1 vulnerability across 1 product scored HIGH or above on June 30, 2026.

  • ๐ŸŸ  HIGH: 1

Exploit Status Upgrades

The following CVEs from previous bulletins have been upgraded based on new exploit intelligence:

  • [UPGRADED] CVE-2026-52785 (opf/openproject) โ€” F1: exploitable โ†’ functional, AAS: 11.1 โ†’ 13.1 (HIGH โ†’ CRITICAL). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-45405 (dokku/dokku) โ€” F1: exploitable โ†’ itw, AAS: 10.3 โ†’ 12.8 (HIGH โ†’ CRITICAL). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-54636 (dokku/dokku) โ€” F1: exploitable โ†’ itw, AAS: 10.3 โ†’ 13.9 (HIGH โ†’ CRITICAL). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-52884 (notepad-plus-plus/notepad) โ€” F1: exploitable โ†’ functional, AAS: 9.1 โ†’ 11.1 (HIGH โ†’ HIGH). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-54825 (wpdatatables/wpdatatables) โ€” F1: exploitable โ†’ functional, AAS: 9.6 โ†’ 11.6 (HIGH โ†’ HIGH). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-50189 (appsmith/appsmith) โ€” F1: exploitable โ†’ functional, AAS: 9.7 โ†’ 10.8 (HIGH โ†’ HIGH). Originally in 2026-06-24 bulletin.
  • [UPGRADED] CVE-2026-54067 (siyuan-note/siyuan) โ€” F1: exploitable โ†’ functional, AAS: 9.2 โ†’ 11.2 (HIGH โ†’ HIGH). Originally in 2026-06-24 bulletin.
  • [UPGRADED] CVE-2026-52794 (sentry/sentry) โ€” F1: exploitable โ†’ itw, AAS: 9.3 โ†’ 10.9 (HIGH โ†’ HIGH). Originally in 2026-06-24 bulletin.

๐ŸŸ  [HIGH] linuxcnc/linuxcnc

1 CVE | CVSS 3.1: 8.4 | AAS 11.2

  • cpe:2.3:a:linuxcnc:linuxcnc:*:*:*:*:*:*:*:* (< 2.9.9)

LinuxCNC versions prior to 2.9.9 are affected by a high-severity privilege escalation vulnerability (CVE-2026-58302, CVSS 8.4) with a functional exploit available. The rtapi_app component in linuxcnc-uspace is installed SUID root and fails to properly validate module names passed to dlopen(), allowing a local attacker to use path traversal to load an arbitrary shared library and escalate privileges to root.

Organizations running LinuxCNC-controlled machinery should treat this as urgent given the public exploit availability and upgrade to version 2.9.9 or later immediately. Until patching is possible, restrict local shell access to LinuxCNC hosts and audit for unauthorized privilege escalation attempts.

Vendor Advisory