NVD disclosure day

Published threat advisories for July 3, 2026

CVE advisoryCRITICAL

CVE-2026-58426

Gitea Actions Artifacts HMAC Ambiguity Allows Unauthorized Access and Data Modification.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability in Gitea Actions Artifacts could permit unauthorized cross-repository artifact reading and upload-state writing due to an HMAC ambiguity in signed URLs. This could expose sensitive information or allow unauthorized modifications to task states if the Gitea deployment is reachable.

CVE advisoryCRITICAL

CVE-2026-58422

Gitea OAuth Sign-in Callback Improper Authorization Re-enables Disabled Administrator Accounts.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical vulnerability in Gitea's OAuth sign-in process allows administrator-disabled accounts to be silently re-enabled due to improper authorization handling on the callback. If reachable, an attacker could exploit this to regain access to previously disabled accounts. This issue poses a risk of unauthorized access

CVE advisoryCRITICAL

CVE-2026-58289

Microsoft Edge Type Confusion Remote Code Execution.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A type confusion vulnerability in Microsoft Edge could allow an unauthorized attacker to execute code over a network. While the potential impact is severe, exploitation may require specific conditions, making direct, unsolicited remote exploitation unlikely. The primary concern is confirming relevance and exposure to a

CVE advisoryCRITICAL

CVE-2026-27780

Gitea Pre-Receive Hook Bypass Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability exists in Gitea where errors in processing input can bypass branch protection checks, potentially allowing unauthorized code changes. This could impact the integrity of code repositories if the technology is exposed. Confirming Gitea's relevance and reviewing its exposure is advised.

CVE advisoryCRITICAL

CVE-2026-22874

Gitea Incomplete SSRF Protection in Webhook and Migration Filters

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Gitea contains incomplete server-side request forgery protection in its webhook and migration filtering. An attacker with authenticated access could exploit this to trick the system into making unintended requests to internal or external network resources, potentially exposing information or affecting service behavior.

CVE advisoryCRITICAL

CVE-2026-20896

Gitea Default Proxy Setting Allows IP Spoofing

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Gitea's default Docker image configuration allows any source IP to impersonate a user if reverse-proxy authentication headers are enabled, potentially exposing user accounts and enabling unauthorized actions. The default setting, which trusts all IP addresses for proxy authentication, presents a risk

CVE advisoryCRITICAL

CVE-2026-20706

Gitea Repository Archive Download Bypass Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Gitea's repository archive download functionality has a vulnerability that bypasses token scope checks, potentially allowing unauthorized access to sensitive code. This issue could lead to the unauthorized disclosure of repository data if the web archive download endpoint is reachable. Understanding your organization's

CVE advisoryCRITICAL

CVE-2026-56015

Net::IP::LPM Heap Out-of-Bounds Read

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A heap out-of-bounds read vulnerability exists in the Net::IP::LPM Perl module, allowing for unbounded prefix lengths during trie construction. This flaw can cause an out-of-bounds read, potentially leading to application crashes when detected by memory-checking tools, though the issue is contained and not exposed via

CVE advisoryCRITICAL

CVE-2026-14544

HPLIP hpcups Integer Overflow Privilege Escalation Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A flaw in HPLIP, HP Linux Imaging and Printing Software, may allow a remote attacker to escalate privileges or execute arbitrary code. This can happen via an integer overflow in hpcups when processing specially crafted print data. The concern is that this could lead to unauthorized system control.

CVE advisoryCRITICAL

CVE-2026-9079

libcurl Proxy Authentication Credential Leak Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A critical vulnerability exists in libcurl where proxy authentication credentials are not cleared, potentially leading to the reuse of old credentials for subsequent data transfers. This could result in unauthorized access to sensitive information or systems if an application using the library is exploited. Its impact

CVE advisoryCRITICAL

CVE-2026-8927

libcurl Proxy Authentication State Leak Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in the libcurl library allows proxy authentication state to leak between sequential transfers when reusing handles with environment-variable proxy configurations. If a transfer authenticates with one proxy using Digest auth, subsequent transfers to a different proxy may erroneously include the prior aut

CVE advisoryCRITICAL

CVE-2026-8925

Curl SASL Authentication Double Free Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability exists in curl's SASL authentication logic where the GSASL context could be freed twice. This double-free condition, if reachable, could allow for compromise of confidentiality, integrity, and availability. You should care because this could lead to system compromise or denial-of-service conditions.

CVE advisoryCRITICAL

CVE-2026-11856

libcurl Digest Authentication Authorization Header Leakage

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in libcurl could allow an attacker to cause an `Authorization` header intended for one server to be sent to a different server. This occurs when a transfer using Digest authentication to a specific host is followed by another transfer to a different host using the same connection handle. The issue could

CVE advisoryCRITICAL

CVE-2026-11564

libcurl Connection Pool CA Trust Bypass

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability exists in libcurl's connection pooling where a connection might improperly retain default CA trust after an application switches to custom CA material. This could potentially allow bypass of intended security validations if a connection handle is reused with differing trust stores, though the specific i

CVE advisoryCRITICAL

CVE-2026-10536

libcurl Use-After-Free in HTTP/2 Stream Dependencies

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A use-after-free vulnerability exists in libcurl when an application configures HTTP/2 stream dependencies, resets the handle, and then cleans it up, leading to potential crashes or unexpected behavior. While rated critical, exploitation requires specific, complex application-level programming, making direct external n

CVE advisoryCRITICAL

CVE-2026-9725

Printcart Web to Print Arbitrary File Deletion Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in the Printcart Web to Print Product Designer for WooCommerce WordPress plugin allows unauthenticated attackers to delete arbitrary files on the server. This could lead to service disruption or remote code execution. Confirmation of the plugin's presence and internet accessibility is needed to assess r

CVE advisoryCRITICAL

CVE-2026-13368

WatchGuard Fireware OS LDAP Authentication Race Condition Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

WatchGuard Fireware OS has a race condition in its Mobile User VPN with IKEv2 LDAP authentication that could allow a remote, unauthenticated attacker to execute arbitrary code. This affects firewalls configured to use an external LDAP server for VPN authentication. Attackers could potentially compromise the integrity a