CVE WatchlistTop 10 CVEs for July 7, 2026
CVE watchlist

Automated CVE intake

Top 10 CVEs for July 7, 2026

Automated daily CVE intake for July 7, 2026: 113 NVD CVEs, 50 high or critical entries, and 0 CISA KEV additions in the source window.

113 NVD CVEs50 high/critical0 KEV

Automation Boundary

This digest is automated CVE intake, not a reviewed threat-activity claim. It ranks public NVD records with EPSS enrichment and CISA KEV context so defenders have a daily review queue. Items without an exploitation signal should be treated as vulnerability-prioritization leads, not evidence of active intrusion.

Daily Counts

  • NVD CVEs published in the source window: 113
  • High or critical CVEs considered for ranking: 50
  • CISA KEV additions on 2026-07-07: 0
  • Ranked items published here: 10

Top 10 CVE Intake

RankCVECVSSEPSS percentileCVE summary
1CVE-2026-57572CRITICAL 10.00.0%Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra...
2CVE-2026-34048CRITICAL 9.90.0%Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket boots...
3CVE-2026-34047CRITICAL 9.90.0%Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket boots...
4CVE-2026-34037CRITICAL 9.90.0%Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo() Livewire a...
5CVE-2026-34038CRITICAL 9.90.0%Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote...
6CVE-2026-9181CRITICAL 9.80.0%ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters....
7CVE-2026-57571CRITICAL 9.60.0%Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename w...
8CVE-2026-42341CRITICAL 9.20.0%FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerab...
9CVE-2026-43921HIGH 8.90.0%FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOS...
10CVE-2026-34158HIGH 8.80.0%Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker() he...

Source Notes

The source window is 2026-07-06T18:30:00.000Z to 2026-07-07T05:50:10.846Z. AttackTrace uses NVD publication timestamps, CISA KEV date-added values, and FIRST EPSS enrichment. Reviewed threat-activity briefs remain separate and require source-backed exploitation or campaign evidence.

Ranked CVEs

01CVE-2026-57572CRITICAL 10.0EPSS 0.0%No exploit signal

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker coul...

Open NVD record
02CVE-2026-34048CRITICAL 9.9EPSS 0.0%No exploit signal

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal auth...

Open NVD record
03CVE-2026-34047CRITICAL 9.9EPSS 0.0%No exploit signal

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, all...

Open NVD record
04CVE-2026-34037CRITICAL 9.9EPSS 0.0%No exploit signal

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo() Livewire action in ResourceOperations.php authorizes the source resource but res...

Open NVD record
05CVE-2026-34038CRITICAL 9.9EPSS 0.0%No exploit signal

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling all...

Open NVD record
06CVE-2026-9181CRITICAL 9.8EPSS 0.0%No exploit signal

ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow access to sensitive files on the s...

Open NVD record
07CVE-2026-57571CRITICAL 9.6EPSS 0.0%No exploit signal

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads di...

Open NVD record
08CVE-2026-42341CRITICAL 9.2EPSS 0.0%No exploit signal

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment...

Open NVD record
09CVE-2026-43921HIGH 8.9EPSS 0.0%No exploit signal

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's `Config::prettyPrintArrayToPHP()` method. When configuratio...

Open NVD record
10CVE-2026-34158HIGH 8.8EPSS 0.0%No exploit signal

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker() helper wraps user-controlled commands in single quotes without escaping...

Open NVD record

Defender review

How to use this digest

This digest is an intake queue. Treat it as a prioritization input, then verify product presence, exposure, patch state, and detection coverage in your own environment.

CVE

Separate KEV-backed exploitation from high CVSS records with no exploit signal.

CVE

Confirm affected products and versions before assigning remediation urgency.

CVE

Record evidence gaps instead of converting unknowns into exposure claims.

CVE

Escalate reviewed threat-activity candidates only when exploitation or campaign evidence exists.

Record history

Update history

Update history

Published
2026-07-07
Generated
2026-07-07T05:50:12.752Z
CVEs included
113