Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-13228

LatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' Parameter_CVE-2026-13228

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in ...

latepoint LatePoint – Calendar Booking Plugin for Appointments and Events CVE
HIGH 7.2 CVE-2026-12142

NEX-Forms <= 9.2.2 - Unauthenticated Stored Cross-Site Scripting via '_name[]' Array Parameter_CVE-2026-12142

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via '_name[]' Array Parameter...

webaways NEX-Forms – Ultimate Forms Plugin for WordPress CVE
MEDIUM 6.4 CVE-2026-10095

WP Photo Album Plus <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'subtext' Shortcode Attribute_CVE-2026-10095

The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and in...

opajaap WP Photo Album Plus CVE
NONE MALWAREBYTES:D1...

ChatGPT produced graphic violent images that shocked researchers_MALWAREBYTES:D177E6BB3C65928D9086D0DD8B58C731

AI assistants like ChatGPT are supposed to be safe to use, with appropriate guardrails to stop people creating harmful content. However, a British ...

N/A N/A MALWAREBYTES
NONE 91E0F59C-602A-

poc-exploit-harden-runner_91E0F59C-602A-5DD9-9BCE-0B7297D5D5CE

poc-exploit-harden-runner...

N/A N/A GITHUBEXPLOIT
MEDIUM 6.5 193F61B6-AFAB-

Exploit for External Control of File Name or Path in Microsoft_193F61B6-AFAB-5066-A82C-03D8AA8216BB

CVE-2025-24054 — Detection & Mitigation Lab Project log for a defensive security lab on CVE-2025-24054, the Windows New Technology LAN Manager NTLM...

N/A N/A GITHUBEXPLOIT
MEDIUM 5.3 CVE-2026-27435

WordPress Woffice theme < 5.4.33 - Broken Access Control vulnerability_CVE-2026-27435

Missing Authorization vulnerability in WofficeIO Woffice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affec...

WofficeIO Woffice n/a CVE
MEDIUM 6.5 CVE-2026-13454

MotoPress Appointment Booking <= 2.4.5 - Authenticated (Staff+) SQL Injection via 's' Parameter_CVE-2026-13454

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and incl...

jetmonsters MotoPress Appointment Booking CVE
MEDIUM 6.1 CVE-2026-12754

VikBooking Hotel Booking Engine & PMS <= 1.8.12 - Reflected Cross-Site Scripting via 'layoutstyle' Parameter_CVE-2026-12754

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'layoutstyle' parameter in a...

e4jvikwp VikBooking Hotel Booking Engine & PMS CVE
NONE 6149CF23-B774-

Cloud-Security-Portfolio_6149CF23-B774-5D14-9C99-482AA23E6B6D

Cloud-Security-Portfolio Offensive AWS security portfolio — IAM privilege escalation, S3 misconfig exploitation, and cloud attack path documentatio...

N/A N/A GITHUBEXPLOIT