Automation Boundary
This digest is automated CVE intake, not a reviewed threat-activity claim. It ranks public NVD records with EPSS enrichment and CISA KEV context so defenders have a daily review queue. Items without an exploitation signal should be treated as vulnerability-prioritization leads, not evidence of active intrusion.
Daily Counts
- NVD CVEs published in the source window: 128
- High or critical CVEs considered for ranking: 72
- CISA KEV additions on 2026-07-06: 0
- Ranked items published here: 10
Top 10 CVE Intake
| Rank | CVE | CVSS | EPSS percentile | CVE summary |
|---|---|---|---|---|
| 1 | CVE-2026-14802 | HIGH 7.3 | 67.5% | A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js... |
| 2 | CVE-2026-40047 | CRITICAL 9.1 | 51.9% | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling... |
| 3 | CVE-2026-6382 | CRITICAL 9.1 | 40.1% | The FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1... |
| 4 | CVE-2026-14808 | CRITICAL 9.8 | 39.6% | Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view... |
| 5 | CVE-2026-43865 | HIGH 8.1 | 38.8% | Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast inst... |
| 6 | CVE-2026-14807 | CRITICAL 9.8 | 36.9% | ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view applicat... |
| 7 | CVE-2026-14809 | HIGH 8.7 | 35.2% | Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL com... |
| 8 | CVE-2026-40859 | HIGH 8.1 | 31.3% | Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Conten... |
| 9 | CVE-2026-42527 | HIGH 8.1 | 23.0% | Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components f... |
| 10 | CVE-2024-6228 | HIGH 7.5 | 22.0% | The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server... |
Source Notes
The source window is 2026-07-05T18:30:00.000Z to 2026-07-06T18:29:59.999Z. AttackTrace uses NVD publication timestamps, CISA KEV date-added values, and FIRST EPSS enrichment. Reviewed threat-activity briefs remain separate and require source-backed exploitation or campaign evidence.
Ranked CVEs
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results i...
Open NVD recordImproper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool by assembl...
Open NVD recordThe FileOrganizer WordPress plugin before 1.1.9, Advanced File Manager WordPress plugin before 5.4.12, File Manager Pro WordPress plugin before 2.1.1, File Manager WordPress plugin before 8.0.4 do not properly escape a...
Open NVD recordProg Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password.
Open NVD recordDeserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserializati...
Open NVD recordERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password.
Open NVD recordProg Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Open NVD recordDeserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.Object...
Open NVD recordDeserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering ('java.**;javax.**;org.a...
Open NVD recordThe Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscribe...
Open NVD recordDefender review
How to use this digest
This digest is an intake queue. Treat it as a prioritization input, then verify product presence, exposure, patch state, and detection coverage in your own environment.
Separate KEV-backed exploitation from high CVSS records with no exploit signal.
Confirm affected products and versions before assigning remediation urgency.
Record evidence gaps instead of converting unknowns into exposure claims.
Escalate reviewed threat-activity candidates only when exploitation or campaign evidence exists.
Record history
Update history
Update history
- Published
- 2026-07-06
- Generated
- 2026-07-07T05:49:49.680Z
- CVEs included
- 128