Articles
Newsflash
13 Jul 2026 Communication and Collaboration
Mattermost: Data exfiltration via markdown rendering in AI bot posts

In Mattermost versions 10.11.18 and earlier, 11.6.3 and earlier, and 11.5.6 and earlier a low severity vulnerability CVE-2026-3472 was detected. This vulnerability allows an authenticated attacker to exfiltrate data. To address this issue, users should upgrade Mattermost to version 10.11.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-3472.

Read more
Communication
13 Jul 2026 Communication and Collaboration
Mattermost: Server-Side Request Forgery (SSRF) in Mattermost Agents

In Mattermost Agents component for Mattermost versions 10.11.18, 11.6.3, 11.5.6 and earlier a medium severity vulnerability CVE-2026-4339 was detected. This vulnerability allows an attacker to perform server-side request forgery (SSRF) and exfiltrate data from internal network services. To address this issue, users should upgrade Mattermost to version 10.11.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4339.

Read more
Communication
13 Jul 2026 Business and Enterprise Solutions
WooCommerce: Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce

In Abandoned Cart Pro for WooCommerce component for WooCommerce versions 10.4.0 and earlier a high severity vulnerability CVE-2026-56010 was detected. This vulnerability allows attackers to escalate their privileges. To address this issue, users should upgrade Abandoned Cart Pro for WooCommerce to the latest available version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56010.

Read more
E-commerce
13 Jul 2026 Business and Enterprise Solutions
WordPress: Local File Inclusion in Splash – Sport Club WordPress Theme for Basketball, Football, Hockey

In Splash – Sport Club WordPress Theme for Basketball, Football, Hockey component for WordPress versions 4.4.3 and earlier a high severity vulnerability CVE-2025-68063 was detected. This vulnerability allows an attacker to include and execute arbitrary files on the server. To address this issue, users should upgrade Splash – Sport Club WordPress Theme for Basketball, Football, Hockey to the latest available version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-68063.

Read more
CMS
13 Jul 2026 Business and Enterprise Solutions
WordPress: Unauthenticated Cross-Site Scripting in MapPress Maps for WordPress

In MapPress Maps for WordPress component for WordPress versions 2.97.3 and earlier a high severity vulnerability CVE-2026-56011 was detected. This vulnerability allows attackers to inject malicious scripts. To address this issue, users should upgrade MapPress Maps for WordPress to the latest available version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-56011.

Read more
CMS
10 Jul 2026 DevOps
Jenkins: Sandbox Bypass in Script Security Plugin

In Script Security Plugin component for Jenkins versions 1402.v94c9ce464861 and earlier a high severity vulnerability CVE-2026-57280 was detected. This vulnerability allows attackers to bypass sandbox protection. To address this issue, users should upgrade Script Security Plugin to version 1402.1405.vc96e74964250 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-57280.

Read more
Developer Tools
Case Studies