unSafe.sh - 不安全

honney336/CVE-2025-58434_CVE-2025-59528 CVE-2025-58434 Flowise <= 3.0.5 and earlier allows account takeover via unauthenticated forgot-password token. CVE-2025-59528 lowiseAI Custom MCP Node Remote Code Execution.
Create: 2026-04-14 06:50:24 +0000 UTC Push: 2026-04-14 06:50:25 +0000 UTC |

keraattin/CVE-2026-35517 CVE-2026-35517 Pi-hole FTLDNS Remote Code Execution via Newline Injection (CVSS 8.8). Python & Nmap NSE detection scripts with full technical breakdown. A newline character in the dns.upstreams parameter gives authenticated attackers command execution on the host. Five related injection vectors all patched in FTL v6.6.
Create: 2026-04-14 06:26:12 +0000 UTC Push: 2026-04-14 06:26:13 +0000 UTC |

lukasz-rybak/CVE-2026-22692 CVE-2026-22692 - Critical Twig Sandbox Bypass via collect()->mapInto() allowing RCE/LFI/XXE in October CMS
Create: 2026-04-14 05:54:02 +0000 UTC Push: 2026-04-14 05:54:04 +0000 UTC |

cortex-e2e-gh-actions/onboarding-gta-9991961259350-4-14-2026-3-54-55-AM-CvE
Create: 2026-04-14 00:54:56 +0000 UTC Push: 2026-04-14 00:54:58 +0000 UTC |

kengzzzz/CVE-2026-40175
Create: 2026-04-14 00:15:32 +0000 UTC Push: 2026-04-14 00:15:32 +0000 UTC |

mki9/CVE-2026-39987_exploit
Create: 2026-04-13 23:34:47 +0000 UTC Push: 2026-04-13 23:35:25 +0000 UTC |

Aliyankhan-source/CVE-2023-6972-Exploit-Arbitrary-File-Deletion This repository contains a Proof of Concept (PoC) exploit for CVE-2023-6972.
Create: 2026-04-13 22:56:21 +0000 UTC Push: 2026-04-13 22:56:21 +0000 UTC |

DonVorrin/CVE-2023-29357
Create: 2026-04-13 21:54:18 +0000 UTC Push: 2026-04-13 21:54:19 +0000 UTC |

vanhari/CVE-2025-59528 CVE-2025-59528 Proof of Concept
Create: 2026-04-13 21:06:26 +0000 UTC Push: 2026-04-13 21:06:26 +0000 UTC |

eduardorossi84/CVE-2026-34621-POC Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user.
Create: 2026-04-13 19:23:59 +0000 UTC Push: 2026-04-13 19:24:00 +0000 UTC |

keraattin/CVE-2026-35616 CVE-2026-35616 - FortiClient EMS Pre-Authentication API Bypass (CVSS 9.1, CISA KEV). Python & Nmap NSE detection scripts with full technical breakdown. One forged HTTP header bypasses authentication on FortiClient EMS 7.4.5–7.4.6, granting full admin API access to all managed endpoints.
Create: 2026-04-13 18:49:00 +0000 UTC Push: 2026-04-13 18:49:00 +0000 UTC |

Spydomain/CVE-2026-33017-lab
Create: 2026-04-13 18:33:25 +0000 UTC Push: 2026-04-13 18:33:25 +0000 UTC |

fevar54/marimo_CVE-2026-39987_RCE_PoC CVE-2026-39987 - Marimo < 0.23.0 Pre-Auth RCE (WebSocket) PoC de explotación - Conecta a /terminal/ws sin autenticación Author: Fevar54 Date: 2026-04-13 Severity: CRITICAL CVSS: 9.3
Create: 2026-04-13 18:06:46 +0000 UTC Push: 2026-04-13 18:06:47 +0000 UTC |

gigachadusers/cve-2020-6864 checks if zte ips are vunverable to cve-2020-6864
Create: 2026-04-13 17:08:02 +0000 UTC Push: 2026-04-13 17:08:18 +0000 UTC |

Pixel-DefaultBR/CVE-2026-6227
Create: 2026-04-13 16:16:54 +0000 UTC Push: 2026-04-13 16:17:29 +0000 UTC |

wojtekchwala/CVE-2025-66849 Ghost CMS Privilege Escalation PoC
Create: 2026-04-13 14:36:54 +0000 UTC Push: 2026-04-13 14:36:55 +0000 UTC |

Ath-PS/RC4-AD-Depreciation-CVE-2026-20833 SCCM Configuration Baseline to revert the April 2026 RC4 enforcement back to **Monitor/Audit mode** on Domain Controllers, giving you time to migrate service accounts to AES before full enforcement in July 2026.
Create: 2026-04-13 13:11:51 +0000 UTC Push: 2026-04-13 13:12:20 +0000 UTC |

ercihan/CVE-2026-34621
Create: 2026-04-13 13:00:37 +0000 UTC Push: 2026-04-13 13:01:24 +0000 UTC |

DeDnY/CVE-2025-55182-poc-panel This is a special panel that is used to send POC requests with the output of responses.
Create: 2026-04-13 12:40:20 +0000 UTC Push: 2026-04-13 12:40:21 +0000 UTC |

UsifAraby/CVE-2025-59528-POC
Create: 2026-04-13 11:32:39 +0000 UTC Push: 2026-04-13 11:33:37 +0000 UTC |