NEW: JoomShaper SP Page Builder CVE-2026-48908 enters CISA KEV
This is newly present in today's intelligence. CISA KEV active-exploitation listing; not listed as excluded from today's publication queue.
The immediate operator task is narrow: Inventory Joomla SP Page Builder, patch/disable vulnerable versions, and hunt upload/webshell activity.
- What the sources add
- CVE-2026-48908 Source: https://www.joomshaper.com/page-builder
- CVSS 10 critical · CWE-434 Unrestricted Upload of File with Dangerous Type · EPSS 52th percentile · CISA KEV (actively exploited). Source: https://www.joomshaper.com/page-builder
- actively exploited Source: https://www.joomshaper.com/page-builder
- Operator lens
- Inventory Joomla SP Page Builder, patch/disable vulnerable versions, and hunt upload/webshell activity. Source: https://www.joomshaper.com/page-builder
Action: Inventory Joomla SP Page Builder, patch/disable vulnerable versions, and hunt upload/webshell activity.
Sources: [CISA KEV CVE-2026-48908](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?vulnId=CVE-2026-48908)
NEW: Joomlack Page Builder CVE-2026-56290 enters CISA KEV
This is newly present in today's intelligence. CISA KEV active-exploitation listing; not listed as excluded from today's publication queue.
The immediate operator task is narrow: Patch or disable vulnerable Joomla Page Builder installs and review upload telemetry.
- What the sources add
- CVE-2026-56290 Source: https://www.joomlack.fr/
- CVSS 10 critical · CWE-434 Unrestricted Upload of File with Dangerous Type · EPSS 28th percentile · CISA KEV (actively exploited). Source: https://www.joomlack.fr/
- actively exploited Source: https://www.joomlack.fr/
- Operator lens
- Patch or disable vulnerable Joomla Page Builder installs and review upload telemetry. Source: https://www.joomlack.fr/
Action: Patch or disable vulnerable Joomla Page Builder installs and review upload telemetry.
Sources: [CISA KEV CVE-2026-56290](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?vulnId=CVE-2026-56290)
Gitea CVE-2026-20896 active exploitation confirmed after prior publication
This is a material update in today's intelligence. Previously excluded as repeat coverage, but re-promoted because today's intelligence records active exploitation confirmation.
The immediate operator task is narrow: Verify Gitea 1.26.3/1.26.4+ or mitigations, audit proxy trusted-header settings, and review repo/secret access logs.
- What the sources add
- CVE-2026-20896 Source: https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/
- CVSS 9.8 critical · CWE-284 Improper Access Control · EPSS 52th percentile. Source: https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/
- not in CISA KEV at enrichment time Source: https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/
Action: Verify Gitea 1.26.3/1.26.4+ or mitigations, audit proxy trusted-header settings, and review repo/secret access logs.
Sources: [SecurityWeek Gitea exploitation report](https://www.securityweek.com/critical-gitea-flaw-under-active-exploitation-researchers-warn/)
All findings grounded in a13e intelligence sweeps through 04:30 UTC 08 July 2026.
NEW: EGroupware CVE-2026-27823 file read/write to RCE path
This is newly present in today's intelligence. GHSA-backed global developer/collaboration finding; not listed as excluded from today's publication queue.
The immediate operator task is narrow: Patch EGroupware, disable self-registration where unnecessary, and check setup-password integrity.
- What the sources add
- CVE-2026-27823 Source: https://github.com/advisories/GHSA-h9qx-v5xp-ph8p
- CVSS 9.3 critical · CWE-22 Path Traversal. Source: https://github.com/advisories/GHSA-h9qx-v5xp-ph8p
- not in CISA KEV at enrichment time Source: https://github.com/advisories/GHSA-h9qx-v5xp-ph8p
- Operator lens
- Patch EGroupware, disable self-registration where unnecessary, and check setup-password integrity. Source: https://github.com/advisories/GHSA-h9qx-v5xp-ph8p
Action: Patch EGroupware, disable self-registration where unnecessary, and check setup-password integrity.
Sources: [GitHub advisory GHSA-h9qx-v5xp-ph8p](https://github.com/advisories/GHSA-h9qx-v5xp-ph8p)
NEW: Better Auth CVE-2026-53512 OAuth refresh-token replay
This is newly present in today's intelligence. GitHub advisory with patched version and configuration actions; not listed as excluded from today's publication queue.
The immediate operator task is narrow: Upgrade to better-auth 1.6.11, migrate OAuth provider where feasible, and revoke suspicious refresh tokens.
- What the sources add
- CVE-2026-53512 Source: https://github.com/advisories/GHSA-pw9m-5jxm-xr6h
- CVSS 9.1 critical · CWE-287 Improper Authentication. Source: https://github.com/advisories/GHSA-pw9m-5jxm-xr6h
- not in CISA KEV at enrichment time Source: https://github.com/advisories/GHSA-pw9m-5jxm-xr6h
- Operator lens
- Upgrade to better-auth 1.6.11, migrate OAuth provider where feasible, and revoke suspicious refresh tokens. Source: https://github.com/advisories/GHSA-pw9m-5jxm-xr6h
Action: Upgrade to better-auth 1.6.11, migrate OAuth provider where feasible, and revoke suspicious refresh tokens.
Sources: [GitHub advisory GHSA-pw9m-5jxm-xr6h](https://github.com/advisories/GHSA-pw9m-5jxm-xr6h)
NEW: Goploy CVE-2026-53552 cross-namespace IDOR enables deploy-plane RCE
This is newly present in today's intelligence. GitHub advisory candidate; not listed as excluded from today's publication queue.
The immediate operator task is narrow: Restrict manager roles, patch when available, and audit deploy remote rewrites.
- What the sources add
- CVE-2026-53552 Source: https://github.com/advisories/GHSA-26rh-24rg-j3vv
- CVSS 9.6 critical · CWE-639 Authorization Bypass Through User-Controlled Key. Source: https://github.com/advisories/GHSA-26rh-24rg-j3vv
- not in CISA KEV at enrichment time Source: https://github.com/advisories/GHSA-26rh-24rg-j3vv
Action: Restrict manager roles, patch when available, and audit deploy remote rewrites.
Sources: [GitHub advisory GHSA-26rh-24rg-j3vv](https://github.com/advisories/GHSA-26rh-24rg-j3vv)
NEW: RHEL perl-HTTP-Daemon CVE-2026-8450 service-privilege code execution
This is newly present in today's intelligence. New CERT-Bund RHEL package advisory; not listed as excluded from today's publication queue.
The immediate operator task is narrow: Identify RHEL systems using perl-HTTP-Daemon and apply updates.
- What the sources add
- CVE-2026-8450 Source: https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995.patch
- CVSS 9.1 critical · CWE-78 OS Command Injection · EPSS 65th percentile. Source: https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995.patch
- not in CISA KEV at enrichment time Source: https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995.patch
- Operator lens
- Identify RHEL systems using perl-HTTP-Daemon and apply updates. Source: https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995.patch
Action: Identify RHEL systems using perl-HTTP-Daemon and apply updates.
Sources: [CERT-Bund WID-SEC-2026-2218](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2218)
CVE-2020-21468: A segmentation fault in the redis-server component of Redis 5.0.7 leads to a den CVE-2020-21468
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7.
Sources: https://nvd.nist.gov/vuln/detail/CVE-2020-21468
CVE-2020-21833: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read CVE-2020-21833
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read2004sectionclasses ../../src/decode.c:2440.
Sources: https://nvd.nist.gov/vuln/detail/CVE-2020-21833
CVE-2020-21840: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bitse CVE-2020-21840
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bitsearchsentinel ../../src/bits.c:1985.
Sources: https://nvd.nist.gov/vuln/detail/CVE-2020-21840
Also tracked
- A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09Beta a · CVE-2021-41441 · High
- NEW: Hitachi Energy PROMOD V CVE-2026-10763 CISA ICS advisory · CVE-2026-10763 · High
- NEW: RHEL 389-ds-base CVE-2026-11610/CVE-2026-11774 fixes · CVE-2026-11610 · High
- NEW: Terraform Enterprise CVE-2026-14468 information disclosure enters EU routing · CVE-2026-14468 · High
- NEW: xwiki CVE-2026-34151 information-disclosure fix · CVE-2026-34151 · High
- Better Auth CVE-2026-53514 invitation flow trusts unverified email ownership · CVE-2026-53514 · High
- NEW: Better Auth CVE-2026-53516 OAuth auto-link account takeover · CVE-2026-53516 · High
- NEW: Digi PortServer TS / Digi One SP IA CVE-2026-12352 advisory · CVE-2026-12352 · Medium
- NEW: keras CVE-2026-12480 HDF5 file-read bypass · CVE-2026-12480 · Medium
- NEW: onnxruntime CVE-2026-14647 out-of-bounds advisory · CVE-2026-14647 · Medium
- NEW: Siemens Mendix Studio Pro CVE-2026-48192 CISA ICS advisory · CVE-2026-48192 · Medium
- NEW: Weblate CVE-2026-50127 outbound URL guard misses private ranges · CVE-2026-50127 · Medium
- NEW: Kite CVE-2026-53487 authenticated cluster RBAC bypass · CVE-2026-53487 · Medium
- NEW: CKAN MCP Server CVE-2026-53509 SSRF fix bypass reaches v0.4.106 · CVE-2026-53509 · Medium
- NEW: KEDA CVE-2026-53572 PostgreSQL scaler parameter injection · CVE-2026-53572 · Medium
- NEW: MSRC curl/TLS/SSH transport CVE batch · CVE-2026-8458 · Medium
- The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0. · CVE-2021-40905 · Unknown
- A design flaw in all versions of Go-Ethereum allows an attacker node to send 512 · CVE-2022-23328 · Unknown
- Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which al · CVE-2022-24255 · Unknown
- Synaman v5.1 and below was discovered to contain weak file permissions which all · CVE-2022-26250 · Unknown
- LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 · CVE-2022-28986 · Unknown
- NEW: Devolutions Server CVE-2026-14536 security-control bypass · CVE-2026-14536 · Notscored
- NEW: Hydro-Quebec charging-station backend CVE-2026-20744 CISA ICS advisory · CVE-2026-20744 · Unknown
- NEW: GIMP image-processing multi-CVE workstation batch
- NEW: OpenSSH multiple-vulnerability advisory lands in CERT-Bund
- NEW: Zimbra Collaboration before 10.1.19 needs XSS patch validation
- NEW: UNKMassTraction exploits Roundcube n-days against research departments
- NEW: PolinRider supply-chain compromise spans packages and extensions
- NEW: Tenda firmware hidden admin backdoor remains unpatched
- NEW: vLLM WID-SEC-2026-0987 multi-vulnerability update lands in EU queue
- NEW: NCSC-NL UniFi product vulnerabilities fixed
- NEW: BeyondTrust PRA/RS authentication-bypass batch reaches CERT-Bund routing
- NEW: DriveLock On-Premise and Cloud high-severity batch
- NEW: Apache Airflow multi-CVE workflow-platform batch