Exploit for CVE-2026-0920

CVE-2026-0920- LA-Studio Element Kit for Elementor = 1.5.6...

Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui

CVE-2026-33032 / MCPwn !CVEhttps://img.shields.io/badge/C...

Exploit for CVE-2025-53580

CVE-2025-53580 WordPress Simple Business Directory Pro Plugin...

Exploit for CVE-2025-29009

CVE-2025-29009 WordPress Medical Prescription Attachment Plugi...

Exploit for CVE-2025-15030

CVE-2025-15030 User Profile Builder 3.15.2 - Unauthentica...

Exploit for CVE-2025-49901

CVE-2025-49901 WordPress Simple Link Directory Plugin 14...

Exploit for CVE-2025-13342

CVE-2025-13342 Frontend Admin by DynamiApps = 3.28.20 - Un...

Exploit for CVE-2025-2563

CVE-2025-2563 The User Registration & Membership WordPress...

Exploit for CVE-2026-1937

CVE-2026-1937 YayMail = 4.3.2 - Missing Authorization to A...

Exploit for CVE-2026-1492

CVE-2026-1492 User Registration & Membership = 5.1.2 -...

CVE-2026-27542-CVE-2026-27540-

--- 🔴 Vulnerability Overview CVE-2026-27542 — Unauthent...

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Configuration Manager IP Edition (ITNCM)

Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 24 6.4.2.24 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server, which impacts IBM Tivoli Netcool Configuration Manager

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Multiple vulnerabilities were addressed in IBM WebSphere Application Server CVE-2024-29371,CVE-2025-13333. Vulnerability Details Refer to the security bulletins listed in the...

Exploit for Deserialization of Untrusted Data in Facebook React

🕵️ CVE-2025-55182 — React Vulnerability Analysis Security...

Exploit for CVE-2025-7771

🔓 ThrottleStop.sys Kernel Exploit — HVCI-Compatible Physical M...

GHSA-JRC6-FMHW-FPQ2 Kimai: Username enumeration via timing on X-AUTH-USER

Details src/API/Authentication/TokenAuthenticator.php calls loadUserByIdentifier first and only invokes the password hasher argon2id when a user is returned. When the username does not exist, the request returns roughly 25 ms faster than when it does. The response body is the same in both cases...

Kimai: Username enumeration via timing on X-AUTH-USER

Details src/API/Authentication/TokenAuthenticator.php calls loadUserByIdentifier first and only invokes the password hasher argon2id when a user is returned. When the username does not exist, the request returns roughly 25 ms faster than when it does. The response body is the same in both cases...

Exploit for CVE-2026-1555

CVE-2026-1555 WebStack = 1.2024 - Unauthenticated Arbitrar...

Metasploit Wrap-Up 04/17/2026

Happy Friday - Seven New Metasploit Modules We’re happy to announce that Metasploit Framework had a big week, landing seven new modules alongside various bug fixes and enhancements. This week’s highlights include RCE modules targeting AVideo, openDCIM, Selenium Grid/Selenoid, and ChurchCRM. On th...

CVE-2026-32650 Anviz CrossChex Standard Algorithm Downgrade

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...