π¨ CVE-2026-57641
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
π@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Real Estate 7 Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57646
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
π@cveNotify
Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.
π@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress Majestic Support Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57647
Contributor Local File Inclusion in Panorama Viewer β 360 Degree Image + Video Viewer <= 1.6.1 versions.
π@cveNotify
Contributor Local File Inclusion in Panorama Viewer β 360 Degree Image + Video Viewer <= 1.6.1 versions.
π@cveNotify
Patchstack
Local File Inclusion in WordPress Panorama Viewer β 360 Degree Image + Video Viewer Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57652
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
π@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
π@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress JS Help Desk Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57658
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
π@cveNotify
Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.
π@cveNotify
Patchstack
Arbitrary File Upload in WordPress TemplateSpare Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57659
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
π@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Paid Memberships Pro - Add Member From Admin Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57664
Unauthenticated Sensitive Data Exposure in Bopo β WooCommerce Product Bundle Builder <= 1.1.6 versions.
π@cveNotify
Unauthenticated Sensitive Data Exposure in Bopo β WooCommerce Product Bundle Builder <= 1.1.6 versions.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Bopo β WooCommerce Product Bundle Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57665
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
π@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.
π@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress GravityView Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-9699
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
π@cveNotify
Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609
π@cveNotify
Mattermost.com
Security Updates
Find information about Mattermost security updates, sign up for our Security Bulletin, read our Responsible Disclosure Policy, and more.
π¨ CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
π@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
π@cveNotify
AMD
AMD Client Vulnerabilities β August 2025
π¨ CVE-2023-20572
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
π@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
π@cveNotify
AMD
AMD Client Vulnerabilities β August 2025
π¨ CVE-2026-0685
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
π@cveNotify
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
π@cveNotify
GitHub
GitHub - edgewall/genshi: Python toolkit for generation of output for the web
Python toolkit for generation of output for the web - edgewall/genshi
π¨ CVE-2026-0828
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
π@cveNotify
Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.
π@cveNotify
Safetica
Safetica | Data Loss Prevention and Insider Risk Management
Safetica protects businesses against insider threats, offers data loss protection, and supports regulatory compliance.
π¨ CVE-2026-12411
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
π@cveNotify
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
π@cveNotify
GitHub
Security fixes from the 6.9 release by tomponline Β· Pull Request #18585 Β· canonical/lxd
Covers fixes for:
GHSA-qx75-2p3r-pwm5
GHSA-7mr3-28h5-m5vx
GHSA-47w9-6r3f-938g
GHSA-9j25-mm2h-2f76
GHSA-jpf8-86f3-wp38
GHSA-vghh-5rfx-xhq8
GHSA-fmc8-p6q7-75cc
GHSA-pjff-c2wc-f6jm
GHSA-hhf9-qw4v-72xp
GHSA-qx75-2p3r-pwm5
GHSA-7mr3-28h5-m5vx
GHSA-47w9-6r3f-938g
GHSA-9j25-mm2h-2f76
GHSA-jpf8-86f3-wp38
GHSA-vghh-5rfx-xhq8
GHSA-fmc8-p6q7-75cc
GHSA-pjff-c2wc-f6jm
GHSA-hhf9-qw4v-72xp
π¨ CVE-2026-21734
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.
An edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write.
π@cveNotify
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.
An edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write.
π@cveNotify
Imagination
Imagination GPU Driver Vulnerabilities - Imagination
This page contains summary details of security vulnerabilities reported on Imagination Technologies Power VR Graphics driver.
π¨ CVE-2026-44018
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes. This vulnerability is fixed in 2.91.0.
π@cveNotify
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes. This vulnerability is fixed in 2.91.0.
π@cveNotify
GitHub
Release v2.91.0 Β· docling-project/docling
Feature
docx: Extract VML images with v:imagedata elements (#3343) (2ddaa3b)
Fix
Strengthen input validation for METSβGBS processing (#3336) (c1dbac2)
EasyOCR model downloading (#3339) (5e161ac)...
docx: Extract VML images with v:imagedata elements (#3343) (2ddaa3b)
Fix
Strengthen input validation for METSβGBS processing (#3336) (c1dbac2)
EasyOCR model downloading (#3339) (5e161ac)...
π¨ CVE-2026-45195
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel.
Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
π@cveNotify
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel.
Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
π@cveNotify
Imagination
Imagination GPU Driver Vulnerabilities - Imagination
This page contains summary details of security vulnerabilities reported on Imagination Technologies Power VR Graphics driver.
π¨ CVE-2026-47214
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.
π@cveNotify
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.
π@cveNotify
GitHub
Release v2.94.0 Β· docling-project/docling
Feature
latex: Add optional Tectonic TikZ rendering (#3369) (eceedc2)
Add image_placeholder and use_markdown_images as fields in the BaseChunkerOptions (#3436) (5fadc6d)
extraction: Add Granite Vi...
latex: Add optional Tectonic TikZ rendering (#3369) (eceedc2)
Add image_placeholder and use_markdown_images as fields in the BaseChunkerOptions (#3436) (5fadc6d)
extraction: Add Granite Vi...
π¨ CVE-2026-5757
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
π@cveNotify
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence.
π@cveNotify
kb.cert.org
CERT/CC Vulnerability Note VU#518910
Ollama GGUF Quantization Remote Memory Leak
π¨ CVE-2026-9639
Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.
π@cveNotify
Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.
π@cveNotify
GitHub
lxd/storage/backend/lxd: Validate snapshot.ExpiresAt is non-nil by tomponline Β· Pull Request #18320 Β· canonical/lxd
Powerful system container and virtual machine manager - lxd/storage/backend/lxd: Validate snapshot.ExpiresAt is non-nil by tomponline Β· Pull Request #18320 Β· canonical/lxd