Friday, July 3, 2026 Archive

Archived Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Risk scores will be adjusted based on your selected environment

Archived Security Brief

Microsoft cloud services and the WordPress plugin ecosystem anchor Friday's disclosures, with near-maximum-severity flaws in Azure OpenAI and Entra Provisioning Service alongside a wave of critical WooCommerce and WordPress add-on vulnerabilities. The set includes 22 critical CVEs, down 21% from the prior day's 28, and 71 high-priority CVEs, down 9% from 78. Notable entries include CVE-2026-45499 (CVSS 9.9) in Microsoft Azure OpenAI, CVE-2026-57100 (CVSS 9.9) in Microsoft Entra Provisioning Service, and CVE-2026-57624 (CVSS 10) in Creative Themes Blocksy Companion Pro. Web application and content-management components dominate the disclosures, with several unauthenticated flaws affecting payment and form-handling plugins, and CVE-2026-14544 (CVSS 9.8) extending exposure to Red Hat Enterprise Linux 10. No vendor patches are currently reflected for these disclosures, and two vulnerabilities in SimpleHelp and Microsoft SharePoint have confirmed active exploitation, warranting prioritized review of internet-facing systems.

  • Microsoft cloud services affected by high-severity flaws: Azure OpenAI (CVE-2026-45499, CVSS 9.9) and Entra Provisioning Service (CVE-2026-57100, CVSS 9.9)
  • 22 critical CVEs (CVSS 9.0+), a 21% decrease from the prior day's 28
  • 71 high-priority CVEs (CVSS 7.0-8.9), a 9% decrease from the prior day's 78
  • Multiple critical WordPress and WooCommerce plugin vulnerabilities, including Blocksy Companion Pro (CVE-2026-57624, CVSS 10) and Novalnet Payment Gateway (CVE-2026-57677, CVSS 9.8)
  • 0% patch availability across disclosed critical vulnerabilities, including CVE-2026-14544 (CVSS 9.8) in Red Hat Enterprise Linux 10
  • Two vulnerabilities under active exploitation affecting SimpleHelp and Microsoft SharePoint

Immediate action: Prioritize review of Microsoft Azure OpenAI and Entra deployments, Red Hat Enterprise Linux 10 systems, and internet-facing WordPress/WooCommerce sites running affected plugins such as Blocksy Companion Pro and Novalnet Payment Gateway. With no vendor patches yet reflected for these critical disclosures, apply available mitigations and monitor the actively exploited SimpleHelp and SharePoint issues closely, updating as fixes are published.

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

Section Navigation