CVE Weekly Report — Week of Jul 6 – July 12, 2026

2026-W28

11
Total CVEs
0
Critical
2
High
0
Actively exploited

🔴 Critical CVEs (0)

No CVEs in this category this week.

🟠 High CVEs (2)

CVEProductCVSSKEVDescriptionPublished
CVE-2026-39822Go7.8On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the fina…Jul 8
CVE-2026-15308Python7.5The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated unterminated mark…Jul 9

🟡 Medium CVEs (7)

CVEProductCVSSKEVDescriptionPublished
CVE-2026-53878Django6.1An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlin…Jul 7
CVE-2026-55804Drupal5.9Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow…Jul 10
CVE-2026-55803Drupal5.9Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow…Jul 10
CVE-2026-55806Drupal5.9URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This is…Jul 10
CVE-2026-55808Drupal5.4Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core…Jul 10
CVE-2026-42505Go5.3Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of…Jul 8
CVE-2026-53877Django4.8An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-read…Jul 7

🔵 Low CVEs (2)

CVEProductCVSSKEVDescriptionPublished
CVE-2026-55807Drupal3.1Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue af…Jul 10
CVE-2026-48588Django3.1An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()`…Jul 7

📦 Most affected products

© 2026 EOLCanary — Data from endoflife.date & NVD
Explore