What changed today
Today's assessment contains 12 owner-action findings.
Recommended actions
Address Critical findings first, followed by High, Medium and Low items according to confirmed exposure and asset ownership.
Finding 01 covers SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data (CVE-2026-44747).
Finding 02 covers Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates.
Finding 03 covers Rockwell Automation CompactLogix and ControlLogix: multiple vulnerabilities (CVE-2025-11698).
Finding 04 covers CISA warns admins to patch actively exploited SharePoint flaws.
Finding 05 covers July 2026 Patch Tuesday: Microsoft Patches 622 Vulnerabilities Including Two Exploited Zero-Days.
Finding 06 covers Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown.
Finding 07 covers Red Hat Enterprise Linux (python-pillow): multiple vulnerabilities (CVE-2020-35653, CVE-2020-35655, CVE-2021-25287, CVE-2021-25288, CVE-2021-25290, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921).
Finding 08 covers Apple macOS Sequoia, Sonoma and Ventura: multiple vulnerabilities (CVE-2025-24119, CVE-2025-24188, CVE-2025-24224, CVE-2025-31243, CVE-2025-31273, CVE-2025-31275, CVE-2025-31277, CVE-2025-31278).
Finding 09 covers Datadog dd-trace W3C baggage extraction DoS spans six tracer ecosystems (CVE-2026-50270, CVE-2026-50271, CVE-2026-50272, CVE-2026-50273, CVE-2026-50274, CVE-2026-50276).
Finding 10 covers Fortinet FortiSandbox: vulnerability allows security-control bypass (CVE-2026-59835).
Finding 11 covers Spotfire Server: vulnerability allows security-control bypass (CVE-2026-8590).
Finding 12 covers the cited vulnerability GitHub CLI gh codespace jupyter could allow remote code execution when connecting to a malicious Codespace (CVE-2026-59831).