8 vulnerabilities across 6 products scored HIGH or above on June 29, 2026.
🔴 CRITICAL: 1 🟠 HIGH: 7 Exploit Status Upgrades The following CVEs from previous bulletins have been upgraded based on new exploit intelligence:
[UPGRADED] CVE-2026-52785 (opf/openproject) — F1: exploitable → functional, AAS: 11.1 → 13.1 (HIGH → CRITICAL). Originally in 2026-06-26 bulletin. [UPGRADED] CVE-2026-45405 (dokku/dokku) — F1: exploitable → itw, AAS: 10.3 → 12.8 (HIGH → CRITICAL). Originally in 2026-06-26 bulletin. [UPGRADED] CVE-2026-54636 (dokku/dokku) — F1: exploitable → itw, AAS: 10.3 → 13.9 (HIGH → CRITICAL). Originally in 2026-06-26 bulletin. [UPGRADED] CVE-2026-52884 (notepad-plus-plus/notepad) — F1: exploitable → functional, AAS: 9.1 → 11.1 (HIGH → HIGH). Originally in 2026-06-26 bulletin. [UPGRADED] CVE-2026-54825 (wpdatatables/wpdatatables) — F1: exploitable → functional, AAS: 9.6 → 11.6 (HIGH → HIGH). Originally in 2026-06-26 bulletin. [UPGRADED] CVE-2026-50189 (appsmith/appsmith) — F1: exploitable → functional, AAS: 9.7 → 10.8 (HIGH → HIGH). Originally in 2026-06-24 bulletin. [UPGRADED] CVE-2026-54067 (siyuan-note/siyuan) — F1: exploitable → functional, AAS: 9.2 → 11.2 (HIGH → HIGH). Originally in 2026-06-24 bulletin. [UPGRADED] CVE-2026-52794 (sentry/sentry) — F1: exploitable → itw, AAS: 9.3 → 10.9 (HIGH → HIGH). Originally in 2026-06-24 bulletin. 🔴 [CRITICAL] coollabsio/coolify 3 CVEs | CVSS 3.1: 9.6 | AAS 12.7
...