Daily security briefing
Regenerated with every ingest cycle — KEV additions, notable advisories and exploitation outlook for each UTC day. Also delivered as a free email every morning — subscribe.
Weekly recaps
- 2026-07-11Saturday, Jul 11, 20260 advisories52 CVEs12 notable
On July 11, 2026, there were no new advisories from CERT/PSIRT, but 52 CVEs were published, highlighting several critical vulnerabilities primarily affecting WordPress plugins. Notable entries include CVE-2026-15155, CVE-2026-2354, CVE-2026-13756, CVE-2026-14262, and CVE-2025-6784, all rated high with a CVSS score of 8.8, indicating serious security risks such as arbitrary file uploads and remote code execution. Additionally, CVE-2026-7655 and CVE-2026-9282, with CVSS scores of 8.1 and 7.5 respectively, also pose significant threats through privilege escalation and directory traversal vulnerabilities. Security teams should prioritize addressing these vulnerabilities to mitigate potential exploitation.
- 2026-07-10Friday, Jul 10, 20262 KEV207 advisories2978 CVEs24 notable
On July 10, 2026, the security advisory landscape saw the addition of two significant Known Exploited Vulnerabilities (KEVs): CVE-2026-56291, related to Balbooa Forms, and CVE-2026-48939, concerning iCagenda, both involving unrestricted file uploads. The day also featured critical advisories, including CISA's update on two KEVs and a critical vulnerability impacting Roundcube Webmail (CVE-2025-49113). Additionally, multiple high-severity advisories were issued regarding vulnerabilities in the Linux kernel, with updates highlighting various issues that could lead to denial of service. Notable CVEs included several critical vulnerabilities with CVSS scores of 10, such as GHSA-m5f5-28qr-9g9r, related to PrestaShop, and CVE-2026-54769, affecting the Langroid framework. Overall, while CERT/PSIRT output was relatively quiet, the notable CVEs indicate ongoing security challenges.
- 2026-07-09Thursday, Jul 9, 2026219 advisories3025 CVEs24 notable
On July 9, 2026, there were 219 advisories from CERT/PSIRT, but no new additions to the Known Exploited Vulnerabilities (KEV) list. Significant advisories included high-severity updates for Aqua Security Trivy, Linux Kernel, and Netty, as well as new vulnerabilities in GitLab, Red Hat Enterprise Linux, and FreeRDP that allow for code execution. Notably, several critical CVEs were published today, including CVE-2026-59726 for Ruflo, CVE-2026-59827 for Metabase, and CVE-2026-15158 for the Blocksy Companion plugin, all of which pose serious risks such as remote code execution and arbitrary file uploads. Other critical vulnerabilities affecting various applications were also reported, emphasizing the need for immediate attention from security teams.
- 2026-07-08Wednesday, Jul 8, 2026134 advisories1665 CVEs24 notable
On July 8, 2026, the security advisory landscape was marked by a significant number of advisories, with 134 from CERT/PSIRT and 1,665 CVEs published. Notable advisories included multiple high-severity vulnerabilities in Langflow, Red Hat Enterprise Linux, BeyondTrust Privileged Remote Access, and IBM Operational Decision Manager, among others. In terms of critical vulnerabilities, CVE-2026-54782 in CoreWCF and CVE-2026-56843 in WebPros Plesk both received a CVSS score of 10, highlighting their severity. Other critical CVEs of interest included vulnerabilities in Fluentd and various WordPress plugins, all of which pose serious risks if left unaddressed.
- 2026-07-07Tuesday, Jul 7, 20264 KEV177 advisories2697 CVEs24 notable
On July 7, 2026, security advisory activity was robust, with 177 advisories issued and 2,697 CVEs published. Notably, four new vulnerabilities were added to the Known Exploited Vulnerabilities (KEV) catalog, including CVE-2026-48282 affecting Adobe ColdFusion and CVE-2026-48908 related to JoomShaper SP Page Builder. Critical advisories included updates from Adobe and several from Siemens, highlighting vulnerabilities in Mendix Studio Pro and SINEC OS. Additionally, several critical CVEs were published, such as CVE-2026-34037, CVE-2026-34047, and CVE-2026-34048, all related to the Coolify tool, which poses significant risks to server management.
- 2026-07-06Monday, Jul 6, 2026199 advisories3697 CVEs24 notable
Today's security advisory activity included 199 advisories from CERT/PSIRT, with no new additions to the Known Exploited Vulnerabilities (KEV) list. Significant updates were issued for vulnerabilities in Apache Camel, the Linux Kernel, Eclipse Jetty, Golang Go, Microsoft Windows, and Google Chrome, all categorized as high severity. Notable CVEs published today include several critical vulnerabilities, such as CVE-2026-48316 affecting ColdFusion, and GHSA-vjc7-jrh9-9j86, which involves unauthenticated access in 9router. Other critical vulnerabilities include issues in Langroid, Crawl4AI, and Plesk XML API, highlighting the need for immediate attention from security teams.
- 2026-07-05Sunday, Jul 5, 20260 advisories86 CVEs12 notable
On July 5, 2026, there were no new advisories from CERT or PSIRT, and the day saw the publication of 86 CVEs. Among the notable vulnerabilities, CVE-2026-9085 and CVE-2026-14721 both received a high severity rating of 8.8, indicating critical access control issues in TUBITAK B. Other significant vulnerabilities include CVE-2026-12250 with a CVSS score of 7.9, related to sensitive information exposure in TUBITAK BILGEM Software, and several others in the 7.3 to 7.8 range affecting various software projects. Security teams should prioritize reviewing these vulnerabilities to mitigate potential risks.
- 2026-07-04Saturday, Jul 4, 20260 advisories70 CVEs12 notable
On July 4, 2026, the security advisory landscape was relatively quiet, with a total of 70 new advisories and 70 distinct CVEs reported. There were no additions to the Known Exploited Vulnerabilities (KEV) list, and no critical advisories were highlighted. This suggests a day with limited high-impact security concerns for SOC and CSIRT teams to address.