VulncastBriefing archive

Daily Brief - 2026-07-03

· 5 vulnerabilities · 7 min listen

▶ Listen to this briefing

CVE-2026-44935

critical · CVSS 9.9 · SUSE Rancher Fleet

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.

  • Broken Access Control
  • Privilege Escalation
  • kubernetes
  • helm
  • container orchestration

CVE-2026-54998

high · CVSS 8.8 · Microsoft Exchange Online

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

  • Privilege Escalation
  • Improper Authorization
  • cloud service
  • email platform

CVE-2026-57100

critical · CVSS 9.9 · Microsoft Entra Provisioning Service

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

  • Server-Side Request Forgery
  • Privilege Escalation
  • cloud infrastructure
  • directory service

CVE-2026-57624

critical · CVSS 10 · Blocksy Blocksy Companion Pro

Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.

  • Remote Code Execution
  • wordpress plugin
  • php

CVE-2026-57756

high · CVSS 8.5 · code-projects nicen-localize-image

Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.

  • SQL Injection
  • wordpress plugin
  • php
  • web application