The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in ve...
The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd_delete_file AJAX actio...
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoia[introducti...
The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5....
The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing aut...
The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to a...
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys (meta key names) in all versions up t...
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServer...
CVE-2026-58116 — LLaMA-Factory WebUI RCE via trustremotecode Proof of concept for CVE-2026-58116 CVSS 9.8 Critical: remote code execution in LLaMA-...
CVE2PoC A prototype for generating real npm vulnerability PoCs based on LLMs and Docker differential verification. Core objectives: Vulnerability i...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.