Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

364 New today

66,027 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

364

Jun 26

Jun 27

Critical

High

Medium

Low

Latest

CVE CVSS 6.5

SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server_CVE-2026-4339

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-...

CVE-2026-4339 Mattermost Mattermost 10.11.0

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.8	CVE-2026-45257	Arbitrary file overwrite via the KTLS receive path_CVE-2026-45257 The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assump...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 26, 2026	CVE
MEDIUM 5.5	CVE-2026-45256	Missing permission check in thr_kill2(2)_CVE-2026-45256 When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not ...	FreeBSD	FreeBSD 15.0-RELEASE	Jun 26, 2026	CVE
LOW 3.5	CVE-2026-3472	Markdown image rendering bypass in AI bot tool result posts in Mattermost_CVE-2026-3472 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-30041	CVE-2026-30041_CVE-2026-30041 An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Servi...	n/a	n/a n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-30040	CVE-2026-30040_CVE-2026-30040 A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the...	n/a	n/a n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-24547	WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability_CVE-2026-24547 Unauthenticated Broken Access Control in SiteGround Email Marketing	SiteGround	SiteGround Email Marketing n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2025-68075	WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68075 Contributor Cross Site Scripting (XSS) in BNE Testimonials	Kerry	BNE Testimonials n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2025-68074	WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68074 Contributor Cross Site Scripting (XSS) in Image Carousel	GhozyLab	Image Carousel n/a	Jun 26, 2026	CVE
HIGH 7.5	CVE-2025-68064	WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability_CVE-2025-68064 Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.	Everthemess	Goya Core n/a	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server_CVE-2026-4339

Recent Advisories

Arbitrary file overwrite via the KTLS receive path_CVE-2026-45257

Missing permission check in thr_kill2(2)_CVE-2026-45256

Markdown image rendering bypass in AI bot tool result posts in Mattermost_CVE-2026-3472

CVE-2026-30041_CVE-2026-30041

CVE-2026-30040_CVE-2026-30040

WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability_CVE-2026-24547

WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68075

WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68074

WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability_CVE-2025-68064

Protect Your Attack Surface with RedGem

Security Intelligence
Feed