Signal
Multiple important vulnerabilities disclosed in Drupal, Mattermost, MISP modules, and Microsoft SharePoint
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-07-14 02:00 UTCUpdated 2026-07-14 13:00 UTC
rss
cvevulnerabilitiessecurity_advisoriesincident_response
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Several significant security vulnerabilities have been disclosed across popular software platforms including Drupal core, Mattermost, misp-modules, and Microsoft SharePoint. Drupal core faces multiple issues such as cache poisoning, PHP object injection, and server-side request forgery.
Score total
1.31
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
- The vulnerabilities were recently disclosed and official fixes have been released or are forthcoming.
- Rapid7's research highlights active efforts to identify and remediate zero-day issues.
- Coordinated disclosures emphasize the importance of continuous security vigilance.
Why it matters
- These vulnerabilities affect widely used software critical to web infrastructure and collaboration.
- Exploitation could lead to unauthorized access, denial of service, or remote code execution.
- Timely patching is essential to prevent potential attacks leveraging these flaws.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- Drupal core has multiple important vulnerabilities including cache poisoning, PHP object injection, and server-side request forgery.
- Mattermost suffers from vulnerabilities allowing unauthorized actions, denial of service, and OAuth token misuse.
- MISP modules have a severe server-side request forgery protection bypass vulnerability.
- Microsoft SharePoint JWT token validation flaw enables authentication bypass, with remote code execution patch forthcoming.
How sources frame it
- Rapid7 Labs: neutral
All evidence
All evidence
CVE-2026-55040: Microsoft SharePoint JWT Token Authentication Bypass (FIXED)
Rapid7 Blog · rapid7.com · 2026-07-14 13:00 UTC
Multiple important vulnerabilities in Drupal core
NCSC-FI - Vulnerabilities · drupal.org · 2026-07-14 02:00 UTC
Multiple important vulnerabilities in Mattermost
NCSC-FI - Vulnerabilities · mattermost.com · 2026-07-14 02:00 UTC
Severe vulnerability in misp-modules
NCSC-FI - Vulnerabilities · nvd.nist.gov · 2026-07-14 02:00 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
- NCSC-FI - Vulnerabilities (3)
- Rapid7 Blog (1)
Top origin domains (this list)
- rapid7.com (1)
- drupal.org (1)
- mattermost.com (1)
- nvd.nist.gov (1)