Changelog

Product updates

Every shipped feature, fix, and infrastructure change — newest first. Want updates by email? Subscribe on the blog page.

May 29, 2026v1.5.0
Feature
Pricing simplified — every plan is paid
- Retired the $0 Free tier — VulnVerify is now four paid plans: Startup, Growth, Business, Enterprise. The count-only free domain check stays as before.
- Growth lowered from $799 to $499/mo.
- Startup ($299) is now findings-only — verified findings, dashboard, and email alerts. Full PoC + remediation reports start on Growth.
- Business adds a monthly external penetration test plus priority support.
- Enterprise repositioned as a vulnerability-acquisition program for teams that license verified findings at scale.
May 15, 2026v1.4.0
Feature
Billing, integrations, audit log
- Self-service billing page wired to hosted checkout + customer portal (mocked in dev, real with API key set).
- Slack + custom webhook delivery for alerts — configure per-tenant in Settings.
- Two Vercel cron jobs: alert delivery every 5 minutes + nightly re-verification pass.
- Full audit log at /admin/audit capturing login attempts, lockouts, suspensions, billing events, alert deliveries, re-verifications.
- Account lockout after 5 failed login attempts (15-minute cooldown).
- Stronger password policy: 12+ chars, 3-of-4 character classes, common-password + email-inclusion blocks.
- Self-service account deletion in Settings danger zone (with last-admin guard).
- Full CSP + HSTS + Permissions-Policy headers in next.config.
- Cookie consent banner + GDPR-aware essential-only mode.
May 15, 2026v1.3.0
Feature
Dark-web positioning + 4-stage pipeline
- Landing rewritten around the “signal in the noise” positioning — dark-web monitoring for vulnerabilities, the way LeakRadar does it for credentials.
- New dedicated /how-it-works page walking through the 4-stage pipeline: collect → triage → verify → alert.
- Vulnerability detail page gained PoC payload + reproduction steps, source attribution (broad category, OPSEC-vague), and researcher attribution (named pseudonymous handle).
- “Copy full report” on vuln detail emits a plain-text report suitable for tickets.
- Comparison table swapped: now contrasts against LeakRadar, Shodan/Censys, and generic vulnerability scanners.
May 14, 2026v1.2.0
Feature
Admin panel + tenant detail pages
- Admin company detail page at /admin/companies/[domain] — registered users, vulnerabilities, activity timeline, outreach stub.
- Sidebar gained lock badges on tier-gated nav items (Watchlist / Alerts).
- Plan badge is now consistent across all routes (admins always show Staff · Admin).
- Free-tier /alerts shows only the upgrade prompt — no half-empty form.
May 14, 2026v1.1.0
Feature
Five-tier B2B pricing
- Pricing tiers rebuilt for the B2B audience: Startup, Growth, Business, and Enterprise.
- Tier matrix now covers root domains, subdomains, vendor-risk slots, compliance reports, review cadence, support SLA.
- Landing pricing teaser shows Startup / Growth / Business; the full grid lives on /pricing.
May 13, 2026v1.0.0
Launch
Launch
- Initial release of the VulnVerify database with 500 manually verified critical and high-severity vulnerabilities.
- Coverage across 150 mid-market companies in 12 countries and 7 industries.
- Real 2024 CVEs (PAN-OS, regreSSHion, Ivanti, TeamCity, XZ Utils, Jenkins, Zabbix, and more) plus a curated set of 2025/2026 disclosures.
- Email + password authentication with email verification and password reset.
- Multi-tenant data model — each user sees only findings on their company's domain.
- Public landing, pricing, legal, and security pages shipped.

Pricing simplified — every plan is paid

Retired the $0 Free tier — VulnVerify is now four paid plans: Startup, Growth, Business, Enterprise. The count-only free domain check stays as before.
Growth lowered from $799 to $499/mo.
Startup ($299) is now findings-only — verified findings, dashboard, and email alerts. Full PoC + remediation reports start on Growth.
Business adds a monthly external penetration test plus priority support.
Enterprise repositioned as a vulnerability-acquisition program for teams that license verified findings at scale.

Billing, integrations, audit log

Self-service billing page wired to hosted checkout + customer portal (mocked in dev, real with API key set).
Slack + custom webhook delivery for alerts — configure per-tenant in Settings.
Two Vercel cron jobs: alert delivery every 5 minutes + nightly re-verification pass.
Full audit log at /admin/audit capturing login attempts, lockouts, suspensions, billing events, alert deliveries, re-verifications.
Account lockout after 5 failed login attempts (15-minute cooldown).
Stronger password policy: 12+ chars, 3-of-4 character classes, common-password + email-inclusion blocks.
Self-service account deletion in Settings danger zone (with last-admin guard).
Full CSP + HSTS + Permissions-Policy headers in next.config.
Cookie consent banner + GDPR-aware essential-only mode.

Dark-web positioning + 4-stage pipeline

Landing rewritten around the “signal in the noise” positioning — dark-web monitoring for vulnerabilities, the way LeakRadar does it for credentials.
New dedicated /how-it-works page walking through the 4-stage pipeline: collect → triage → verify → alert.
Vulnerability detail page gained PoC payload + reproduction steps, source attribution (broad category, OPSEC-vague), and researcher attribution (named pseudonymous handle).
“Copy full report” on vuln detail emits a plain-text report suitable for tickets.
Comparison table swapped: now contrasts against LeakRadar, Shodan/Censys, and generic vulnerability scanners.

Admin panel + tenant detail pages

Admin company detail page at /admin/companies/[domain] — registered users, vulnerabilities, activity timeline, outreach stub.
Sidebar gained lock badges on tier-gated nav items (Watchlist / Alerts).
Plan badge is now consistent across all routes (admins always show Staff · Admin).
Free-tier /alerts shows only the upgrade prompt — no half-empty form.

Launch

Initial release of the VulnVerify database with 500 manually verified critical and high-severity vulnerabilities.
Coverage across 150 mid-market companies in 12 countries and 7 industries.
Real 2024 CVEs (PAN-OS, regreSSHion, Ivanti, TeamCity, XZ Utils, Jenkins, Zabbix, and more) plus a curated set of 2025/2026 disclosures.
Email + password authentication with email verification and password reset.
Multi-tenant data model — each user sees only findings on their company's domain.
Public landing, pricing, legal, and security pages shipped.

Product updates

Pricing simplified — every plan is paid

Billing, integrations, audit log

Dark-web positioning + 4-stage pipeline

Admin panel + tenant detail pages

Five-tier B2B pricing

Launch

Product updates

Pricing simplified — every plan is paid

Billing, integrations, audit log

Dark-web positioning + 4-stage pipeline

Admin panel + tenant detail pages

Five-tier B2B pricing

Launch