🚨 CVE-2026-57627
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
🎖@cveNotify
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
🎖@cveNotify
Patchstack
Server Side Request Forgery (SSRF) in WordPress Kirki Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57633
Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress WCBoost – Products Compare Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57634
Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.
🎖@cveNotify
Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress PPWP Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57641
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
🎖@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Real Estate 7 Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57646
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
🎖@cveNotify
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress Majestic Support Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57647
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.
🎖@cveNotify
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.
🎖@cveNotify
Patchstack
Local File Inclusion in WordPress Panorama Viewer – 360 Degree Image + Video Viewer Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57652
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
🎖@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress JS Help Desk Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57659
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
🎖@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Paid Memberships Pro - Add Member From Admin Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57664
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Bopo – WooCommerce Product Bundle Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-57665
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
🎖@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress GravityView Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-9699
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
🎖@cveNotify
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
🎖@cveNotify
Mattermost.com
Security Updates
Find information about Mattermost security updates, sign up for our Security Bulletin, read our Responsible Disclosure Policy, and more.
🚨 CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
🎖@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
🎖@cveNotify
AMD
AMD Client Vulnerabilities – August 2025
🚨 CVE-2023-20572
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
🎖@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
🎖@cveNotify
AMD
AMD Client Vulnerabilities – August 2025
🚨 CVE-2026-0685
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
🎖@cveNotify
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
🎖@cveNotify
GitHub
GitHub - edgewall/genshi: Python toolkit for generation of output for the web
Python toolkit for generation of output for the web - edgewall/genshi