NVD disclosure day

Published threat advisories for July 2, 2026

CVE advisoryCRITICAL

CVE-2026-57100

Microsoft Entra Provisioning SSRF Vulnerability Allows Privilege Escalation

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A server-side request forgery vulnerability exists in Microsoft Entra Provisioning Service, which could permit an authenticated attacker to elevate privileges over a network. This threat is relevant if your organization uses this service, as it might allow unauthorized access or control when exploited.

CVE advisoryCRITICAL

CVE-2026-41106

M365 Copilot Open Redirect Vulnerability Allows Privilege Escalation

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical open redirect vulnerability in M365 Copilot could allow unauthorized attackers to gain elevated privileges over a network. This issue affects a widely deployed cloud-based productivity service, increasing the potential for broad impact. The vulnerability could be exploited by tricking a user into clicking a

CVE advisoryCRITICAL

CVE-2026-52830

fast-mcp-telegram Session File Path Traversal Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A path traversal vulnerability in fast-mcp-telegram could allow a remote attacker to bypass authentication and gain unauthorized access to a default Telegram session. This could potentially lead to unintended actions or data exposure if the server is reachable. It is important to confirm if this technology is in use an

CVE advisoryCRITICAL

CVE-2026-38971

ArduPilot Out-of-Bounds Read Vulnerability in GCS Serial Control

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An out-of-bounds read vulnerability in ArduPilot autopilot software could allow unintended memory access if reachable. This may impact system integrity and availability, necessitating confirmation of its presence and potential exposure in your environment.

CVE advisoryCRITICAL

CVE-2026-38968

ntopng Predictable Session Identifier Vulnerability Allows Session Hijacking

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in ntopng's session identifier generation could allow attackers to hijack authenticated user sessions. This occurs because the system uses predictable, weak pseudo-randomness, potentially enabling session hijacking if the web interface is reachable. This poses a risk to the confidentiality and integrity

CVE advisoryCRITICAL

CVE-2026-59099

Apereo CAS AES-GCM Initialization Vector Reuse Information Disclosure

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Apereo CAS contains a cryptographic vulnerability enabling unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse. This could expose sensitive session information to attackers who can perform known-plaintext analysis on collected webflow execution tokens.

CVE advisoryCRITICAL

CVE-2026-58466

AutoBangumi Hard-Coded Default Credentials Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

AutoBangumi contains a hard-coded default credentials vulnerability. Unauthenticated attackers can authenticate as administrators using publicly known credentials, gaining full control of the application, including RSS and downloader configurations. Confirming the use and exposure of this software is important.

CVE advisoryCRITICAL

CVE-2026-44935

SUSE Rancher Fleet valuesFrom Reference Validation Allows Tenant Credential Access

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

SUSE Rancher Fleet's Helm Deployer has a vulnerability related to unvalidated "valuesFrom" references, which could allow a tenant owner to access fleet credentials of other tenants. This issue poses a risk to multi-tenant environments by potentially exposing sensitive information across different tenants.

CVE advisoryCRITICAL

CVE-2024-14037

Redsea Cloud eHR Arbitrary File Upload Leads to Remote Code Execution.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Redsea Cloud eHR has an arbitrary file upload vulnerability that allows unauthenticated attackers to execute remote code. This is possible by uploading a malicious file through a specific servlet endpoint, bypassing validation checks. The vulnerability can lead to system code execution, and exploitation has been observ

CVE advisoryCRITICAL

CVE-2022-50973

Yonyou KSOA Arbitrary File Upload Leading to Remote Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Yonyou KSOA software has a critical vulnerability allowing unauthenticated arbitrary file uploads via the ImageUpload servlet, which can lead to remote code execution. An attacker can exploit this by sending a POST request with malicious parameters to upload a webshell, resulting in unauthorized control of the affected

CVE advisoryCRITICAL

CVE-2026-58455

Dockwatch OS Command Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Dockwatch, a Docker management tool, has an unauthenticated OS command injection vulnerability. Remote attackers can exploit this to execute arbitrary shell commands, potentially leading to full host compromise. Confirm if Dockwatch is deployed and accessible in your environment.

CVE advisoryCRITICAL

CVE-2026-56004

Shellcode Injection in OBS tar_scm Source Service Allows Remote Code Execution.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A shellcode injection vulnerability exists in the obs tar_scm source service. Attackers could exploit this by providing a malicious `_service` file, potentially leading to code execution with the privileges of the source service or the local user. This matters because it could enable unauthorized actions within the aff

CVE advisoryCRITICAL

CVE-2026-55115

UniFi Protect SSRF Vulnerability Allows Privilege Escalation

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical Server-Side Request Forgery vulnerability exists in UniFi Protect Application, allowing a low-privilege attacker with network access to escalate privileges on the host device. This is significant as UniFi Protect is commonly used for video management and may be externally accessible for remote viewing. The p

CVE advisoryCRITICAL

CVE-2026-54402

UniFi OS Command Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability in UniFi OS could allow a low-privilege attacker on the network to execute commands on devices. This improper input validation flaw could lead to significant compromise of affected host devices. Determining the relevance and exposure to your environment is key.

CVE advisoryCRITICAL

CVE-2026-54400

UniFi Access Application Privilege Escalation via Improper Access Control

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An improper access control vulnerability in UniFi Access Application could allow a privileged network attacker to escalate privileges on the host device, potentially leading to broader compromise. Determining if this application is used and its network exposure is key.

CVE advisoryCRITICAL

CVE-2026-4767

TR7 Cyber Defense Inc. WAF-ASP Authentication Abuse Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical vulnerability in TR7 Cyber Defense Inc.'s WAF-ASP allows for authentication abuse due to a missing authentication check in a critical function. This could enable unauthenticated attackers to bypass security controls, potentially leading to unauthorized access and manipulation of the system.

CVE advisoryCRITICAL

CVE-2026-5524

Divi Form Builder Arbitrary File Upload RCE.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in the Divi Form Builder plugin for WordPress allows unauthenticated attackers to upload and execute arbitrary PHP files. This could lead to remote code execution and potential compromise of the website. The issue stems from insufficient validation of file types, which attackers can exploit to bypass se

CVE advisoryCRITICAL

CVE-2026-57683

WP Fast Total Search Unauthenticated SQL Injection

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An unauthenticated SQL injection vulnerability exists in the WP Fast Total Search plugin. If reachable, an attacker could potentially access or manipulate database information. This is concerning because it could lead to sensitive data disclosure or unintended service behavior.

CVE advisoryCRITICAL

CVE-2026-57677

Novalnet Payment Gateway for WooCommerce PHP Object Injection

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical PHP object injection vulnerability exists in the Novalnet Payment Gateway for WooCommerce, allowing unauthenticated attackers to inject malicious objects. This could potentially lead to arbitrary code execution and data manipulation, impacting payment processing integrity and customer trust. Readers should c

CVE advisoryCRITICAL

CVE-2026-57625

Admin and Site Enhancements Pro Unauthenticated Cross-Site Scripting Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An unauthenticated Cross-Site Scripting vulnerability exists in the Admin and Site Enhancements Pro plugin, allowing attackers to inject malicious scripts. This could lead to unauthorized actions or data exposure if a user interacts with crafted content. The reachability of this plugin on public-facing websites is a ke

CVE advisoryCRITICAL

CVE-2026-57624

Blocksy Companion Pro Unauthenticated Remote Code Execution

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability exists in the Blocksy Companion Pro plugin, enabling unauthenticated remote code execution. This allows attackers to run commands on affected systems, potentially leading to a full compromise. It is important to confirm if this plugin is in use and exposed to the internet.

CVE advisoryCRITICAL

CVE-2026-57623

W3 Total Cache Arbitrary Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An unauthenticated arbitrary code execution vulnerability exists in W3 Total Cache, a WordPress performance optimization plugin. If reachable, attackers could execute arbitrary code on the server. This is a concern because W3 Total Cache is widely used on public-facing WordPress sites, potentially impacting website int

CVE advisoryCRITICAL

CVE-2026-57621

Booktics Plugin PHP Object Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An unauthenticated PHP Object Injection vulnerability exists in the Booktics plugin. If reachable, an attacker could inject malicious PHP objects, potentially leading to arbitrary code execution on the server and impacting data integrity and service availability. Readers should verify if their organization uses the aff

CVE advisoryCRITICAL

CVE-2026-27436

Five Star Business Profile and Schema Arbitrary Code Execution

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A critical arbitrary code execution vulnerability exists in a business profile and schema plugin. An authenticated attacker with administrative privileges could exploit this to run their own code on affected systems, potentially impacting website integrity and data. Confirming plugin usage and the security of administr

CVE advisoryCRITICAL

CVE-2026-27419

Zegen Arbitrary File Upload Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical arbitrary file upload vulnerability exists in the Zegen WordPress theme. If this theme is in use and its file upload feature is reachable, an unauthenticated attacker could upload malicious files, potentially compromising the web server and allowing unauthorized code execution.