Daily Brief - 2026-07-03
▶ Listen to this briefingCVE-2026-44935
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
CVE-2026-54998
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVE-2026-57100
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
CVE-2026-57624
Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.
CVE-2026-57756
Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.