unSafe.sh - 不安全

0xBlackash/CVE-2026-22241 CVE-2026-22241
Create: 2026-04-18 21:23:19 +0000 UTC Push: 2026-04-18 21:23:20 +0000 UTC |

cyberheartmi9/CVE-2026-4631-cockpit-RCE Cockpit: Unauthenticated Remote Code Execution via SSH Command-Line Argument Injection
Create: 2026-04-18 20:30:02 +0000 UTC Push: 2026-04-18 20:30:02 +0000 UTC |

cyberheartmi9/CVE-2026-4631-
Create: 2026-04-18 20:27:37 +0000 UTC Push: 2026-04-18 20:27:37 +0000 UTC |

Nxploited/CVE-2025-15521 The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0.
Create: 2026-04-18 19:53:47 +0000 UTC Push: 2026-04-18 19:53:47 +0000 UTC |

Nxploited/CVE-2025-15403 RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order
Create: 2026-04-18 19:47:31 +0000 UTC Push: 2026-04-18 19:47:31 +0000 UTC |

Nxploited/CVE-2026-0920- LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
Create: 2026-04-18 19:43:07 +0000 UTC Push: 2026-04-18 19:43:53 +0000 UTC |

0xgh057r3c0n/CVE-2026-4257 WordPress - Contact Form by Supsystic - Unauthenticated SSTI To Remote Code Execution
Create: 2026-04-18 19:39:37 +0000 UTC Push: 2026-04-18 19:39:38 +0000 UTC |

Nxploited/CVE-2025-6389 Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
Create: 2026-04-18 19:37:41 +0000 UTC Push: 2026-04-18 19:37:41 +0000 UTC |

Nxploited/CVE-2025-68001 WordPress g-FFL Checkout Plugin <= 2.1.0 is vulnerable to a high priority Arbitrary File Upload
Create: 2026-04-18 19:34:32 +0000 UTC Push: 2026-04-18 19:35:25 +0000 UTC |

H1sok444/CVE-2026-25232-PoC Proof of concept for the recent CVE-2026-25232 which is a priv esc vulnerability present in Gogs.
Create: 2026-04-18 18:40:54 +0000 UTC Push: 2026-04-18 18:41:14 +0000 UTC |

keraattin/CVE-2026-33032 One missing function call on the route registration was enough to turn the MCP interface into an unauthenticated RCE gateway.
Create: 2026-04-18 11:48:39 +0000 UTC Push: 2026-04-18 11:48:55 +0000 UTC |

jithinodattu/CVE-2007-4559-lab
Create: 2026-04-18 11:37:29 +0000 UTC Push: 2026-04-18 11:37:51 +0000 UTC |

KajzingerAkos/CVE-2026-25253 CVE-2026-25253: One-Click RCE in OpenClaw via Auth Token Theft
Create: 2026-04-18 11:06:37 +0000 UTC Push: 2026-04-18 11:06:37 +0000 UTC |

Nxploited/CVE-2025-53580 WordPress Simple Business Directory Pro Plugin < 15.6.9 is vulnerable to a high priority Privilege Escalation
Create: 2026-04-18 10:07:30 +0000 UTC Push: 2026-04-18 10:07:30 +0000 UTC |

jithinodattu/CVE-2023-24329-lab
Create: 2026-04-18 10:05:18 +0000 UTC Push: 2026-04-18 10:05:44 +0000 UTC |

Nxploited/CVE-2025-29009 WordPress Medical Prescription Attachment Plugin for WooCommerce Plugin <= 1.2.3 is vulnerable to a high priority Arbitrary File Upload
Create: 2026-04-18 10:04:04 +0000 UTC Push: 2026-04-18 10:04:55 +0000 UTC |

Nxploited/CVE-2025-15030 User Profile Builder < 3.15.2 - Unauthenticated Arbitrary Password Reset
Create: 2026-04-18 09:59:37 +0000 UTC Push: 2026-04-18 10:00:36 +0000 UTC |

Nxploited/CVE-2025-49901 WordPress Simple Link Directory Plugin < 14.8.1 is vulnerable to a high priority Broken Authentication
Create: 2026-04-18 09:55:58 +0000 UTC Push: 2026-04-18 09:56:21 +0000 UTC |

Nxploited/CVE-2025-13342 Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update
Create: 2026-04-18 09:49:50 +0000 UTC Push: 2026-04-18 09:49:51 +0000 UTC |

Nxploited/CVE-2025-14364 Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation
Create: 2026-04-18 09:39:12 +0000 UTC Push: 2026-04-18 09:39:12 +0000 UTC |