← All briefings
Daily security briefing — 2026-07-06
CERT / PSIRT advisories
199
Today's security advisory activity included 199 advisories from CERT/PSIRT, with no new additions to the Known Exploited Vulnerabilities (KEV) list. Significant updates were issued for vulnerabilities in Apache Camel, the Linux Kernel, Eclipse Jetty, Golang Go, Microsoft Windows, and Google Chrome, all categorized as high severity. Notable CVEs published today include several critical vulnerabilities, such as CVE-2026-48316 affecting ColdFusion, and GHSA-vjc7-jrh9-9j86, which involves unauthenticated access in 9router. Other critical vulnerabilities include issues in Langroid, Crawl4AI, and Plesk XML API, highlighting the need for immediate attention from security teams.
Notable advisories
Critical/high or exploited items from national CERTs and vendor PSIRTs.
Notable CVEs
Highest-severity CVEs published this day from the NVD and GitHub Advisory firehose — the sharpest items behind the day’s numbers.
- criticalGHSA-vjc7-jrh9-9j86: 9router has unauthenticated CRUD on /api/providers and FullGHSA-vjc7-jrh9-9j86: 9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/sCVSS 10
- criticalCVE-2026-54769GHSA-q9p7-wqxg-mrhc: Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TCVSS 10
- criticalCVE-2026-48316CVE-2026-48316: ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vCVSS 10
- criticalCVE-2026-57572CVE-2026-57572: Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker APCVSS 10
- criticalCVE-2026-48614CVE-2026-48614: An improper authorization vulnerability in the Plesk XML API allows an authenticated user to iCVSS 9.9
- criticalCVE-2026-55500GHSA-qvfm-67h2-2qfx: 9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, AlCVSS 9.9
- criticalCVE-2026-34038CVE-2026-34038: Coolify is an open-source and self-hostable tool for managing servers, applications, and databCVSS 9.9
- criticalCVE-2026-46454CVE-2026-46454: Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd comCVSS 9.8
- criticalCVE-2026-9181CVE-2026-9181: ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could eCVSS 9.8
- criticalCVE-2026-46456CVE-2026-46456: Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqsCVSS 9.8
- criticalCVE-2026-48204CVE-2026-48204: Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel MongCVSS 9.8
- criticalCVE-2026-46455CVE-2026-46455: Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keCVSS 9.8
Highest exploitation probability
EPSS (FIRST.org) scores among CVEs published this day.
- 100%CVE-2023-44487estimated probability of exploitation within 30 days
Get this briefing by email. One free message every morning after 06:00 UTC — same data, zero noise, one-click unsubscribe.
Subscribe. Tracking specific products instead? Watch them from any
product page and get alerted only when they ship a new advisory.