NVD disclosure day

Published threat advisories for July 6, 2026

CVE advisoryCRITICAL

CVE-2026-57572

Crawl4AI Docker API Command Injection Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Crawl4AI's Docker API is vulnerable to unauthenticated command injection, allowing attackers to execute arbitrary commands as the container's runtime user by manipulating Chromium launch arguments. This critical issue, fixed in version 0.9.0, poses a significant risk if the unauthenticated API is reachable.

CVE advisoryCRITICAL

CVE-2026-42341

FOSSBilling Unauthenticated Payment Bypass Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An unauthenticated payment bypass vulnerability exists in FOSSBilling's IPN callback endpoint when the Custom payment adapter is enabled, allowing attackers to mark unpaid invoices as paid without actual payment. This could impact revenue by enabling unauthorized free services.

CVE advisoryCRITICAL

CVE-2026-34038

Coolify Command Injection Vulnerability Allows Remote Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An authenticated remote command injection vulnerability in Coolify's application deployment handling allows users with write permissions to execute arbitrary code and exfiltrate sensitive environment variables. This affects systems managing servers, applications, and databases, posing a risk of unauthorized code execut

CVE advisoryCRITICAL

CVE-2026-48614

Plesk XML API Improper Authorization Vulnerability Allows Privilege Escalation

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An improper authorization flaw in the Plesk XML API allows an authenticated user to inject directives, potentially writing arbitrary files as root and escalating privileges. This could grant an attacker full control over the affected server. The relevance depends on whether this specific API functionality is used and r

CVE advisoryCRITICAL

CVE-2026-48316

ColdFusion Improper Input Validation Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An Improper Input Validation vulnerability in ColdFusion could allow remote attackers to execute arbitrary code in the context of the current user, potentially impacting system data and service behavior. The vulnerability is reachable via network access without user interaction or authentication.

CVE advisoryCRITICAL

CVE-2026-40139

BeyondTrust Remote Support Authentication Bypass Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical vulnerability in BeyondTrust Remote Support's authentication subsystem could allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including privileged accounts, if a specific authentication configuration is enabled. This matters to organizations us

CVE advisoryCRITICAL

CVE-2026-40138

BeyondTrust Remote Support Authentication Bypass Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A network attacker could bypass authentication controls in BeyondTrust Remote Support and Privileged Remote Access products to gain unauthorized appliance access, potentially including privileged accounts. This requires a specific, enabled authentication configuration.

CVE advisoryCRITICAL

CVE-2025-53830

ownCloud Anti-Virus SSRF Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A Server-Side Request Forgery vulnerability exists in the Anti-Virus application for ownCloud, potentially allowing authenticated attackers to force the server to make unintended requests. This could expose internal resources or sensitive information, impacting the confidentiality and integrity of your file storage and

CVE advisoryCRITICAL

CVE-2025-53827

ownCloud Core Updater Arbitrary Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

ownCloud Core's Updater component has a vulnerability that could allow attackers with administrative privileges to execute arbitrary code. This poses a critical risk to system control and data integrity for organizations using affected versions of the file storage and sharing application.

CVE advisoryCRITICAL

CVE-2026-6900

B&R APROL Improper Certificate Validation Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A certificate validation flaw exists in B&R Industrial Automation GmbH APROL systems. If reachable, this vulnerability could enable attackers to perform unauthorized actions and potentially expose sensitive data. Organizations should confirm APROL usage and its network exposure.

CVE advisoryCRITICAL

CVE-2026-12686

Cross-Tenant Authorization Bypass in Backend Company ID Parameter.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An authenticated user can bypass authorization checks by manipulating a company ID in a POST request, leading to unauthorized access to other companies' data hosted on the same subdomain. This could expose sensitive customer billing information and allow unauthorized modification of third-party data. The application fa

CVE advisoryCRITICAL

CVE-2026-56140

Apache Camel AWS SNS Improper Input Validation Defense-in-Depth Alignment

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

Apache Camel's AWS SNS component has an improper input validation vulnerability. Because this component is producer-only and cannot receive inbound messages or process external data, there is no known exploitable path. This change is a defense-in-depth hardening measure for alignment.

CVE advisoryCRITICAL

CVE-2026-48205

Apache Camel DNS SSRF Vulnerability.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An improper input validation vulnerability in Apache Camel's DNS component allows attackers to craft requests to redirect DNS lookups to attacker-controlled servers. This could enable internal network reconnaissance by disclosing the existence of internal hostnames. Relevance depends on specific configurations bridging

CVE advisoryCRITICAL

CVE-2026-48204

Apache Camel Mongodb Gridfs Component Header Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Apache Camel's MongoDB GridFS component allows improper input validation and access control. Attackers could exploit this by manipulating HTTP headers to override intended file operations, potentially leading to unauthorized file access, modification, or command injection through metadata. This is a

CVE advisoryCRITICAL

CVE-2026-48203

Apache Camel Solr SSRF and Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Apache Camel's Solr component can allow for improper handling of HTTP headers, leading to injection of arbitrary Solr parameters or fields. This could result in server-side request forgery, enabling access to attacker-chosen URLs, or unauthorized data injection into Solr documents. The concern is rel

CVE advisoryCRITICAL

CVE-2026-46456

Apache Camel AWS2 SQS Header Injection Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in Apache Camel's AWS2-SQS component allows an attacker to inject control headers into messages, potentially altering downstream processing. This occurs due to improper input validation, where sender-supplied headers are copied into the message exchange without sufficient filtering. The impact depends o

CVE advisoryCRITICAL

CVE-2026-46455

Apache Camel Keycloak Component Session Expiration Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An insufficient session expiration vulnerability in the Apache Camel Keycloak Component could allow attackers to use expired or not-yet-valid access tokens, potentially granting unauthorized access to routes that rely on this component for authentication. This issue affects how security tokens are validated, meaning th

CVE advisoryCRITICAL

CVE-2026-46454

Apache Camel Cometd Header Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An Improper Input Validation vulnerability in the Apache Camel Cometd component allows unauthenticated attackers to inject malicious Camel control headers. This can influence downstream message processing, with potential impacts varying based on route configuration, due to a lack of default security policy.

CVE advisoryCRITICAL

CVE-2026-43867

Apache Camel PQC Component Deserialization Vulnerability.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A deserialization vulnerability in Apache Camel's PQC component allows code execution if an attacker can write to the associated AWS Secrets Manager secret. This occurs during key metadata deserialization, potentially impacting applications managing cryptographic keys.

CVE advisoryCRITICAL

CVE-2026-40047

Apache Camel Docling Argument Injection Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

The Apache Camel Docling component improperly handles command arguments, potentially allowing unintended execution or directory traversal if external data influences specific headers. This vulnerability arises from insufficient validation of custom arguments passed to the external `docling` command-line tool. Organizat

CVE advisoryCRITICAL

CVE-2026-24013

Apache IoTDB Authentication Bypass via Session ID Spoofing

Halo Surface Signal: 3 out of 5 — possibly public-facing.

Apache IoTDB suffers from an authentication bypass vulnerability where an attacker can spoof a session ID to access time-series data without proper authentication. This could allow unauthorized reading of sensitive data. Confirm if this technology is used and exposed in your environment.

CVE advisoryCRITICAL

CVE-2026-14807

ERP App Hard-coded Credentials Allow Unauthenticated Login

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability exists in PROG MIS's ERP App, allowing unauthenticated remote attackers to log in, view application code, and obtain database credentials. This could lead to unauthorized access to sensitive system information. Uncertainty remains regarding the presence and network exposure of this specific ERP