Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

369 New today

66,014 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

376

Jun 25

351

Jun 26

Critical

High

Medium

Low

Latest

CVE CVSS 3.5

Markdown image rendering bypass in AI bot tool result posts in Mattermost_CVE-2026-3472

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdo...

CVE-2026-3472 Mattermost Mattermost 10.11.0

Jun 26, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-30041	CVE-2026-30041_CVE-2026-30041 An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Servi...	n/a	n/a n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-30040	CVE-2026-30040_CVE-2026-30040 A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the...	n/a	n/a n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-24547	WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability_CVE-2026-24547 Unauthenticated Broken Access Control in SiteGround Email Marketing	SiteGround	SiteGround Email Marketing n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2025-68075	WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68075 Contributor Cross Site Scripting (XSS) in BNE Testimonials	Kerry	BNE Testimonials n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2025-68074	WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68074 Contributor Cross Site Scripting (XSS) in Image Carousel	GhozyLab	Image Carousel n/a	Jun 26, 2026	CVE
HIGH 7.5	CVE-2025-68064	WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability_CVE-2025-68064 Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.	Everthemess	Goya Core n/a	Jun 26, 2026	CVE
HIGH 7.5	CVE-2025-68063	WordPress Splash – Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability_CVE-2025-68063 Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey	StylemixThemes	Splash - Sport Club WordPress Theme for Basketball, Football, Hockey n/a	Jun 26, 2026	CVE
HIGH 8.8	CVE-2025-68052	WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2025-68052 Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking	Eagle-Themes	Eagle Booking n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2025-66123	WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2025-66123 Unauthenticated Insecure Direct Object References (IDOR) in BookPro	About Envato	BookPro n/a	Jun 26, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Markdown image rendering bypass in AI bot tool result posts in Mattermost_CVE-2026-3472

Recent Advisories

CVE-2026-30041_CVE-2026-30041

CVE-2026-30040_CVE-2026-30040

WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability_CVE-2026-24547

WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68075

WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68074

WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability_CVE-2025-68064

WordPress Splash – Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability_CVE-2025-68063

WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2025-68052

WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2025-66123

Protect Your Attack Surface with RedGem

Security Intelligence
Feed