🚨 CVE-2025-68074
Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.
🎖@cveNotify
Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Image Carousel Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-3472
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619
🎖@cveNotify
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619
🎖@cveNotify
Mattermost.com
Security Updates
Find information about Mattermost security updates, sign up for our Security Bulletin, read our Responsible Disclosure Policy, and more.
🚨 CVE-2026-45256
When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to the caller, but by then the signal had already been delivered.
The missing check allows an unprivileged local user who knows or can guess a target's process and thread IDs to send any signal to a process they would not normally be permitted to signal, including processes owned by other users or by root. The same check enforces jail boundaries, so a jailed process can signal processes on the host or in other jails. Thread IDs are allocated globally and sequentially, and so can be discovered by brute force with no visibility into the target.
An attacker can stop or terminate arbitrary processes, including critical system daemons, resulting in a Denial of Service (DoS).
🎖@cveNotify
When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to the caller, but by then the signal had already been delivered.
The missing check allows an unprivileged local user who knows or can guess a target's process and thread IDs to send any signal to a process they would not normally be permitted to signal, including processes owned by other users or by root. The same check enforces jail boundaries, so a jailed process can signal processes on the host or in other jails. Thread IDs are allocated globally and sequentially, and so can be discovered by brute force with no visibility into the target.
An attacker can stop or terminate arbitrary processes, including critical system daemons, resulting in a Denial of Service (DoS).
🎖@cveNotify
🚨 CVE-2026-45257
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data over a loopback connection without enabling KTLS on the transmit side, the file-backed mbufs reach the receiver's decryption path unchanged. Decrypting a record in place then overwrites the backing file's page cache instead of a private copy of the data.
An unprivileged local user who can read a file can overwrite its contents with data of their choosing by sending the file over a loopback connection on which they have enabled KTLS receive. The write modifies the page cache directly, so it bypasses file flags such as schg and is written back to disk. By overwriting a setuid binary or other trusted file, a local user can escalate privileges, potentially gaining full control of the affected system.
🎖@cveNotify
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data over a loopback connection without enabling KTLS on the transmit side, the file-backed mbufs reach the receiver's decryption path unchanged. Decrypting a record in place then overwrites the backing file's page cache instead of a private copy of the data.
An unprivileged local user who can read a file can overwrite its contents with data of their choosing by sending the file over a loopback connection on which they have enabled KTLS receive. The write modifies the page cache directly, so it bypasses file flags such as schg and is written back to disk. By overwriting a setuid binary or other trusted file, a local user can escalate privileges, potentially gaining full control of the affected system.
🎖@cveNotify
🚨 CVE-2026-54824
Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Ads by WPQuads Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54834
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Object Cache 4 everyone Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54846
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Syncee Premium Dropshipping & Wholesale Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54847
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Stylish Cost Calculator Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56026
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
🎖@cveNotify
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
🎖@cveNotify
Patchstack
Server Side Request Forgery (SSRF) in WordPress utm.codes Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56027
Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.
🎖@cveNotify
Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.
🎖@cveNotify
Patchstack
Arbitrary File Upload in WordPress Booster for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56039
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
🎖@cveNotify
Patchstack
undefined in undefined undefined undefined
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56040
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Gutenverse Form Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56047
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress perfmatters Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56060
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Print Invoice & Delivery Notes for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56066
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.
🎖@cveNotify
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.
🎖@cveNotify
Patchstack
Arbitrary File Deletion in WordPress ShortPixel Adaptive Images Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.