Monday, July 6, 2026

Today's Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Risk scores will be adjusted based on your selected environment

Today's Security Brief

The most significant disclosures affect PROG MIS enterprise products, with the ERP App (CVE-2026-14807) and Prog Management System (CVE-2026-14808) each carrying a CVSS 9.8 score. Yesterday's activity produced 3 critical vulnerabilities, up from 1 the prior day, alongside 20 high-priority CVEs, a 58% decrease from the previous 48. Rounding out the critical set is CVE-2026-59509 (CVSS 9.2) in the cve-search vulnerability lookup tool, a platform widely used by security teams themselves. Microsoft Office SharePoint (CVE-2026-45659, CVSS 9.5) has confirmed active exploitation in the wild, warranting priority attention for organizations running SharePoint. Patch availability stands at 0% across yesterday's disclosures, so teams should focus on monitoring vendor advisories and applying compensating controls until fixes ship.

  • PROG MIS enterprise software leads the day with two CVSS 9.8 vulnerabilities in its ERP App and Prog Management System
  • 3 critical CVEs (CVSS 9.0+) disclosed, a 200% increase from the prior day's 1
  • 20 high-priority CVEs (CVSS 7.0-8.9), down 58% from the previous day's 48
  • cve-search (CVE-2026-59509, CVSS 9.2) puts security teams' own tooling at risk
  • 0% patch availability across yesterday's 23 disclosures — vendor advisories should be monitored closely
  • Microsoft Office SharePoint (CVE-2026-45659) is actively exploited in the wild

Immediate action: Organizations running Microsoft Office SharePoint should prioritize mitigations for CVE-2026-45659 given confirmed active exploitation, and PROG MIS customers should assess exposure of ERP App and Prog Management System deployments. With no patches yet available for yesterday's disclosures, apply vendor-recommended workarounds, restrict network exposure of affected systems, and watch for advisory updates.

How to read this brief

CVSS score (e.g. 9.1) — severity from 0–10. Red marks critical (9+), orange high (7–8.9).

Exploitability — how hard the flaw is to attack, read from the CVSS vector:

  • Network / Adjacent / Local / Physical — how close an attacker must get. Network means reachable over the internet.
  • No / Low / High privileges — the access they need first. No privileges means no login required.
  • No interaction / User interaction — whether a victim has to do something (open a file, click a link). No interaction means fully automatable.

The lower the bar on all three, the easier to exploit at scale — “Network · No privileges · No interaction” is the worst case: hit from anywhere, no credentials, no victim action.

🔴 Actively exploited — confirmed under attack in the wild (CISA’s Known Exploited Vulnerabilities catalog). Prioritize these regardless of score.

EPSS · Nth percentile — FIRST.org’s estimated chance a flaw is exploited within 30 days. We flag it only in the top 10% — a statistical signal it’s unusually likely to be targeted, separate from whether attacks are confirmed.

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

Section Navigation