Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.9 CVE-2026-13357

Houzez Property Feed <= 2.5.46 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter_CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5....

propertyhive Houzez Property Feed CVE
MEDIUM 4.3 CVE-2026-11600

Envo’s Templates & Widgets for Elementor and WooCommerce <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure via Envo Tabs Widget 'templates' Setting_CVE-2026-11600

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing aut...

envothemes Envo's Templates & Widgets for Elementor and WooCommerce CVE
MEDIUM 4.3 CVE-2026-11592

Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action_CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to a...

icegram Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress CVE
MEDIUM 6.4 CVE-2026-10089

Insert Pages <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Keys (Meta Key Names)_CVE-2026-10089

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys (meta key names) in all versions up t...

figureone Insert Pages CVE
HIGH 7.5 CVE-2026-33592

FindServers Memory Exhaustion in open62541_CVE-2026-33592

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServer...

open62541 project / o6 Automation GmbH open62541 1.4.0 CVE
CRITICAL 9.8 5FAFE7AF-9ADD-

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Hiyouga Llama-Factory_5FAFE7AF-9ADD-5A87-8223-328B9E22885E

CVE-2026-58116 — LLaMA-Factory WebUI RCE via trustremotecode Proof of concept for CVE-2026-58116 CVSS 9.8 Critical: remote code execution in LLaMA-...

N/A N/A GITHUBEXPLOIT
NONE 9B329910-D362-

CVE2PoC_9B329910-D362-5657-8E8B-33CA109ECCD7

CVE2PoC A prototype for generating real npm vulnerability PoCs based on LLMs and Docker differential verification. Core objectives: Vulnerability i...

N/A N/A GITHUBEXPLOIT
NONE 12388B01-153A-

jchain-static_12388B01-153A-54F4-AD26-248E6451D6DE

jChain-Static Vulnerability Chain Playbook Generator for Penetration Testing jChain-Static is a static database of known vulnerability exploitation...

N/A N/A GITHUBEXPLOIT
HIGH 8.8 THN:9ADD4AB34E0...

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation_THN:9ADD4AB34E0B3C433B116D9EE8081CD5

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMEHDpcGNoddFf8yfkJ1L21X61VSA66xZiVjYA5qdfJpZ8tyWxzRy7Il8fwcY59pRUm7mlNChrPHhjySmFLV...

N/A N/A THN
NONE A55FFB43-5646-

Exploit for CVE-2026-30784_A55FFB43-5646-5751-B599-6BA4C8FC689C

CVE-2026-30784-rustdesk-poc CVE-2026-30784: RustDesk hbbs Traffic Amplification PoC & PCAP Analysis PCAP Capture Context & Details ⚠️ Important Not...

N/A N/A GITHUBEXPLOIT