Microsoft SharePoint Server CVE-2026-45659 needs patch and exposure validation
Classification: NEW. MSRC provides the vendor advisory and reporting keeps SharePoint exposure in the response queue; the local catalogue poll has no new entries since the last poll.
Recommended action: Validate SharePoint patch state and internet exposure, then hunt recent SharePoint/IIS access paths.
Identifiers: CVE-2026-45659
Sources: [MSRC CVE-2026-45659](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659); [BleepingComputer SharePoint exploitation report](https://www.bleepingcomputer.com/news/security/cisa-microsoft-sharepoint-rce-flaw-now-actively-exploited/)
Update 2: UPDATE(patchreleased): Cisco confirms active exploitation of Unified CM CVE-2026-20230
Recommended action: Upgrade to fixed Unified CM releases or disable WebDialer until patching is complete.
Identifiers: CVE-2026-20230
Sources: [Cisco Unified CM security advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW); [BleepingComputer Cisco Unified CM report](https://www.bleepingcomputer.com/news/security/cisco-finally-confirms-attackers-exploiting-unified-cm-flaw/)
Ubuntu USN-8496-2 cifs-utils regression reopens Linux patch routing
Classification: NEW. Canonical reverted the prior cifs-utils security update after a Kerberos mount regression and published replacement package versions across supported Ubuntu releases.
Recommended action: Apply USN-8496-2 where Kerberos mounts broke and monitor for the complete replacement security fix.
Identifiers: USN-8496-2
Sources: [Ubuntu security notice USN-8496-2](https://ubuntu.com/security/notices/USN-8496-2)
ChocoPoC campaign weaponizes GitHub PoCs and PyPI dependencies against vulnerability researchers
Classification: NEW. Reporting and research describe malicious GitHub PoCs that install PyPI dependencies to deliver a RAT; the item is not suppressed by the published ledger.
Recommended action: Block named packages, inspect researcher endpoints, and move PoC testing into disposable sandboxes.
Identifiers: ChocoPoC / PyPI packages frint, skytext, slogsec, logcrypt.cryptography
Sources: [BleepingComputer ChocoPoC report](https://www.bleepingcomputer.com/news/security/new-chocopoc-malware-targets-researchers-via-trojanized-poc-exploits/); [YesWeHack ChocoPoC research note](https://www.yeswehack.com/news/chocopocs-vulnerability-researchers-trojanised-exploits)
GitHub Enterprise Server CVE-2026-9312 SSRF fixed before 3.21/3.22
Classification: NEW. NCSC-NL and NVD describe GitHub Enterprise Server SSRF affecting versions before 3.21 and 3.22.
Recommended action: Upgrade GHES to fixed 3.21/3.22 trains and review OAuth runner-management scopes.
Identifiers: CVE-2026-9312
Sources: [NCSC-NL NCSC-2026-0219](https://advisories.ncsc.nl/advisory?id=NCSC-2026-0219); [NVD CVE-2026-9312](https://nvd.nist.gov/vuln/detail/CVE-2026-9312)
GIMP CVE-2026-58381 code-execution path enters EU workstation routing
Classification: NEW. CERT-Bund WID-SEC-2026-2187 maps GIMP CVE-2026-58381 to local denial-of-service with potential arbitrary code execution.
Recommended action: Patch GIMP where untrusted image/project files are handled.
Identifiers: CVE-2026-58381
Sources: [CERT-Bund WID-SEC-2026-2187](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2187)
PHP CVE-2026-12184 and CVE-2026-14355 denial-of-service batch lands in CERT-Bund
Classification: NEW. CERT-Bund WID-SEC-2026-2186 identifies multiple PHP flaws allowing remote anonymous denial-of-service.
Recommended action: Patch PHP runtimes exposed through web workloads, prioritising internet-facing services.
Identifiers: CVE-2026-12184 / CVE-2026-14355
Sources: [CERT-Bund WID-SEC-2026-2186](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2186)
protobufjs CVE-2026-44293 can emit attacker-controlled JavaScript from crafted descriptors
Classification: NEW. NVD says protobufjs before 7.5.6 and 8.0.2 can generate unsafe JavaScript during toObject conversion from crafted schemas.
Recommended action: Update protobufjs to 7.5.6 or 8.0.2; treat untrusted protobuf descriptors as code-generation input.
Identifiers: CVE-2026-44293
Sources: [NVD CVE-2026-44293](https://nvd.nist.gov/vuln/detail/CVE-2026-44293)
Cisco ThousandEyes Virtual Appliance certificate handling permits root command execution
Classification: NEW. NVD describes authenticated remote command execution through crafted certificate upload, executing OS commands as root.
Recommended action: Patch ThousandEyes Virtual Appliance and restrict certificate-upload roles.
Identifiers: CVE-2026-20199
Sources: [NVD CVE-2026-20199](https://nvd.nist.gov/vuln/detail/CVE-2026-20199)
Snipe-IT CVE-2026-44832 lets users.edit holders escalate themselves to admin
Classification: NEW. NVD says Snipe-IT before 8.4.1 lets authenticated users with users.edit set admin permissions via API PATCH.
Recommended action: Upgrade Snipe-IT to 8.4.1 and audit recent user permission changes.
Identifiers: CVE-2026-44832
Sources: [NVD CVE-2026-44832](https://nvd.nist.gov/vuln/detail/CVE-2026-44832)
Jupyter Server CVE-2026-6657 weak CORS origin matching affects configured alloworiginpat
Classification: NEW. NVD says jupyter-server 1.12.0 through 2.17.0 can bypass CORS origin validation when alloworiginpat uses prefix-style matching.
Recommended action: Update jupyter-server and review alloworigin_pat patterns.
Identifiers: CVE-2026-6657
Sources: [NVD CVE-2026-6657](https://nvd.nist.gov/vuln/detail/CVE-2026-6657)
Apache ZooKeeper CVE-2026-24281 hostname-verification flaw
Classification: NEW. NVD published the record for Apache ZooKeeper ZKTrustManager hostname verification behavior.
Recommended action: Check ZooKeeper clusters and TLS trust settings.
Identifiers: CVE-2026-24281
Sources: [NVD CVE-2026-24281](https://nvd.nist.gov/vuln/detail/CVE-2026-24281)
Apache ZooKeeper CVE-2026-24308 ZKConfig handling flaw
Classification: NEW. NVD published the record for Apache ZooKeeper ZKConfig configuration handling.
Recommended action: Route alongside CVE-2026-24281 to platform owners running ZooKeeper estates.
Identifiers: CVE-2026-24308
Sources: [NVD CVE-2026-24308](https://nvd.nist.gov/vuln/detail/CVE-2026-24308)
Quarkus CVE-2026-39852 cloud-native Java framework flaw
Classification: NEW. NVD published the Quarkus record for cloud-native Java application deployments.
Recommended action: Route to Java platform owners and identify internet-facing Quarkus services.
Identifiers: CVE-2026-39852
Sources: [NVD CVE-2026-39852](https://nvd.nist.gov/vuln/detail/CVE-2026-39852)
Microsoft Edge Chromium-based remote-code-execution patch wave
Classification: NEW. MSRC published Edge desktop RCE advisories; selected lead CVE had no 21-day ledger match.
Recommended action: Push desktop Edge stable-channel validation across managed Windows, macOS, and Linux fleets.
Identifiers: CVE-2026-56645
Sources: [MSRC CVE-2026-56645](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56645)
Chromium memory-safety CVE batch routed through MSRC
Classification: NEW. MSRC published Chromium memory-safety records spanning GPU, Browser, Blink, DOM, FFmpeg, Bluetooth, Device, and related components.
Recommended action: Route to all Chromium-based browser owners, not only Microsoft Edge owners.
Identifiers: CVE-2026-13775
Sources: [MSRC CVE-2026-13775](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-13775)
Microsoft Edge for Android remote-code-execution and disclosure batch
Classification: NEW. MSRC published Edge for Android records including RCE and disclosure items, with no 21-day ledger match for the lead CVE.
Recommended action: Validate MDM rings for Edge on Android and high-risk BYOD groups.
Identifiers: CVE-2026-58299
Sources: [MSRC CVE-2026-58299](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58299)
Microsoft Edge security-feature-bypass batch
Classification: NEW. MSRC published Edge security-feature-bypass records including CVE-2026-57983, CVE-2026-58295, and CVE-2026-58523.
Recommended action: Route with RCE items because bypass bugs can weaken browser hardening and policy enforcement.
Identifiers: CVE-2026-57983
Sources: [MSRC CVE-2026-57983](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57983)
Chromium policy, extension, password, USB, and enterprise-control CVE batch
Classification: NEW. MSRC published Chromium control-plane CVEs covering policy, extension, password, USB/WebHID, and browser-management areas.
Recommended action: Validate enterprise browser policy baselines, extension controls, password-manager exposure, and USB/WebHID policy.
Identifiers: CVE-2026-13824
Sources: [MSRC CVE-2026-13824](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-13824)
IGEL OS remote file-manipulation advisory reaches CERT-Bund
Classification: NEW. CERT-Bund published WID-SEC-2026-2188 for IGEL OS remote anonymous file manipulation; not present in the 21-day published ledger.
Recommended action: Patch/track fixed IGEL OS builds and restrict remote management exposure.
Identifiers: WID-SEC-2026-2188
Sources: [CERT-Bund WID-SEC-2026-2188](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2188)
Rancher 2.13/2.14 authentication and role-binding fixes reach NCSC-NL
Classification: NEW. NCSC-NL covers Rancher 2.13.0-2.13.7 and 2.14.0-2.14.3 SAML assertion replay and stale project role-template binding fixes.
Recommended action: Patch Rancher and review SAML session handling plus project role bindings.
Identifiers: NCSC-2026-0220
Sources: [NCSC-NL NCSC-2026-0220](https://advisories.ncsc.nl/advisory?id=NCSC-2026-0220)
Red Hat Software Collections high-severity batch re-enters CERT-Bund routing
Classification: NEW. CERT-Bund WID-SEC-2026-2183 flags a Red Hat Software Collections high-severity batch spanning older CVEs.
Recommended action: Patch affected Red Hat Software Collections packages where still deployed.
Identifiers: WID-SEC-2026-2183
Sources: [CERT-Bund WID-SEC-2026-2183](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2183)
Dell PowerProtect Data Domain WID-SEC-2026-2189 high-severity batch
Classification: NEW. CERT-Bund published WID-SEC-2026-2189 for Dell PowerProtect Data Domain; alias checks had no 21-day ledger match.
Recommended action: Route to backup/storage owners and confirm fixed builds.
Identifiers: WID-SEC-2026-2189
Sources: [CERT-Bund WID-SEC-2026-2189](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2189)
WatchGuard Firebox WID-SEC-2026-2193 high-severity batch
Classification: NEW. CERT-Bund published WID-SEC-2026-2193 for WatchGuard Firebox; resolved aliases had no 21-day match.
Recommended action: Route to edge-firewall owners, especially externally managed appliances.
Identifiers: WID-SEC-2026-2193
Sources: [CERT-Bund WID-SEC-2026-2193](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2193)
CERTFR-2026-AVI-0831 Ubuntu Linux kernel vulnerability batch
Classification: NEW. CERT-FR published a 3 July Ubuntu Linux kernel advisory.
Recommended action: Map affected Ubuntu kernel packages to server and workstation maintenance windows.
Identifiers: CERTFR-2026-AVI-0831
Sources: [CERT-FR CERTFR-2026-AVI-0831](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0831/)
CERTFR-2026-AVI-0834 IBM product vulnerability batch
Classification: NEW. CERT-FR published a 3 July advisory covering multiple IBM products.
Recommended action: Route to IBM middleware/product owners for version scoping and vendor fix checks.
Identifiers: CERTFR-2026-AVI-0834
Sources: [CERT-FR CERTFR-2026-AVI-0834](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0834/)
Coolify WID-SEC-2026-2192 high-severity multi-CVE batch
Classification: NEW. CERT-Bund published WID-SEC-2026-2192; it is distinct from the earlier Coolify WID-SEC-2026-2182 item.
Recommended action: Route to self-hosted deployment and developer-platform owners.
Identifiers: WID-SEC-2026-2192
Sources: [CERT-Bund WID-SEC-2026-2192](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2192)
Erlang/OTP WID-SEC-2026-2194 medium-severity batch
Classification: NEW. CERT-Bund published WID-SEC-2026-2194 with related CVE/GHSA aliases and no 21-day ledger match.
Recommended action: Route to messaging, telecom, and Erlang runtime owners.
Identifiers: WID-SEC-2026-2194
Sources: [CERT-Bund WID-SEC-2026-2194](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2194)
Ubuntu USN-8503-1 ncurses vulnerability
Classification: NEW. Ubuntu published USN-8503-1 for an ncurses vulnerability.
Recommended action: Include ncurses packages in routine Ubuntu patch validation.
Identifiers: USN-8503-1
Sources: [Ubuntu security notice USN-8503-1](https://ubuntu.com/security/notices/USN-8503-1)
All findings grounded in a13e intelligence sweeps through 05:30 UTC 4 July 2026.
New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure
Hackers are targeting NetScaler appliances using public PoC code to retrieve arbitrary memory content in the HTTP response. The post New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure appeared first on SecurityWeek .
Sources: https://www.securityweek.com/new-citrixbleed-vulnerability-exploited-immediately-after-public-disclosure/
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts CVE-2026-8037
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU). The Canadian cybersecurity company said it identified exploitation attempts targeting CVE-2026-8037 (CVSS score:
Sources: https://thehackernews.com/2026/07/latest-progress-kemp-loadmaster-pre.html
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials CVE-2025-5777
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Mo Known Exploited (CISA KEV).
Sources: https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html