unSafe.sh - 不安全

iltosec/CVE-2026-54596 CVE-2026-54596 - Authenticated SQL Injection via recurring_invoice_frequency Parameter Enables Full Database Exfiltration
Create: 2026-06-15 22:09:02 +0000 UTC Push: 2026-06-15 22:09:03 +0000 UTC |

iltosec/CVE-2026-54597 CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection
Create: 2026-06-15 21:57:56 +0000 UTC Push: 2026-06-15 21:57:57 +0000 UTC |

tar-xz/CVE-2026-53519-PoC PoC exploit for CVE-2026-53519.
Create: 2026-06-15 19:06:37 +0000 UTC Push: 2026-06-15 19:06:38 +0000 UTC |

dhmosfunk/CVE-2026-49160---HTTP.sys-PoC HTTP.sys Denial of Service Vulnerability
Create: 2026-06-15 18:30:18 +0000 UTC Push: 2026-06-15 18:30:18 +0000 UTC |

dhmosfunk/CVE-2026-49160-HTTP.sys HTTP.sys Denial of Service Vulnerability
Create: 2026-06-15 18:30:18 +0000 UTC Push: 2026-06-15 18:30:18 +0000 UTC |

ElianGonzi00/CVE-2025-2783
Create: 2026-06-15 18:01:34 +0000 UTC Push: 2026-06-15 18:01:34 +0000 UTC |

tihomirocrew/cve-2026-3437
Create: 2026-06-15 16:05:55 +0000 UTC Push: 2026-06-15 16:05:56 +0000 UTC |

hacbs-release-tests/collectors-no-cve-20696a65
Create: 2026-06-15 15:27:01 +0000 UTC Push: 2026-06-15 15:27:05 +0000 UTC |

DylanZahedi/CVE-2026-9277
Create: 2026-06-15 13:37:09 +0000 UTC Push: 2026-06-15 13:37:10 +0000 UTC |

ikarolaborda/CVE-2026-40176
Create: 2026-06-15 10:35:51 +0000 UTC Push: 2026-06-15 10:35:52 +0000 UTC |

jfs-jfs/CVE-2026-37073 Incorrect access control in /vfm-admin/ajax/sendfiles.php in Veno File Manager Project 4.4.9 allows an unauthenticated attacker to send emails from the configured SMPT server on the application via making a POST request to the endpoint with needed parameters and header.
Create: 2026-06-15 10:09:45 +0000 UTC Push: 2026-06-15 10:10:32 +0000 UTC |

jfs-jfs/CVE-2026-37072 Veno File Manager Project Veno File Manager Project 4.4.9 is vulnerable to Incorrect Access Control in admin-head-updates.php
Create: 2026-06-15 10:07:25 +0000 UTC Push: 2026-06-15 10:09:00 +0000 UTC |

jfs-jfs/CVE-2026-37071 Arbitrary File Rename Leading to Privilege Escalation in Actions::renameFile() function in Veno File Manager Project 4.4.9 allows an authenticated attacker with 'reanme' permission to take over the super administrator account via a specially crafted POST request.
Create: 2026-06-15 10:00:56 +0000 UTC Push: 2026-06-15 10:05:31 +0000 UTC |

jfs-jfs/CVE-2026-37070 Incorrect access control in /vfm-admin/ajax/streamvid.php in Veno File Manager Project in 4.4.9 allows an authenticated attacker to read any uploaded files by other users as long as it knows the path and filename via a specially crafted GET request to the affected endpoint.
Create: 2026-06-15 09:55:32 +0000 UTC Push: 2026-06-15 09:59:18 +0000 UTC |

jfs-jfs/CVE-2026-37069 Absolute Path Disclosure in /vfm-admin/assets/zipstream/grandt/relativepath/RelativePath.Example1.php in Veno File Manager Project 4.4.9 allows an unauthenticated attacker to know in which system directory the application code is running by sending a GET request to the endpoint.
Create: 2026-06-15 09:45:14 +0000 UTC Push: 2026-06-15 09:53:47 +0000 UTC |

jfs-jfs/CVE-2026-37068 Arbitrary file write in /vfm-admin/index.php?section=translations&action=update in Veno File Manager Project 4.4.9 allows an authenticated user with the role of super administrator to overwrite any php file in the application via a specially crafted POST request to the affected endpoint.
Create: 2026-06-15 09:38:58 +0000 UTC Push: 2026-06-15 09:44:03 +0000 UTC |

jfs-jfs/CVE-2026-37067 Incorrect access control in /vfm-admin/admin-panel/view/save-cvs.php in Veno File Manager Project 4.4.9 allows an unauthenticated attacker to extract all application logs from a desired date forwards via a specially crafted POST request.
Create: 2026-06-15 09:34:25 +0000 UTC Push: 2026-06-15 09:37:51 +0000 UTC |

jfs-jfs/CVE-2026-37066 Path traversal leading to Arbitrary File Read in /vfm-admin/index.php and /vfm-admin/ajax/streamvid.php in Veno File Manager Project 4.4.9 allows and authenticated attacker with super administrator role to disclose sensitive information via two specially crafted http requests (POST and GET) to the affected endpoints.
Create: 2026-06-15 09:30:17 +0000 UTC Push: 2026-06-15 09:33:19 +0000 UTC |

jfs-jfs/CVE-2026-37065 Veno File Manager Project 4.4.9 is vulnerable to Arbitrary File Deletion
Create: 2026-06-15 09:24:54 +0000 UTC Push: 2026-06-15 09:29:01 +0000 UTC |

jfs-jfs/CVE-2026-37064 User enumeration in /vfm-admin/ajax/usr-check.php in Veno File Manager Project 4.4.9 allows an unauthenticated attacker to enumerate the application users via sending a specially crafted POST request to the affected endpoint with a chosen 'user_name' parameter to test if the user exists.
Create: 2026-06-15 09:14:04 +0000 UTC Push: 2026-06-15 09:21:20 +0000 UTC |