🚨 CVE-2026-57312
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Everest Forms Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57627
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
🎖@cveNotify
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
🎖@cveNotify
Patchstack
Server Side Request Forgery (SSRF) in WordPress Kirki Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57633
Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress WCBoost – Products Compare Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57634
Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.
🎖@cveNotify
Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress PPWP Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57641
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
🎖@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Real Estate 7 Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57646
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
🎖@cveNotify
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress Majestic Support Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57647
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.
🎖@cveNotify
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.
🎖@cveNotify
Patchstack
Local File Inclusion in WordPress Panorama Viewer – 360 Degree Image + Video Viewer Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57652
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
🎖@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress JS Help Desk Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57659
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
🎖@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Paid Memberships Pro - Add Member From Admin Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57664
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Bopo – WooCommerce Product Bundle Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57665
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
🎖@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress GravityView Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-9699
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
🎖@cveNotify
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
🎖@cveNotify
Mattermost.com
Security Updates
Find information about Mattermost security updates, sign up for our Security Bulletin, read our Responsible Disclosure Policy, and more.
🚨 CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
🎖@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
🎖@cveNotify
AMD
AMD Client Vulnerabilities – August 2025