CVE WatchlistTop 10 CVEs for July 11, 2026
CVE watchlist

Automated CVE intake

Top 10 CVEs for July 11, 2026

Automated daily CVE intake for July 11, 2026: 224 NVD CVEs, 83 high or critical entries, and 0 CISA KEV additions in the source window.

224 NVD CVEs83 high/critical0 KEV

Analyst decision point

This daily CVE digest is an intake queue, not a list of confirmed incidents.

Evidence
Generated from NVD, CISA KEV, and EPSS across 224 CVEs.
Mapping
ATT&CK mapping is intentionally absent at digest level. Map behavior only from reviewed exploitation evidence.
Next action
Sort by exploit signal, product exposure, business criticality, and telemetry availability.

Attack understanding

Turn vulnerability volume into defender priorities

The digest is designed to help a defender decide what to inspect first without converting CVSS or EPSS into unsupported attack claims.

Total intake

224

NVD records inside the source window.

High / critical

83

Severity triage candidates, not incident evidence.

CISA KEV

0

Known exploited entries require faster exposure review.

Exploit signals

0

Records with exploitation context in the generated intake.

This digest separates vulnerability prioritization from threat behavior. Do not infer malware, vendor compromise, actor identity, or ATT&CK techniques from a CVE list alone.

Automation Boundary

This digest is automated CVE intake, not a reviewed threat-activity claim. It ranks public NVD records with EPSS enrichment and CISA KEV context so defenders have a daily review queue. Items without an exploitation signal should be treated as vulnerability-prioritization leads, not evidence of active intrusion.

Daily Counts

  • NVD CVEs published in the source window: 224
  • High or critical CVEs considered for ranking: 83
  • CISA KEV additions on 2026-07-11: 0
  • Ranked items published here: 10

Top 10 CVE Intake

RankCVECVSSEPSS percentileCVE summary
1CVE-2025-30007HIGH 8.879.3%HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary...
2CVE-2026-44795HIGH 8.858.8%Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing by...
3CVE-2026-53448HIGH 7.248.0%Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters direc...
4CVE-2026-9282HIGH 7.548.0%The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources functio...
5CVE-2026-14480CRITICAL 9.945.4%OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores...
6CVE-2026-55175HIGH 7.545.4%Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respecti...
7CVE-2026-13353HIGH 8.844.9%The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all vers...
8CVE-2026-15338HIGH 7.543.0%The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via th...
9CVE-2026-44383HIGH 8.742.9%Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of mal...
10CVE-2026-2354HIGH 8.842.3%The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_exten...

Source Notes

The source window is 2026-07-10T18:30:00.000Z to 2026-07-11T18:29:59.999Z. AttackTrace uses NVD publication timestamps, CISA KEV date-added values, and FIRST EPSS enrichment. Reviewed threat-activity briefs remain separate and require source-backed exploitation or campaign evidence.

Ranked CVEs

01CVE-2025-30007HIGH 8.8EPSS 79.3%No exploit signal

HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege authenticated users to execute arbitrary commands as root by injecting a single-quote character into unvalidat...

Open NVD record
02CVE-2026-44795HIGH 8.8EPSS 58.8%No exploit signal

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or C...

Open NVD record
03CVE-2026-53448HIGH 7.2EPSS 48.0%No exploit signal

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitiz...

Open NVD record
04CVE-2026-9282HIGH 7.5EPSS 48.0%No exploit signal

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the co...

Open NVD record
05CVE-2026-14480CRITICAL 9.9EPSS 45.4%No exploit signal

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.F...

Open NVD record
06CVE-2026-55175HIGH 7.5EPSS 45.4%No exploit signal

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag proc...

Open NVD record
07CVE-2026-13353HIGH 8.8EPSS 44.9%No exploit signal

The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. Thi...

Open NVD record
08CVE-2026-15338HIGH 7.5EPSS 43.0%No exploit signal

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get_type_template function. This makes it possible for authenticated...

Open NVD record
09CVE-2026-44383HIGH 8.7EPSS 42.9%No exploit signal

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend.

Open NVD record
10CVE-2026-2354HIGH 8.8EPSS 42.3%No exploit signal

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and including, 1.4.6. Th...

Open NVD record

Defender review

How to use this digest

This digest is an intake queue. Treat it as a prioritization input, then verify product presence, exposure, patch state, and detection coverage in your own environment.

Investigate

  1. 01Identify which ranked CVEs affect products present in your environment.
  2. 02Separate externally exposed systems from internal-only assets.
  3. 03Compare KEV, EPSS, vendor, and NVD source status before assigning urgency.

Detect

  1. 01Check whether affected products produce logs useful for exploitation attempts.
  2. 02Avoid creating ATT&CK detections until sources describe observed behavior.
  3. 03Record missing telemetry as a coverage gap for product owners.

Respond

  1. 01Patch or mitigate based on exposure and exploit signal.
  2. 02Promote only source-backed exploitation cases into reviewed threat activity.
  3. 03Archive non-applicable products so the queue stays usable tomorrow.
CVE

Separate KEV-backed exploitation from high CVSS records with no exploit signal.

CVE

Confirm affected products and versions before assigning remediation urgency.

CVE

Record evidence gaps instead of converting unknowns into exposure claims.

CVE

Escalate reviewed threat-activity candidates only when exploitation or campaign evidence exists.

Evidence presentation

Source window and ranking boundary

Ranking is derived from public vulnerability feeds. It should guide review order, not replace asset inventory or incident evidence.

SRC

Source window starts 2026-07-10T18:30:00.000Z.

SRC

Source window ends 2026-07-11T18:29:59.999Z.

SRC

NVD provides vulnerability details and CVSS context.

SRC

CISA KEV and EPSS provide exploitation and probability context.

Record history

Update history

Update history

Published
2026-07-11
Generated
2026-07-13T16:19:48.819Z
CVEs included
224