12166_CVE-2026-12167_CVE-2026-12168
Create: 2026-07-02 08:33:35 +0000 UTC Push: 2026-07-02 08:33:36 +0000 UTC |
vinhluongptit/React2Shell-Next.js-RCE-POC-CVE-2025-55182-
Create: 2026-07-02 08:03:44 +0000 UTC Push: 2026-07-02 08:03:45 +0000 UTC |
Hunt-Benito/llama-factory-webui-rce-cve-2026-58116-trust-remote-code-model-path-injection
Create: 2026-07-02 07:06:16 +0000 UTC Push: 2026-07-02 07:06:17 +0000 UTC |
Wh4l3X/CVE-2026-XXXX-atlassian-email-enumeration
CVE-2026-XXXX: Atlassian GraphQL Email Enumeration Oracle (CWE-204, CVSS 5.3 MEDIUM)
Create: 2026-07-02 06:31:59 +0000 UTC Push: 2026-07-02 06:32:02 +0000 UTC |
Wh4l3X/CVE-2026-XXXX-atlassian-graphql-gateway-auth-bypass
CVE-2026-XXXX: Atlassian Central GraphQL Gateway Authentication Bypass (CVSS 9.8) — CNA submission
Create: 2026-07-02 06:25:29 +0000 UTC Push: 2026-07-02 06:25:40 +0000 UTC |
Previous
-124
-123
-122
-121
-120
-119
-118
-117
Next