2 vulnerabilities across 2 products scored HIGH or above on July 03, 2026.
- ๐ HIGH: 2
Exploit Status Upgrades
The following CVEs from previous bulletins have been upgraded based on new exploit intelligence:
- [UPGRADED] CVE-2026-52785 (opf/openproject) โ F1: exploitable โ functional, AAS: 11.1 โ 13.1 (HIGH โ CRITICAL). Originally in 2026-06-26 bulletin.
- [UPGRADED] CVE-2026-45405 (dokku/dokku) โ F1: exploitable โ itw, AAS: 10.3 โ 12.8 (HIGH โ CRITICAL). Originally in 2026-06-26 bulletin.
- [UPGRADED] CVE-2026-54636 (dokku/dokku) โ F1: exploitable โ itw, AAS: 10.3 โ 13.9 (HIGH โ CRITICAL). Originally in 2026-06-26 bulletin.
- [UPGRADED] CVE-2026-52884 (notepad-plus-plus/notepad) โ F1: exploitable โ functional, AAS: 9.1 โ 11.1 (HIGH โ HIGH). Originally in 2026-06-26 bulletin.
- [UPGRADED] CVE-2026-54825 (wpdatatables/wpdatatables) โ F1: exploitable โ functional, AAS: 9.6 โ 11.6 (HIGH โ HIGH). Originally in 2026-06-26 bulletin.
๐ [HIGH] red_hat/red_hat_enterprise_linux_10
1 CVE | CVSS 3.1: 9.8 | AAS 10.9
cpe:2.3:a:redhat:enterprise_linux:*:*:*:*:*:*:*:*
Red Hat Enterprise Linux 10 is affected by a high-severity vulnerability in HPLIP (HP Linux Imaging and Printing Software). CVE-2026-14544, rated CVSS 9.8, is an incomplete fix for a prior vulnerability that allows a remote attacker to achieve arbitrary code execution or privilege escalation through an integer overflow in the hpcups print data processing path. This flaw is considered exploitable in the wild.
Organizations running RHEL 10 with HPLIP installed, particularly print servers and workstations connected to HP printers, should prioritize patching immediately. Consult the vendor advisory at access.redhat.com/security/cve/CVE-2026-14544 for updated packages and apply fixes as soon as they are available.
- ๐ CVE-2026-14544 (CVSS 3.1: 9.8)
๐ [HIGH] apache_software_foundation/apache_lucene.net
1 CVE | CVSS 4.0: 8.9 | AAS 9.3
cpe:2.3:a:apache:apache_lucene.net:*:*:*:*:*:*:*:*(>= 4.8.0-beta00005, < 4.8.0-beta00018)
Apache Lucene.Net is affected by a high-severity path traversal vulnerability in its Replicator library. CVE-2026-47896, rated CVSS 8.9, allows an attacker to escape restricted directories, potentially accessing or overwriting files outside intended paths. Versions 4.8.0-beta00005 through 4.8.0-beta00017 are affected and the flaw is considered exploitable.
Teams using the Lucene.Net.Replicator library in .NET search applications should upgrade to version 4.8.0-beta00018 immediately. Review the vendor advisory at lists.apache.org for full details and remediation guidance.
- ๐ CVE-2026-47896 (CVSS 4.0: 8.9)