1 vulnerability across 1 product scored HIGH or above on July 01, 2026.

  • 🟠 HIGH: 1

Exploit Status Upgrades

The following CVEs from previous bulletins have been upgraded based on new exploit intelligence:

  • [UPGRADED] CVE-2026-52785 (opf/openproject) β€” F1: exploitable β†’ functional, AAS: 11.1 β†’ 13.1 (HIGH β†’ CRITICAL). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-45405 (dokku/dokku) β€” F1: exploitable β†’ itw, AAS: 10.3 β†’ 12.8 (HIGH β†’ CRITICAL). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-54636 (dokku/dokku) β€” F1: exploitable β†’ itw, AAS: 10.3 β†’ 13.9 (HIGH β†’ CRITICAL). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-52884 (notepad-plus-plus/notepad) β€” F1: exploitable β†’ functional, AAS: 9.1 β†’ 11.1 (HIGH β†’ HIGH). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-54825 (wpdatatables/wpdatatables) β€” F1: exploitable β†’ functional, AAS: 9.6 β†’ 11.6 (HIGH β†’ HIGH). Originally in 2026-06-26 bulletin.
  • [UPGRADED] CVE-2026-50189 (appsmith/appsmith) β€” F1: exploitable β†’ functional, AAS: 9.7 β†’ 10.8 (HIGH β†’ HIGH). Originally in 2026-06-24 bulletin.
  • [UPGRADED] CVE-2026-54067 (siyuan-note/siyuan) β€” F1: exploitable β†’ functional, AAS: 9.2 β†’ 11.2 (HIGH β†’ HIGH). Originally in 2026-06-24 bulletin.
  • [UPGRADED] CVE-2026-52794 (sentry/sentry) β€” F1: exploitable β†’ itw, AAS: 9.3 β†’ 10.9 (HIGH β†’ HIGH). Originally in 2026-06-24 bulletin.

🟠 [HIGH] uvnc/ultravnc

1 CVE | CVSS 4.0: 9.3 | AAS 9.7

  • cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*

UltraVNC Repeater through version 1.8.2.2 is affected by one high-severity vulnerability (CVE-2026-7840, CVSS 9.3) involving a global buffer overflow in the embedded HTTP administration server. An unauthenticated attacker who can reach the repeater’s HTTP port (default TCP 80) can send an oversized URI to overflow a fixed-size buffer via unchecked sprintf calls, potentially achieving remote code execution. Organizations running UltraVNC Repeater should immediately restrict network access to the repeater’s HTTP administration port and monitor the vendor’s GitHub repository at github.com/ultravnc/UltraVNC for a patched release.

Vendor Advisory