CVE Weekly Report — Week of Jul 6 – July 12, 2026
2026-W28
11
Total CVEs
0
Critical
2
High
0
Actively exploited
🔴 Critical CVEs (0)
No CVEs in this category this week.
🟠 High CVEs (2)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-39822 | Go | 7.8 | — | On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the fina… | Jul 8 |
| CVE-2026-15308 | Python | 7.5 | — | The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated mark… | Jul 9 |
🟡 Medium CVEs (7)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-53878 | Django | 6.1 | — | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlin… | Jul 7 |
| CVE-2026-55804 | Drupal | 5.9 | — | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow… | Jul 10 |
| CVE-2026-55803 | Drupal | 5.9 | — | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow… | Jul 10 |
| CVE-2026-55806 | Drupal | 5.9 | — | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This is… | Jul 10 |
| CVE-2026-55808 | Drupal | 5.4 | — | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core… | Jul 10 |
| CVE-2026-42505 | Go | 5.3 | — | Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of… | Jul 8 |
| CVE-2026-53877 | Django | 4.8 | — | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-read… | Jul 7 |
🔵 Low CVEs (2)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-55807 | Drupal | 3.1 | — | Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue af… | Jul 10 |
| CVE-2026-48588 | Django | 3.1 | — | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()`… | Jul 7 |
