๐จ CVE-2026-57654
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
๐@cveNotify
Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Affiliates Manager Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57655
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Child Theme Wizard Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57656
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
๐@cveNotify
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Hester Core Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57657
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Gmail SMTP Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57658
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
๐@cveNotify
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
๐@cveNotify
Patchstack
Arbitrary File Upload in WordPress TemplateSpare Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57659
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Paid Memberships Pro - Add Member From Admin Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57660
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
๐@cveNotify
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Booking and Rental Manager Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57661
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
๐@cveNotify
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress WPComplete Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57663
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
๐@cveNotify
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
๐@cveNotify
Patchstack
SQL Injection in WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57664
Unauthenticated Sensitive Data Exposure in Bopo โ WooCommerce Product Bundle Builder <= 1.1.6 versions.
๐@cveNotify
Unauthenticated Sensitive Data Exposure in Bopo โ WooCommerce Product Bundle Builder <= 1.1.6 versions.
๐@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Bopo โ WooCommerce Product Bundle Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57665
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
๐@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
๐@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress GravityView Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-9699
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
๐@cveNotify
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
๐@cveNotify
Mattermost.com
Security Updates
Find information about Mattermost security updates, sign up for our Security Bulletin, read our Responsible Disclosure Policy, and more.
๐จ CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash.
๐@cveNotify
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash.
๐@cveNotify
Gist
verify forgery.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-21733
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files.
This is caused by improper handling of GPU memory reservation protections.
๐@cveNotify
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files.
This is caused by improper handling of GPU memory reservation protections.
๐@cveNotify
Imagination
Imagination GPU Driver Vulnerabilities - Imagination
This page contains summary details of security vulnerabilities reported on Imagination Technologies Power VR Graphics driver.
๐จ CVE-2026-41840
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48.
๐@cveNotify
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48.
๐@cveNotify
CVE-2026-41840: Spring Framework Denial of Service via Multipart Requests in WebFlux
Level up your Java code and explore what Spring can do for you.
๐จ CVE-2026-45792
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to apply regex-based modifications (e.g., strip_lines_matching) to shell command output before it is shown to the LLM, without any indication that the output has been modified. This allows attackers to selectively suppress or alter command output (including file contents, diffs, and security scan results) without detection, potentially concealing malicious code during AI-assisted development or review. This vulnerability is fixed in 0.32.0.
๐@cveNotify
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to apply regex-based modifications (e.g., strip_lines_matching) to shell command output before it is shown to the LLM, without any indication that the output has been modified. This allows attackers to selectively suppress or alter command output (including file contents, diffs, and security scan results) without detection, potentially concealing malicious code during AI-assisted development or review. This vulnerability is fixed in 0.32.0.
๐@cveNotify
GitHub
security: trust boundary for project-local TOML filters (SA-2025-RTK-002) by pszymkowiak ยท Pull Request #623 ยท rtk-ai/rtk
Summary
CVSS 7.0 โ .rtk/filters.toml loaded silently from CWD, allowing attackers to hide malicious code or rewrite output
Untrusted project-local filters are now skipped (not "warned and...
CVSS 7.0 โ .rtk/filters.toml loaded silently from CWD, allowing attackers to hide malicious code or rewrite output
Untrusted project-local filters are now skipped (not "warned and...
๐จ CVE-2026-54027
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1.
๐@cveNotify
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1.
๐@cveNotify
GitHub
Image Upload Route Bypasses Agent Permission Check โ Incomplete Fix for File Upload Authorization
### Summary
The `POST /api/files/images` endpoint allows any authenticated user to upload files into any agent's `tool_resources` (e.g., `context`, `execute_code`) without verifying ownership ...
The `POST /api/files/images` endpoint allows any authenticated user to upload files into any agent's `tool_resources` (e.g., `context`, `execute_code`) without verifying ownership ...
๐จ CVE-2026-54090
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. /bin/sh -c), the command allowlist can be bypassed through shell metacharacters. The allowlist validates only the first token of user input, but the entire raw string is handed to the shell โ semicolons, pipes, backticks, and $() all work to chain arbitrary commands after a permitted one. This vulnerability is fixed in 2.33.8.
๐@cveNotify
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. /bin/sh -c), the command allowlist can be bypassed through shell metacharacters. The allowlist validates only the first token of user input, but the entire raw string is handed to the shell โ semicolons, pipes, backticks, and $() all work to chain arbitrary commands after a permitted one. This vulnerability is fixed in 2.33.8.
๐@cveNotify
GitHub
Fix: Command Execution/Runner/Hooks Features ยท Issue #5199 ยท filebrowser/filebrowser
The implementation of the Command Execution functionality has been shown to be faulty over and over again. Not only is the implementation faulty, but there are several known security vulnerabilitie...