๐จ CVE-2026-57430
Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.
๐@cveNotify
Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress SEOPress PRO Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57627
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
๐@cveNotify
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
๐@cveNotify
Patchstack
Server Side Request Forgery (SSRF) in WordPress Kirki Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57633
Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions.
๐@cveNotify
Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions.
๐@cveNotify
Patchstack
Sensitive Data Exposure in WordPress WCBoost โ Products Compare Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57634
Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.
๐@cveNotify
Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.
๐@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress PPWP Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57640
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
๐@cveNotify
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress MasterStudy LMS Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57641
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Real Estate 7 Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57646
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
๐@cveNotify
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
๐@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress Majestic Support Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57647
Contributor Local File Inclusion in Panorama Viewer โ 360 Degree Image + Video Viewer <= 1.6.1 versions.
๐@cveNotify
Contributor Local File Inclusion in Panorama Viewer โ 360 Degree Image + Video Viewer <= 1.6.1 versions.
๐@cveNotify
Patchstack
Local File Inclusion in WordPress Panorama Viewer โ 360 Degree Image + Video Viewer Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57652
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
๐@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
๐@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress JS Help Desk Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57658
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
๐@cveNotify
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
๐@cveNotify
Patchstack
Arbitrary File Upload in WordPress TemplateSpare Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57659
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Paid Memberships Pro - Add Member From Admin Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57664
Unauthenticated Sensitive Data Exposure in Bopo โ WooCommerce Product Bundle Builder <= 1.1.6 versions.
๐@cveNotify
Unauthenticated Sensitive Data Exposure in Bopo โ WooCommerce Product Bundle Builder <= 1.1.6 versions.
๐@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Bopo โ WooCommerce Product Bundle Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57665
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
๐@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
๐@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress GravityView Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-9699
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
๐@cveNotify
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
๐@cveNotify
Mattermost.com
Security Updates
Find information about Mattermost security updates, sign up for our Security Bulletin, read our Responsible Disclosure Policy, and more.
๐จ CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
๐@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
๐@cveNotify
AMD
AMD Client Vulnerabilities โ August 2025
๐จ CVE-2023-20572
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
๐@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
๐@cveNotify
AMD
AMD Client Vulnerabilities โ August 2025
๐จ CVE-2026-0685
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
๐@cveNotify
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
๐@cveNotify
GitHub
GitHub - edgewall/genshi: Python toolkit for generation of output for the web
Python toolkit for generation of output for the web - edgewall/genshi
๐จ CVE-2026-0828
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
๐@cveNotify
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
๐@cveNotify
Safetica
Safetica | Data Loss Prevention and Insider Risk Management
Safetica protects businesses against insider threats, offers data loss protection, and supports regulatory compliance.
๐จ CVE-2026-12411
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
๐@cveNotify
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
๐@cveNotify
GitHub
Security fixes from the 6.9 release by tomponline ยท Pull Request #18585 ยท canonical/lxd
Covers fixes for:
GHSA-qx75-2p3r-pwm5
GHSA-7mr3-28h5-m5vx
GHSA-47w9-6r3f-938g
GHSA-9j25-mm2h-2f76
GHSA-jpf8-86f3-wp38
GHSA-vghh-5rfx-xhq8
GHSA-fmc8-p6q7-75cc
GHSA-pjff-c2wc-f6jm
GHSA-hhf9-qw4v-72xp
GHSA-qx75-2p3r-pwm5
GHSA-7mr3-28h5-m5vx
GHSA-47w9-6r3f-938g
GHSA-9j25-mm2h-2f76
GHSA-jpf8-86f3-wp38
GHSA-vghh-5rfx-xhq8
GHSA-fmc8-p6q7-75cc
GHSA-pjff-c2wc-f6jm
GHSA-hhf9-qw4v-72xp