Top 10 CVEs for July 4, 2026
Automated daily CVE intake for July 4, 2026: 138 NVD CVEs, 52 high or critical entries, and 0 CISA KEV additions in the source window.
Automated CVE intake
A daily ranked queue from NVD, CISA KEV, and FIRST EPSS. These pages help defenders decide what to review first; they do not claim active exploitation unless the source data supports it.
Boundary: CVE watchlist pages are automated vulnerability intake. Reviewed threat-activity briefs remain manually reviewed and source-backed.
Latest individual CVE articles
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding th...
Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint....
Automated daily CVE intake for July 4, 2026: 138 NVD CVEs, 52 high or critical entries, and 0 CISA KEV additions in the source window.