[{"title": "VMware vCenter Server Improper Input Validation Vulnerability", "cve": "CVE-2021-21985", "summary": "VMware vCenter Server has a critical flaw in the Virtual SAN Health Check plugin that allows attackers to remotely take control of your virtualization management system without authentication. This affects organizations using VMware to manage their virtual servers and infrastructure. Since this vulnerability is actively exploited, immediate patching is essential.", "score": 85, "impact_score": 80, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "CISA KEV", "remediation": ["Apply VMware security patches immediately (vCenter Server 6.5 U3p, 6.7 U3n, 7.0 U2b or later)", "If patching is delayed, disable the Virtual SAN Health Check plugin as a temporary workaround", "Restrict network access to vCenter Server management interfaces to trusted administrator networks only", "Monitor vCenter logs for unusual authentication attempts or unexpected plugin activity"], "origin": {"product": "vCenter Server", "vendor": "VMware", "first_reported": "2021-05-25", "exploited_by": ["Unknown threat actors", "Ransomware operators"]}, "score_reason": "VMware vCenter Server is widely deployed across Texas government, healthcare, utilities, and critical infrastructure for managing virtualized systems, and this vulnerability enables unauthenticated remote code execution with confirmed active exploitation.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "VMware vCenter Server Remote Code Execution Vulnerability", "cve": "CVE-2021-21972", "summary": "VMware vCenter Server has a critical vulnerability that allows attackers with network access to take complete control of the server without any authentication. This affects organizations using VMware virtualization to run their IT systems. If exploited, attackers can run any commands on your virtualization infrastructure with full administrative privileges.", "score": 85, "impact_score": 80, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "CISA KEV", "remediation": ["Immediately update VMware vCenter Server to the latest patched version per VMware advisory VMSA-2021-0002", "Block external access to vCenter Server port 443 using firewall rules until patching is complete", "Audit vCenter logs for signs of unauthorized access or suspicious plugin activity", "Review network segmentation to ensure vCenter management interfaces are not exposed to untrusted networks"], "origin": {"product": "vCenter Server", "vendor": "VMware", "first_reported": "2021-02-23", "exploited_by": ["Chinese state-sponsored actors", "Ransomware operators", "Multiple APT groups"]}, "score_reason": "VMware vCenter is widely deployed across Texas government, healthcare, and utility organizations for virtualization, and this vulnerability has confirmed active exploitation with full system compromise potential.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "SimpleHelp Authentication Bypass Vulnerability", "cve": "CVE-2026-48558", "summary": "SimpleHelp remote support software has a critical flaw that lets attackers bypass login authentication by submitting fake identity tokens. This could allow unauthorized persons to gain full technician access to your systems without valid credentials, even bypassing multi-factor authentication. Organizations using SimpleHelp for IT support should treat this as an emergency.", "score": 85, "impact_score": 78, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Emergency Services", "Information Technology"], "source": "CISA KEV", "remediation": ["Immediately apply the vendor patch or update to a fixed SimpleHelp version", "If OIDC authentication is in use, disable it temporarily until patched", "Review SimpleHelp access logs for unauthorized technician sessions", "Restrict SimpleHelp server access to trusted IP ranges and ensure MFA is enforced after patching"], "origin": {"product": "SimpleHelp", "vendor": "SimpleHelp", "first_reported": "2026-06-29", "exploited_by": []}, "score_reason": "SimpleHelp is widely used by small Texas organizations for remote IT support, and this authentication bypass is actively exploited per CISA KEV, threatening lifeline sectors including water utilities and energy co-ops.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-29", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "Google Chromium V8 Out-of-Bounds Read and Write Vulnerability", "cve": "CVE-2026-11645", "summary": "A serious flaw in the Chrome V8 engine allows attackers to run malicious code when users visit a compromised website. This affects Chrome, Edge, and other Chromium-based browsers used daily by staff. Attackers are actively exploiting this vulnerability, making immediate browser updates critical.", "score": 85, "impact_score": 90, "sectors": ["Chemical", "Communications", "Critical Manufacturing", "Dams", "Defense Industrial Base", "Emergency Services", "Energy", "Financial Services", "Food and Agriculture", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Nuclear", "Transportation", "Water and Wastewater Systems"], "source": "CISA KEV", "remediation": ["Update all Chromium-based browsers (Chrome, Edge, Opera) to the latest version immediately", "Enable automatic browser updates on all workstations and devices", "Warn staff not to click suspicious links or visit unfamiliar websites until patched", "If updates cannot be applied, restrict browser use to essential functions only"], "origin": {"product": "Chromium V8", "vendor": "Google", "first_reported": "2026-06-09", "exploited_by": ["Unknown threat actors"]}, "score_reason": "All sectors use web browsers daily for operations, email, and public services; active exploitation and universal deployment across Texas organizations makes this a high-priority threat.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-09", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-13782", "cve": "CVE-2026-13782", "summary": "A critical security flaw in Google Chrome allows attackers to escape the browser's security sandbox when users visit a malicious webpage. This could give attackers full control of affected computers. All organizations using Chrome version prior to 150.0.7871.47 should update immediately.", "score": 85, "impact_score": 90, "sectors": ["Communications", "Emergency Services", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later immediately on all workstations", "Enable Chrome's automatic update feature if not already configured", "Remind staff not to click suspicious links or visit untrusted websites until patched", "Consider temporarily using an alternative browser on critical systems if immediate patching is not possible"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is universally deployed across Texas government offices, utilities, schools, and healthcare facilities, and this critical sandbox escape could allow full system compromise through simple web browsing.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:53.063", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability", "cve": "CVE-2020-29583", "summary": "Zyxel firewalls and AP controllers contain a hidden account called 'zyfwp' with a password that cannot be changed, allowing attackers to gain administrator access to your network equipment. This vulnerability has been actively exploited and could let attackers bypass your firewall security completely. Many small organizations use Zyxel devices for network protection, making this a serious concern.", "score": 82, "impact_score": 75, "sectors": ["Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Emergency Services", "Communications"], "source": "CISA KEV", "remediation": ["Immediately check if you have Zyxel ATP, USG, USG FLEX, or VPN firewalls and update firmware to the latest version from Zyxel", "Update NXC2500 and NXC5500 AP controllers to firmware V6.10 Patch1 or later", "Review firewall logs for any unauthorized access using the 'zyfwp' account", "Consider replacing end-of-life Zyxel devices that cannot receive patches"], "origin": {"product": "Multiple Products (ATP, USG, USG FLEX, VPN firewalls, NXC2500, NXC5500)", "vendor": "Zyxel", "first_reported": "2020-12-23", "exploited_by": ["Hellsing APT", "Various ransomware operators"]}, "score_reason": "Hard-coded credentials in widely-deployed Zyxel firewalls pose severe risk to Texas critical infrastructure, especially smaller organizations relying on these affordable devices for perimeter security, with confirmed active exploitation.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "VMware ESXi OpenSLP Use-After-Free Vulnerability", "cve": "CVE-2020-3992", "summary": "VMware ESXi servers have a serious flaw in the OpenSLP service that allows attackers on your management network to take complete control of virtualization hosts. This vulnerability has been actively exploited by ransomware groups and other threat actors. Organizations running VMware virtualized infrastructure for critical services should patch immediately.", "score": 82, "impact_score": 75, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Emergency Services", "Information Technology"], "source": "CISA KEV", "remediation": ["Apply VMware security patches for ESXi versions 6.5, 6.7, and 7.0 immediately", "Disable the OpenSLP service on ESXi hosts if not needed using esxcli command", "Restrict management network access to port 427 using firewall rules", "Isolate ESXi management interfaces from general network access"], "origin": {"product": "ESXi", "vendor": "VMware", "first_reported": "2020-10-20", "exploited_by": ["ESXiArgs ransomware", "Various ransomware operators"]}, "score_reason": "ESXi is widely deployed across Texas municipalities, utilities, and healthcare facilities for server virtualization, and this vulnerability has confirmed active exploitation by ransomware campaigns targeting critical infrastructure.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability", "cve": "CVE-2026-20230", "summary": "Cisco Unified Communications Manager, used for phone systems and voice communications, has a serious security flaw that allows remote attackers to write malicious files and potentially gain full control of the system without needing a password. This affects organizations using Cisco phone systems and could disrupt emergency communications. CISA has added this to their Known Exploited Vulnerabilities list, meaning attackers are actively using this flaw.", "score": 82, "impact_score": 75, "sectors": ["Communications", "Emergency Services", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "CISA KEV", "remediation": ["Immediately check if your Cisco Unified Communications Manager is exposed to the internet and restrict access if possible", "Apply Cisco security patches or mitigations as soon as they become available", "Monitor system logs for unusual file creation or unauthorized access attempts", "Contact your IT provider or Cisco support if you cannot apply patches and consider temporary isolation of affected systems"], "origin": {"product": "Unified Communications Manager", "vendor": "Cisco", "first_reported": "2026-06-25", "exploited_by": []}, "score_reason": "High score due to active exploitation of a lifeline Communications sector product widely deployed in Texas government offices, utilities, and emergency services for voice communications.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-25", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "VMware vCenter Server File Upload Vulnerability", "cve": "CVE-2021-22005", "summary": "VMware vCenter Server has a critical vulnerability that allows attackers with network access to upload malicious files and run harmful code on your systems. This affects the management software used to control virtual servers, which many organizations rely on to run multiple applications. Attackers are actively exploiting this flaw, making immediate patching essential.", "score": 82, "impact_score": 78, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "CISA KEV", "remediation": ["Immediately apply VMware security patches for vCenter Server versions 6.7 and 7.0 as specified in VMSA-2021-0020", "Restrict network access to vCenter Server port 443 to only authorized management workstations", "Monitor vCenter logs for suspicious file upload activity or unauthorized access attempts", "If patching is delayed, implement VMware's published workaround to disable the Analytics service"], "origin": {"product": "vCenter Server", "vendor": "VMware", "first_reported": "2021-09-21", "exploited_by": ["Ransomware operators", "APT groups"]}, "score_reason": "VMware vCenter is widely deployed across Texas government, healthcare, and utility organizations for managing virtual infrastructure, and this vulnerability is actively exploited with network-accessible attack vector.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "Ubiquiti UniFi OS Improper Input Validation Vulnerability", "cve": "CVE-2026-34910", "summary": "A security flaw in Ubiquiti UniFi OS allows attackers on your network to run unauthorized commands on your network equipment. UniFi devices are commonly used in small Texas organizations for WiFi and network management. This vulnerability is being actively exploited and requires immediate attention.", "score": 82, "impact_score": 75, "sectors": ["Communications", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Emergency Services"], "source": "CISA KEV", "remediation": ["Check all UniFi controllers and devices for available firmware updates and apply patches immediately", "Segment UniFi management interfaces from public networks and restrict access to trusted administrators only", "Review network logs for unusual activity or unauthorized access attempts on UniFi devices", "If patches are unavailable, consider temporarily isolating affected devices or discontinuing use per CISA guidance"], "origin": {"product": "UniFi OS", "vendor": "Ubiquiti", "first_reported": "2026-06-23", "exploited_by": []}, "score_reason": "UniFi networking equipment is widely deployed across small Texas municipalities, utilities, clinics, and schools, and this actively exploited vulnerability in a lifeline communications sector product poses significant risk.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-23", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-13780", "cve": "CVE-2026-13780", "summary": "A critical vulnerability in Google Chrome's ANGLE graphics component allows attackers to escape the browser's security sandbox through a malicious webpage. If someone visits a compromised website, attackers could gain broader access to the computer. This affects all Chrome users who haven't updated to version 150.0.7871.47 or later.", "score": 82, "impact_score": 88, "sectors": ["Communications", "Government Facilities", "Healthcare and Public Health", "Education", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Immediately update Google Chrome to version 150.0.7871.47 or later on all workstations", "Enable automatic Chrome updates through Group Policy or device management", "Remind staff not to click suspicious links or visit untrusted websites", "Consider using browser isolation or web filtering to limit exposure to malicious sites"], "origin": {"product": "Chrome (ANGLE component)", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Google Chrome is universally deployed across Texas government offices, schools, clinics, and utilities; a sandbox escape enabling full system compromise from a malicious webpage poses severe risk to all sectors.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:52.873", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "CVE-2026-13776", "cve": "CVE-2026-13776", "summary": "A critical security flaw in Google Chrome allows attackers to escape browser security protections through a malicious webpage. If staff visit a compromised website, attackers could potentially gain control of the computer. All organizations using Chrome should update immediately to version 150.0.7871.47 or later.", "score": 82, "impact_score": 85, "sectors": ["Communications", "Emergency Services", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update Google Chrome immediately to version 150.0.7871.47 or later on all workstations", "Enable automatic Chrome updates through Group Policy or device management", "Remind staff not to click suspicious links or visit untrusted websites until patched", "Consider temporarily using alternative browsers on critical operational systems if immediate patching is not possible"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is universally deployed across Texas public sector organizations including utilities, schools, clinics, and local governments, and this critical sandbox escape could allow full system compromise through normal web browsing.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:52.490", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "Lantronix EDS5000 Code Injection Vulnerability", "cve": "CVE-2025-67038", "summary": "Lantronix EDS5000 serial device servers have a critical flaw allowing attackers to run commands with full system control by manipulating the login username field. These devices are commonly used to connect industrial equipment to networks at utilities and other facilities. Active exploitation has been confirmed, requiring immediate action.", "score": 82, "impact_score": 68, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Critical Manufacturing"], "source": "CISA KEV", "remediation": ["Immediately isolate EDS5000 devices from internet-facing networks and place behind firewalls", "Apply vendor firmware patches or mitigations as soon as available from Lantronix", "Disable unused network services and change all default credentials on affected devices", "If no patch exists, disconnect device or replace with supported alternative per BOD 26-04"], "origin": {"product": "EDS5000", "vendor": "Lantronix", "first_reported": "2026-06-23", "exploited_by": ["Unknown threat actors"]}, "score_reason": "Serial device servers like EDS5000 are deployed at Texas water utilities and energy co-ops for SCADA connectivity, and confirmed active exploitation with root-level access makes this a high-priority threat to lifeline sectors.", "patch_available": false, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-23", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability", "cve": "CVE-2026-20262", "summary": "A vulnerability in Cisco Catalyst SD-WAN Manager allows authenticated attackers to create or overwrite files on the system, potentially leading to complete system compromise. This affects network management software used to control wide-area networks. CISA has added this to their Known Exploited Vulnerabilities catalog, meaning it is being actively attacked.", "score": 82, "impact_score": 75, "sectors": ["Communications", "Energy", "Government Facilities", "Water and Wastewater Systems", "Healthcare and Public Health", "Transportation"], "source": "CISA KEV", "remediation": ["Immediately check Cisco security advisories and apply available patches for Catalyst SD-WAN Manager", "Restrict management interface access to trusted internal networks only using firewall rules", "Review system logs for unauthorized file creation or modification attempts", "If patches are unavailable, consider isolating or discontinuing use of the affected system until mitigations are released"], "origin": {"product": "Catalyst SD-WAN Manager", "vendor": "Cisco", "first_reported": "2026-06-15", "exploited_by": ["Unknown threat actors"]}, "score_reason": "High score due to active exploitation, impact on Communications infrastructure (a lifeline sector), and widespread Cisco SD-WAN deployment across Texas municipalities, utilities, and healthcare facilities managing distributed networks.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-15", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "Schneider Electric PowerLogic P7", "cve": "ICSA-26-176-07", "summary": "Schneider Electric PowerLogic P7 devices used for electrical grid protection and control have critical vulnerabilities including OS command injection that could allow attackers to execute unauthorized commands. If exploited, this could result in loss of control over electrical system operations and disruption of power services. Organizations using these devices for power monitoring and protection should apply patches immediately.", "score": 82, "impact_score": 68, "sectors": ["Energy", "Water and Wastewater Systems", "Critical Manufacturing", "Government Facilities", "Healthcare and Public Health"], "source": "CISA ICS Advisory", "remediation": ["Update PowerLogic P7 devices to firmware versions newer than 0.2.003.001.000 as provided by Schneider Electric", "Isolate PowerLogic P7 devices on segmented networks with strict firewall rules limiting access to authorized personnel only", "Monitor device logs and network traffic for unusual commands or unauthorized access attempts", "Contact Schneider Electric support if unable to update and implement recommended compensating controls from their security bulletin"], "origin": {"product": "PowerLogic P7", "vendor": "Schneider Electric", "first_reported": "2026-06-25", "exploited_by": []}, "score_reason": "High score due to OS command injection vulnerability (CVSS 7.5) affecting electrical protection equipment widely deployed in Texas energy infrastructure, a lifeline sector, with potential for service disruption.", "patch_available": true, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-07", "source_date": "Thu, 25 Jun 26 12:00:00 +0000", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "Splunk Enterprise Missing Authentication for Critical Function Vulnerability", "cve": "CVE-2026-20253", "summary": "Splunk Enterprise, a log monitoring and security tool used by many organizations, has a critical flaw allowing attackers without credentials to create or delete important files through an exposed database service. This could let attackers disrupt operations, destroy audit logs, or gain further access to your network. If your organization uses Splunk Enterprise, immediate action is required as this vulnerability is being actively exploited.", "score": 82, "impact_score": 75, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "CISA KEV", "remediation": ["Apply Splunk's official patch or upgrade to the fixed version immediately per vendor guidance.", "Restrict network access to the PostgreSQL sidecar service endpoint to trusted internal systems only.", "Review system logs for unauthorized file creation or truncation activity indicating compromise.", "If patching is not possible, isolate or disable the affected Splunk instance until mitigations are in place."], "origin": {"product": "Enterprise", "vendor": "Splunk", "first_reported": "2026-06-18", "exploited_by": []}, "score_reason": "Splunk Enterprise is widely deployed across Texas utilities, governments, and healthcare for security monitoring; active exploitation of an unauthenticated file manipulation flaw poses serious risk to lifeline sectors and could enable cover-up of other attacks.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-18", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "Ubiquiti UniFi OS Improper Access Control Vulnerability", "cve": "CVE-2026-34908", "summary": "Ubiquiti UniFi network equipment has a security flaw that allows attackers already on your network to make unauthorized changes to your system settings. UniFi devices are commonly used in small organizations for WiFi and network management. This vulnerability is being actively exploited and requires immediate attention.", "score": 82, "impact_score": 75, "sectors": ["Communications", "Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Emergency Services"], "source": "CISA KEV", "remediation": ["Check all UniFi controllers and devices for available firmware updates and apply immediately", "Isolate UniFi management interfaces from general network access using VLANs or firewall rules", "Review UniFi controller logs for unauthorized configuration changes or new admin accounts", "If patches are unavailable, restrict network access to management interfaces to trusted administrator IPs only"], "origin": {"product": "UniFi OS", "vendor": "Ubiquiti", "first_reported": "2026-06-23", "exploited_by": []}, "score_reason": "Ubiquiti UniFi equipment is widely deployed in small Texas municipalities, school districts, clinics, and utilities for affordable network infrastructure, and active exploitation of this access control flaw directly threatens the Communications lifeline sector.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-23", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "Ubiquiti UniFi OS Path Traversal Vulnerability", "cve": "CVE-2026-34909", "summary": "Ubiquiti UniFi networking equipment has a security flaw that lets attackers on your network access sensitive system files and potentially gain unauthorized control. This affects the UniFi OS software running on access points, switches, and gateways commonly used by small organizations for WiFi and network management. CISA has added this to their Known Exploited Vulnerabilities list, meaning attackers are actively using this flaw.", "score": 82, "impact_score": 78, "sectors": ["Communications", "Water and Wastewater Systems", "Healthcare and Public Health", "Government Facilities", "Energy", "Emergency Services"], "source": "CISA KEV", "remediation": ["Immediately check all UniFi devices and apply the latest firmware update from Ubiquiti's official site", "Restrict network access to UniFi management interfaces using VLANs or firewall rules so only authorized admin workstations can reach them", "Review system logs for unusual file access or unauthorized login attempts", "If patches are unavailable, isolate affected devices from critical systems or discontinue use per CISA guidance"], "origin": {"product": "UniFi OS", "vendor": "Ubiquiti", "first_reported": "2026-06-23", "exploited_by": []}, "score_reason": "UniFi equipment is extremely common in small Texas municipalities, schools, clinics, and utilities for affordable networking; active exploitation targeting the Communications lifeline sector with network access capability poses serious risk.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-23", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "Schneider Electric EasyLogic T150 and Saitel DP RTU", "cve": "ICSA-26-181-04", "summary": "Schneider Electric EasyLogic T150 and Saitel DP Remote Terminal Units have vulnerabilities that allow attackers to access stored credentials without authentication. These RTUs are used in energy and water infrastructure to monitor and control industrial processes. Exploitation could give attackers unauthorized access to critical control systems.", "score": 78, "impact_score": 65, "sectors": ["Energy", "Water and Wastewater Systems", "Critical Manufacturing"], "source": "CISA ICS Advisory", "remediation": ["Update EasyLogic T150 firmware to versions newer than 11.06.31 and Saitel DP to versions newer than 11.06.37 when patches become available", "Isolate affected RTUs on segmented networks with strict firewall rules limiting access to authorized personnel only", "Audit and rotate all credentials stored on these devices immediately", "Monitor network traffic to and from RTUs for unauthorized access attempts"], "origin": {"product": "EasyLogic T150 and Saitel DP RTU", "vendor": "Schneider Electric", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "RTUs are widely deployed in Texas energy and water utilities for SCADA operations, and credential exposure could enable attackers to compromise critical infrastructure control systems.", "patch_available": true, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-04", "source_date": "Tue, 30 Jun 26 12:00:00 +0000", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-8452", "cve": "CVE-2026-8452", "summary": "A memory overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway can cause denial of service and unpredictable behavior when configured as a VPN gateway or authentication server. This could disrupt remote access for employees connecting to government, utility, or healthcare networks. Organizations using Citrix for secure remote access should prioritize patching immediately.", "score": 78, "impact_score": 72, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Check if your organization uses Citrix NetScaler ADC or Gateway configured as SSL VPN, ICA Proxy, CVPN, RDP Proxy, or AAA virtual server", "Apply the vendor patch from Citrix support article CTX696604 immediately", "Monitor appliance logs for unusual memory usage or service disruptions", "Restrict management interface access to trusted internal networks only"], "origin": {"product": "NetScaler ADC and NetScaler Gateway", "vendor": "Citrix", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "NetScaler Gateway is widely used by Texas government agencies, utilities, and healthcare organizations for remote access VPN, and a denial of service attack could severely disrupt critical operations.", "patch_available": true, "reference_url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604", "source_date": "2026-06-30T13:19:33.450", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability", "cve": "CVE-2021-40539", "summary": "Zoho ManageEngine ADSelfService Plus has a critical flaw that lets attackers bypass login security and run malicious code remotely on your systems. This software manages password resets and single sign-on for Active Directory environments. If your organization uses this product, attackers could gain full control of your network without needing credentials.", "score": 78, "impact_score": 72, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems", "Energy"], "source": "CISA KEV", "remediation": ["Immediately check if ManageEngine ADSelfService Plus is installed anywhere in your network", "Update to the latest patched version from Zoho (build 6114 or later) immediately", "Review system logs for signs of unauthorized access or suspicious REST API activity", "Isolate the server from internet access until patching is complete and consider resetting all Active Directory credentials"], "origin": {"product": "ManageEngine ADSelfService Plus", "vendor": "Zoho", "first_reported": "2021-11-03", "exploited_by": ["APT27", "TiltedTemple Campaign", "Chinese state-sponsored actors"]}, "score_reason": "This vulnerability has confirmed active exploitation by nation-state actors, affects identity management infrastructure commonly used by government and healthcare organizations, and could provide attackers access to critical systems managing Texas utilities and services.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-13781", "cve": "CVE-2026-13781", "summary": "A critical vulnerability in Google Chrome's Skia graphics component allows attackers to escape the browser's security sandbox through a malicious webpage. If exploited, an attacker could gain broader access to the computer system. This affects all Chrome users who haven't updated to version 150.0.7871.47 or later.", "score": 78, "impact_score": 82, "sectors": ["Communications", "Emergency Services", "Energy", "Financial Services", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Immediately update Google Chrome to version 150.0.7871.47 or later on all workstations", "Enable automatic Chrome updates through Group Policy or device management", "Remind staff not to click suspicious links or visit untrusted websites until patched", "Consider temporarily using alternative browsers on critical operational systems if immediate patching is not possible"], "origin": {"product": "Chrome (Skia component)", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is universally deployed across Texas government offices, utilities, schools, and healthcare facilities, and sandbox escapes enable full system compromise, though no active exploitation is confirmed yet.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:52.967", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "CVE-2026-13775", "cve": "CVE-2026-13775", "summary": "A critical security flaw in Google Chrome's graphics processing allows attackers to escape the browser's security sandbox through a malicious webpage. If exploited, attackers could gain broader access to the computer running the vulnerable browser. This affects all Chrome users who haven't updated to version 150.0.7871.47 or later.", "score": 78, "impact_score": 85, "sectors": ["Communications", "Critical Manufacturing", "Emergency Services", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update Google Chrome immediately to version 150.0.7871.47 or later on all workstations", "Enable automatic Chrome updates via group policy or device management", "Remind staff not to click suspicious links or visit untrusted websites until patched", "Consider temporarily restricting Chrome usage on critical operational systems until updates are verified"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is universally deployed across Texas government offices, utilities, schools, and healthcare facilities, and this critical sandbox escape vulnerability could allow full system compromise through simple web browsing.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:52.397", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability", "cve": "CVE-2026-35273", "summary": "Oracle PeopleSoft Enterprise PeopleTools has a critical security flaw that allows attackers to completely take over the system without needing any login credentials. This affects financial, HR, and administrative systems commonly used by government agencies and educational institutions. CISA has added this to their Known Exploited Vulnerabilities catalog, meaning it is being actively attacked.", "score": 78, "impact_score": 72, "sectors": ["Government Facilities", "Healthcare and Public Health", "Financial Services", "Information Technology"], "source": "CISA KEV", "remediation": ["Immediately check if your organization uses Oracle PeopleSoft and identify all instances", "Apply Oracle's security patches as soon as available following vendor instructions", "Restrict network access to PeopleSoft systems to internal networks only until patched", "Review system logs for unauthorized access attempts and conduct forensic analysis if compromise is suspected"], "origin": {"product": "PeopleSoft Enterprise PeopleTools", "vendor": "Oracle", "first_reported": "2026-06-12", "exploited_by": []}, "score_reason": "PeopleSoft is widely used by Texas county governments, school districts, and public health organizations for payroll and HR functions, and active exploitation with full system takeover capability poses significant risk to government operations.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-12", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability", "cve": "CVE-2026-45659", "summary": "A vulnerability in Microsoft SharePoint Server allows attackers who have some level of access to run malicious code on your systems over the network. This affects organizations using SharePoint for document sharing and collaboration. CISA has added this to their Known Exploited Vulnerabilities catalog, meaning it is being actively attacked in the wild.", "score": 78, "impact_score": 72, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology", "Emergency Services"], "source": "CISA KEV", "remediation": ["Apply Microsoft's security patches for SharePoint Server immediately following vendor guidance", "Review SharePoint server logs for signs of unauthorized access or suspicious activity", "Restrict network access to SharePoint servers using firewall rules and limit to trusted users only", "If patching is not possible, consider taking SharePoint offline or isolating it from the network until mitigations are in place"], "origin": {"product": "SharePoint Server", "vendor": "Microsoft", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "SharePoint Server is widely deployed across Texas local governments, school districts, and utilities for document management, and active exploitation with network-accessible code execution poses significant risk to critical infrastructure operations.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-07-01", "first_seen": "2026-07-01T20:02:52.970072", "seen_at": "2026-07-01T20:02:52.970072"}, {"title": "CVE-2026-10109", "cve": "CVE-2026-10109", "summary": "IBM Db2 database software versions 11.5.0-11.5.9 and 12.1.0-12.1.4 have a critical vulnerability that allows attackers to run malicious code remotely without needing to log in first. This affects the database communication protocol and could give attackers full control of database servers. Organizations using IBM Db2 for records management, billing, or other critical data should patch immediately.", "score": 78, "impact_score": 65, "sectors": ["Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Financial Services", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately check if IBM Db2 versions 11.5.0-11.5.9 or 12.1.0-12.1.4 are deployed in your environment", "Apply IBM security patches from the referenced support page as highest priority", "Restrict network access to Db2 servers using firewalls to limit exposure to trusted systems only", "Monitor database server logs for unusual connection attempts or DRDA protocol anomalies"], "origin": {"product": "Db2", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Remote code execution without authentication in widely-used enterprise database software poses severe risk to Texas government facilities and utilities that may use Db2 for critical records and billing systems.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277424", "source_date": "2026-06-30T20:17:26.603", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-13783", "cve": "CVE-2026-13783", "summary": "A critical security flaw in Google Chrome allows attackers to potentially take control of your computer if you visit a malicious website and interact with it. This affects all systems running Chrome versions before 150.0.7871.47, including office computers and public access terminals.", "score": 78, "impact_score": 85, "sectors": ["Communications", "Critical Manufacturing", "Emergency Services", "Energy", "Financial Services", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update Google Chrome immediately to version 150.0.7871.47 or later on all workstations and servers", "Enable automatic Chrome updates to prevent future vulnerabilities", "Train staff to avoid clicking suspicious links or engaging with unexpected website prompts", "Consider using browser isolation or web filtering for high-risk environments"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is universally deployed across Texas public sector organizations including utilities, schools, clinics, and local governments, and this critical vulnerability could enable remote system compromise through everyday web browsing.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:53.160", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "ST Engineering iDirect iQ-Series Terminals", "cve": "ICSA-26-183-01", "summary": "ST Engineering iDirect satellite terminal equipment used for communications has security flaws that could let attackers access device information without authorization or disrupt service. These terminals are commonly used by utilities, government facilities, and emergency services for backup or primary satellite communications, especially in rural areas. The vulnerabilities have a high severity rating (CVSS 8.1) and affect multiple product lines.", "score": 78, "impact_score": 65, "sectors": ["Communications", "Defense Industrial Base", "Energy", "Government Facilities", "Transportation"], "source": "CISA ICS Advisory", "remediation": ["Update all affected iQ-Series terminals to firmware version higher than 4.5.2.1 when available from ST Engineering iDirect.", "Restrict network access to terminal management interfaces using firewalls or VLANs.", "Disable unnecessary web-based management features and require strong authentication for remaining access.", "Monitor terminal logs for unusual access patterns or unauthorized configuration changes."], "origin": {"product": "iQ-Series Terminals (Evolution iQ, 3315-Series, 9-Series)", "vendor": "ST Engineering iDirect", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "High score due to satellite terminals being critical for rural Texas communications infrastructure, especially for utilities and emergency services in areas without reliable terrestrial connectivity, plus the high CVSS severity affecting a lifeline sector.", "patch_available": true, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-01", "source_date": "Thu, 02 Jul 26 12:00:00 +0000", "first_seen": "2026-07-02T17:02:53.033598", "seen_at": "2026-07-02T17:02:53.033598"}, {"title": "CVE-2026-13784", "cve": "CVE-2026-13784", "summary": "A critical security flaw in Google Chrome allows attackers to compromise your computer when you visit a malicious website and interact with it. This affects all Chrome browsers that haven't been updated to version 150.0.7871.47 or later. Staff using Chrome for daily work, email, or web browsing could expose your organization's systems to attack.", "score": 78, "impact_score": 85, "sectors": ["Chemical", "Communications", "Critical Manufacturing", "Dams", "Defense Industrial Base", "Emergency Services", "Energy", "Financial Services", "Food and Agriculture", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Nuclear", "Transportation", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later immediately on all workstations", "Enable automatic Chrome updates to prevent future delays in patching", "Remind staff not to click suspicious links or visit untrusted websites", "Consider using browser isolation or web filtering for high-risk operations"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Google Chrome is universally deployed across all Texas critical infrastructure sectors including lifeline sectors, and this critical-severity heap corruption vulnerability could enable remote code execution on staff workstations.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:53.253", "first_seen": "2026-07-01T20:02:52.970072", "seen_at": "2026-07-01T20:02:52.970072"}, {"title": "Frangoteam FUXA SCADA/HMI", "cve": "ICSA-26-181-02", "summary": "A vulnerability in Frangoteam FUXA SCADA/HMI software versions 1.3.1 and earlier allows unauthenticated remote attackers to discover all user accounts and their role assignments without logging in. This affects industrial control systems used to monitor and control water, energy, and manufacturing operations. Attackers could use this information to plan further attacks against your control systems.", "score": 78, "impact_score": 65, "sectors": ["Critical Manufacturing", "Energy", "Water and Wastewater Systems"], "source": "CISA ICS Advisory", "remediation": ["Immediately restrict network access to FUXA SCADA/HMI systems using firewalls to allow only authorized IP addresses", "Place all SCADA/HMI systems behind a VPN and require authentication before network access", "Monitor FUXA system logs for unusual access attempts or user enumeration activity", "Update to a patched version of FUXA when the vendor releases a fix and verify the update resolves CVE-2026-13207"], "origin": {"product": "FUXA SCADA/HMI", "vendor": "Frangoteam", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This vulnerability directly affects two Texas lifeline sectors (Energy and Water/Wastewater) with a high CVSS score of 7.5, and FUXA is an open-source SCADA/HMI platform that may be deployed by smaller utilities seeking low-cost solutions.", "patch_available": false, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-02", "source_date": "Tue, 30 Jun 26 12:00:00 +0000", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability", "cve": "CVE-2021-27561", "summary": "Yealink Device Management software has a security flaw that allows attackers to remotely execute malicious code without needing a password. Yealink phones and VoIP systems are commonly used in offices across Texas. If your organization uses Yealink phone systems with centralized management, attackers could potentially take control of your network.", "score": 72, "impact_score": 65, "sectors": ["Communications", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "CISA KEV", "remediation": ["Immediately check if your organization uses Yealink Device Management software and identify the version", "Apply all available vendor updates and patches from Yealink's official website", "Restrict network access to the Device Management server to trusted internal networks only", "Monitor network logs for unusual outbound connections from your phone management systems"], "origin": {"product": "Device Management", "vendor": "Yealink", "first_reported": "2021-11-03", "exploited_by": []}, "score_reason": "This vulnerability affects communications infrastructure widely deployed in Texas government offices, clinics, and utilities, with confirmed active exploitation and unauthenticated remote code execution capability.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-58284", "cve": "CVE-2026-58284", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer over the network without proper authorization. This affects anyone using the Edge browser, which is common on Windows computers in offices, schools, and government facilities. Attackers could potentially take control of affected systems by exploiting this vulnerability.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via Windows Update", "Enable automatic updates for Edge browser on all managed workstations", "Consider using browser isolation or restricting Edge usage until patched on critical systems", "Monitor Microsoft Security Response Center for additional guidance"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas government offices, schools, utilities, and healthcare facilities, and remote code execution vulnerabilities pose serious risks, though no confirmed active exploitation is reported yet.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58284", "source_date": "2026-07-03T21:17:03.057", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-58290", "cve": "CVE-2026-58290", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer simply by tricking you into visiting a compromised website. This affects anyone using the Edge browser on Windows computers, which is common in offices, schools, and government facilities. Updating Edge to the latest version will protect against this attack.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via Windows Update", "Enable automatic updates for Edge browser across all managed workstations", "Remind staff not to click suspicious links in emails or visit unknown websites", "Consider using web filtering to block known malicious domains"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas government offices, schools, clinics, and utility administrative systems, and remote code execution via network makes this highly exploitable through routine web browsing.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58290", "source_date": "2026-07-03T21:17:03.770", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "Zoho ManageEngine Desktop Central File Upload Vulnerability", "cve": "CVE-2020-10189", "summary": "Zoho ManageEngine Desktop Central has a critical vulnerability that allows attackers to upload malicious files and take complete control of the system without needing any login credentials. This IT management software is used by organizations to manage computers and devices across their networks. If exploited, attackers could access sensitive data, deploy ransomware, or disrupt operations.", "score": 72, "impact_score": 65, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems", "Energy"], "source": "CISA KEV", "remediation": ["Immediately update ManageEngine Desktop Central to the latest patched version from Zoho", "If unable to patch immediately, restrict network access to the Desktop Central server to trusted internal IPs only", "Review server logs for signs of unauthorized file uploads or suspicious activity", "Implement network segmentation to isolate IT management systems from critical operational networks"], "origin": {"product": "ManageEngine Desktop Central", "vendor": "Zoho", "first_reported": "2020-03-06", "exploited_by": ["APT41", "Chinese state-sponsored actors"]}, "score_reason": "This vulnerability affects IT management software that may be used by Texas local governments, school districts, and utilities for device management, with confirmed active exploitation and unauthenticated remote code execution capability.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-13774", "cve": "CVE-2026-13774", "summary": "A critical security flaw in Google Chrome allows attackers to run malicious code on your computer if you install a harmful browser extension. This affects all Chrome browsers that haven't been updated to version 150.0.7871.47 or later. Staff at your organization could be tricked into installing dangerous extensions that compromise your systems.", "score": 72, "impact_score": 78, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update Google Chrome immediately to version 150.0.7871.47 or later on all workstations", "Restrict browser extension installations to IT-approved extensions only using Chrome policies", "Train staff to never install extensions from unknown sources or suspicious prompts", "Audit currently installed Chrome extensions and remove any unauthorized or suspicious ones"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is universally deployed across Texas public sector organizations for daily operations, and this critical code execution vulnerability could compromise workstations accessing SCADA systems, patient records, or financial data.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:52.280", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "CVE-2026-48277", "cve": "CVE-2026-48277", "summary": "Adobe ColdFusion has a critical vulnerability that allows attackers to run malicious code on affected servers without any user interaction. This affects ColdFusion versions 2025.9, 2023.20 and earlier. Organizations running ColdFusion web applications should patch immediately as this type of vulnerability is commonly targeted by ransomware groups.", "score": 72, "impact_score": 65, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update ColdFusion immediately to the latest patched version from Adobe's security bulletin APSB26-68", "If immediate patching is not possible, restrict network access to ColdFusion admin interfaces and limit exposure to trusted IPs only", "Review server logs for unusual activity or unauthorized access attempts", "Consider placing ColdFusion servers behind a web application firewall with updated rules"], "origin": {"product": "ColdFusion", "vendor": "Adobe", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "ColdFusion is used by some Texas government agencies and utilities for web applications, and arbitrary code execution vulnerabilities with changed scope are highly dangerous, though deployment is not as widespread as other enterprise software.", "patch_available": true, "reference_url": "https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html", "source_date": "2026-06-30T16:16:54.320", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-57985", "cve": "CVE-2026-57985", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer simply by visiting a compromised website. This affects any organization using Edge for web browsing, which is common across Texas government offices, schools, and utilities. Staff could be tricked into visiting malicious links through phishing emails.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via WSUS/Intune", "Enable automatic browser updates across all managed workstations", "Remind staff not to click suspicious links in emails and report phishing attempts", "Consider blocking Edge access on critical OT systems that do not require web browsing"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations, and network-based code execution without authentication poses significant risk, though no confirmed active exploitation yet.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57985", "source_date": "2026-07-03T21:17:01.663", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-13592", "cve": "CVE-2026-13592", "summary": "A security flaw in CIPster, an open-source EtherNet/IP industrial communications software, allows remote attackers to write data outside normal memory boundaries. This could crash or compromise industrial control systems that use EtherNet/IP protocols. A public exploit exists, making this an active threat to industrial networks.", "score": 72, "impact_score": 45, "sectors": ["Water and Wastewater Systems", "Energy", "Critical Manufacturing", "Chemical"], "source": "NVD (High)", "remediation": ["Immediately check if CIPster is deployed in any industrial control or SCADA environments", "Apply the vendor patch (commit 3a0159ed43125dcd024a1965f0289cb186bae9ff) from the GitHub repository", "Isolate EtherNet/IP networks from internet and untrusted networks using firewalls", "Monitor industrial network traffic for unusual EtherNet/IP communications"], "origin": {"product": "CIPster", "vendor": "liftoff-sr", "first_reported": "2026-06-29", "exploited_by": ["Public exploit available"]}, "score_reason": "Affects EtherNet/IP industrial protocol software used in SCADA and control systems at water utilities and energy facilities, with public exploit available, though CIPster has limited deployment compared to commercial alternatives.", "patch_available": true, "reference_url": "https://github.com/liftoff-sr/CIPster/", "source_date": "2026-06-29T18:16:37.103", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-34110", "cve": "CVE-2026-34110", "summary": "Guardian language-system has a critical vulnerability allowing anyone on the internet to run commands on the server without logging in. An attacker can exploit a web page flaw to take complete control of affected systems. This could let attackers access sensitive data, disrupt services, or use the server to attack other systems.", "score": 72, "impact_score": 55, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately take any Guardian language-system servers offline or block external access until patched", "Contact the vendor for an emergency patch or remove the vulnerable complex_start.php file", "Implement web application firewall rules to block requests containing shell metacharacters in the id parameter", "Review server logs for suspicious requests to complex_start.php and investigate any compromise"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability, but Guardian language-system has limited known deployment in Texas critical infrastructure; scored higher due to potential use in web-based utility or government systems.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:34.263", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-57981", "cve": "CVE-2026-57981", "summary": "A security flaw in Microsoft Edge browser allows attackers to remotely execute malicious code on computers through network access. This affects any organization using Edge for web browsing, which is common on Windows computers across Texas government offices, schools, and utilities. Users could be compromised by visiting a malicious website or clicking a dangerous link.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via Windows Update", "Enable automatic updates for Edge browser on all managed workstations", "Remind staff not to click suspicious links or visit untrusted websites", "Consider deploying browser isolation or web filtering for additional protection"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations on standard Windows workstations, and remote code execution vulnerabilities pose significant risk, though browser-based attacks require user interaction.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57981", "source_date": "2026-07-03T21:17:01.313", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-57517", "cve": "CVE-2026-57517", "summary": "Control Web Panel (CWP), a free Linux server management tool, has a critical vulnerability allowing attackers to take complete control of servers without needing a password. Attackers can inject malicious database commands and install backdoors to remotely control affected systems. This affects organizations using CWP to manage web hosting or server infrastructure.", "score": 72, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately update Control Web Panel to version 0.9.8.1225 or later", "Restrict network access to CWP admin interfaces using firewall rules to trusted IPs only", "Review server logs and web directories for unauthorized PHP files or suspicious activity", "Consider migrating to more actively maintained server management solutions if possible"], "origin": {"product": "Control Web Panel (CWP)", "vendor": "Control Web Panel", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability in server management software that may be used by smaller Texas governments, clinics, and utilities for low-cost web hosting, though deployment is not as widespread as mainstream products.", "patch_available": true, "reference_url": "https://control-webpanel.com/changelog#1773753427572-9bf81bf4-f2d2", "source_date": "2026-07-01T16:16:49.070", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "CVE-2026-57975", "cve": "CVE-2026-57975", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer simply by visiting a compromised website. This affects anyone using Edge for daily work including accessing email, financial systems, or operational dashboards. Staff at utilities, schools, clinics, and government offices should update Edge immediately.", "score": 72, "impact_score": 68, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via your IT management tools", "Enable automatic updates for Edge browser on all workstations", "Remind staff to avoid clicking suspicious links or visiting unknown websites until patched", "Consider using application allowlisting to restrict browser-based code execution"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations for daily operations, and network-based code execution poses significant risk to multiple lifeline sectors.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57975", "source_date": "2026-07-03T21:17:01.077", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-34107", "cve": "CVE-2026-34107", "summary": "Guardian language-system software has a critical flaw that lets anyone on the internet run commands on your server without logging in. Attackers can take full control of affected systems by sending specially crafted web requests. This is a severe vulnerability requiring immediate action if you use this software.", "score": 72, "impact_score": 58, "sectors": ["Government Facilities", "Water and Wastewater Systems", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately take Guardian language-system offline or block external access to translate.php until patched", "Check server logs for suspicious requests to translate.php containing shell characters like semicolons or pipes", "Contact the Guardian vendor for an emergency patch or updated version", "If compromise is suspected, isolate the server and engage incident response procedures"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability in web-based software potentially used by smaller government and utility organizations, though vendor deployment scope in Texas is not confirmed.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:33.837", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-58127", "cve": "CVE-2026-58127", "summary": "PACSgear MediaWriter 5.2.1, medical imaging software used in healthcare facilities, has a critical flaw allowing attackers to remotely read, write, and execute code on systems without any login required. The software runs with full system privileges, meaning attackers can completely take over affected medical imaging workstations. This could disrupt patient care and expose sensitive medical data.", "score": 72, "impact_score": 45, "sectors": ["Healthcare and Public Health"], "source": "NVD (Critical)", "remediation": ["Immediately block inbound TCP port 9000 at network firewalls and segment PACSgear systems from untrusted networks", "Contact PACSgear vendor for security patch or upgraded version with authentication enabled", "Monitor MediaWriter systems for unexpected DLL files or unauthorized file changes in application directories", "Review system logs for suspicious connections to port 9000 and unusual service restarts"], "origin": {"product": "MediaWriter", "vendor": "PACSgear", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution in healthcare imaging software threatens rural Texas clinics and hospitals, though PACSgear has limited deployment compared to major PACS vendors.", "patch_available": false, "reference_url": "https://gist.github.com/VAMorales/dc679ecab30b7045fa07bf3249a034d8", "source_date": "2026-07-01T16:16:51.417", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "CVE-2026-34115", "cve": "CVE-2026-34115", "summary": "Guardian language-system software has a critical flaw allowing anyone on the internet to run commands on the server without logging in. Attackers can exploit a weakness in how the system handles web requests to take full control of affected servers. This could let criminals access sensitive data, install ransomware, or disrupt operations.", "score": 72, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Immediately block external access to transcribe_amazon.php or take the Guardian language-system offline until patched", "Contact Guardian vendor for emergency security update or mitigation guidance", "Review server logs for suspicious requests containing shell metacharacters in the id parameter", "Isolate affected servers from critical network segments and monitor for signs of compromise"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability in language/transcription software potentially used by government offices, clinics, and public services for accessibility compliance, though deployment scope in Texas is uncertain.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:34.907", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-57988", "cve": "CVE-2026-57988", "summary": "A vulnerability in Microsoft Edge browser allows attackers to execute malicious code on your computer through the network by exploiting file path handling. An attacker could potentially take control of systems where employees browse the web using Edge. Staff computers at schools, clinics, utilities, and government offices using Microsoft Edge are at risk.", "score": 72, "impact_score": 68, "sectors": ["Communications", "Emergency Services", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Windows Update or Edge settings", "Enable automatic updates for Edge browser on all managed workstations", "Consider temporarily using alternative browsers until patch is confirmed installed", "Review endpoint detection logs for suspicious browser activity"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations for daily operations, and network-based code execution poses significant risk to government facilities, utilities, and healthcare providers.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57988", "source_date": "2026-07-03T21:17:02.023", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "WordPress File Manager Plugin Remote Code Execution Vulnerability", "cve": "CVE-2020-25213", "summary": "The WordPress File Manager plugin has a serious security flaw that lets attackers run malicious code and upload harmful files to websites without needing a password. This affects any Texas organization using WordPress with the File Manager plugin installed. Attackers have actively exploited this vulnerability to take over websites.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "CISA KEV", "remediation": ["Immediately update the WordPress File Manager plugin to version 6.9 or later", "If unable to update immediately, deactivate and delete the File Manager plugin until patched", "Review website files for any suspicious PHP files or unauthorized uploads", "Consider using a web application firewall to block malicious upload attempts"], "origin": {"product": "File Manager Plugin", "vendor": "WordPress", "first_reported": "2020-09-01", "exploited_by": ["Unknown criminal actors"]}, "score_reason": "WordPress is widely used by small Texas government agencies, school districts, and utilities for public-facing websites, and this vulnerability is actively exploited with no authentication required.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-57986", "cve": "CVE-2026-57986", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer when you visit a compromised website. This affects anyone using the Edge browser, which is installed by default on Windows computers commonly used in government offices, schools, and utilities.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge immediately through browser settings (Help > About Microsoft Edge) or Windows Update", "Enable automatic updates for Edge browser on all workstations", "Consider temporarily using an alternative browser until patch is confirmed installed", "Block suspicious websites and reinforce phishing awareness with staff"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations, and this network-exploitable code execution vulnerability poses significant risk, though no confirmed active exploitation yet.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57986", "source_date": "2026-07-03T21:17:01.780", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-54998", "cve": "CVE-2026-54998", "summary": "A security flaw in Microsoft Exchange Online allows someone who already has an account to gain higher-level access they shouldn't have across the network. This could let attackers access sensitive emails, calendars, and administrative functions. Texas organizations using Microsoft 365 or Exchange Online for email should monitor for updates from Microsoft.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Monitor Microsoft 365 admin center and MSRC for patches or mitigations specific to this vulnerability", "Review Exchange Online audit logs for unusual privilege changes or administrative actions", "Enforce least-privilege access and remove unnecessary admin roles from user accounts", "Enable multi-factor authentication for all Exchange Online and Microsoft 365 accounts"], "origin": {"product": "Exchange Online", "vendor": "Microsoft", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Microsoft Exchange Online is widely used by Texas school districts, cities, counties, clinics, and utilities for email, making privilege escalation a significant threat to multiple critical sectors.", "patch_available": false, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54998", "source_date": "2026-07-02T23:16:51.137", "first_seen": "2026-07-03T00:34:34.717858", "seen_at": "2026-07-03T00:34:34.717858"}, {"title": "CVE-2026-34108", "cve": "CVE-2026-34108", "summary": "Guardian language-system software has a critical flaw that lets attackers run any command on the server without logging in. The vulnerability exists because user input is passed directly to system commands without checking. If your organization uses this software, attackers could take complete control of your systems remotely.", "score": 72, "impact_score": 58, "sectors": ["Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately identify if Guardian language-system is running on any servers and take those systems offline or block external access", "Apply vendor patches as soon as available or remove the vulnerable text.php file", "Implement web application firewall rules to block requests containing shell metacharacters in the id parameter", "Review server logs for suspicious requests to text.php and investigate potential compromise"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability in web-based software that could be deployed across various Texas municipal and utility systems, though vendor/product details are limited.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:33.970", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-57100", "cve": "CVE-2026-57100", "summary": "A security flaw in Microsoft Entra Provisioning Service allows an authorized attacker to gain elevated privileges through a server-side request forgery attack. This affects organizations using Microsoft Entra (formerly Azure AD) for identity management and user provisioning. An attacker with some network access could potentially compromise identity systems and gain unauthorized access to connected resources.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Check with your IT provider or Microsoft 365 administrator to confirm Microsoft has applied the backend fix to your Entra tenant", "Review Entra audit logs for unusual provisioning activity or unauthorized privilege changes", "Verify conditional access policies are enforced and MFA is enabled for all administrative accounts", "Limit service principal permissions to minimum required access"], "origin": {"product": "Entra Provisioning Service (SyncFabric)", "vendor": "Microsoft", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Microsoft Entra is widely used by Texas local governments, school districts, and utilities for identity management; privilege escalation in identity services could enable broad compromise of connected systems.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57100", "source_date": "2026-07-02T23:16:51.267", "first_seen": "2026-07-03T00:34:34.717858", "seen_at": "2026-07-03T00:34:34.717858"}, {"title": "CVE-2026-34114", "cve": "CVE-2026-34114", "summary": "Guardian language-system software has a critical flaw that lets anyone on the internet run commands on your server without logging in. Attackers can take full control of affected systems by sending specially crafted web requests. This is extremely dangerous for any organization running this translation software.", "score": 72, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Immediately take Guardian language-system offline or block external access to translate_text.php", "Contact the vendor for a patched version or apply any available security updates", "Review server logs for suspicious requests containing shell characters in the id parameter", "If no patch is available, implement a web application firewall rule to filter malicious input"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability affecting web-facing systems, but Guardian language-system has limited known deployment in Texas critical infrastructure.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:34.780", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-58294", "cve": "CVE-2026-58294", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer over the internet. This affects any Windows computer using the Edge browser, which is installed by default on Windows systems. Staff who browse the web could unknowingly trigger this attack by visiting a compromised website.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge immediately through Settings > About Microsoft Edge or via Windows Update", "Enable automatic updates for Edge browser on all managed workstations", "Consider using group policy to enforce browser updates across your organization", "Train staff to avoid clicking suspicious links until patches are confirmed installed"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is pre-installed on Windows computers used across Texas government offices, utilities, clinics, and schools, making this network-exploitable code execution vulnerability a significant threat to daily operations.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58294", "source_date": "2026-07-03T21:17:04.293", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-13777", "cve": "CVE-2026-13777", "summary": "A critical vulnerability in Google Chrome on iOS devices allows attackers to compromise devices through malicious web pages. Staff using iPhones or iPads with Chrome could have their devices hacked simply by visiting a crafted website. This affects any organization where employees use Chrome on Apple mobile devices for work.", "score": 72, "impact_score": 65, "sectors": ["Communications", "Emergency Services", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update Google Chrome on all iOS devices to version 150.0.7871.47 or later immediately", "Notify all staff to update Chrome on personal iOS devices used for work email or systems", "Consider temporarily restricting access to sensitive systems from unpatched iOS devices", "Enable automatic updates for Chrome on all managed mobile devices"], "origin": {"product": "Google Chrome for iOS", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is widely used across Texas organizations on mobile devices, and this critical heap corruption vulnerability could enable remote code execution, though it is limited to iOS devices which may have smaller deployment in industrial environments.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:52.583", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "VMware vCenter Server Information Disclosure Vulnerability", "cve": "CVE-2020-3952", "summary": "VMware vCenter Server has a flaw that allows attackers with network access to port 389 to steal sensitive information due to improper access controls. This affects organizations using VMware virtualization infrastructure to manage their servers and systems. Attackers can exploit this remotely without authentication to access critical directory service data.", "score": 72, "impact_score": 68, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "CISA KEV", "remediation": ["Immediately update VMware vCenter Server to version 6.7 Update 3f or later as specified by VMware", "Block external network access to port 389 (LDAP) on vCenter servers using firewall rules", "Review vCenter access logs for any unauthorized connection attempts to the vmdir service", "Ensure vCenter Server is isolated on a management network not accessible from the internet"], "origin": {"product": "vCenter Server", "vendor": "VMware", "first_reported": "2020-04-09", "exploited_by": []}, "score_reason": "VMware vCenter is widely deployed across Texas municipal governments, utilities, and healthcare facilities for virtualization management, and this vulnerability is on CISA's Known Exploited Vulnerabilities list with confirmed active exploitation.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-34106", "cve": "CVE-2026-34106", "summary": "Guardian language-system software has a critical flaw that lets anyone on the internet run commands on your server without logging in. Attackers can simply add special characters to a web address to take complete control of the affected system. This is an easy-to-exploit vulnerability that requires immediate attention if you use this software.", "score": 72, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately take any Guardian language-system installations offline or block public internet access to them", "Contact the vendor for a patched version or security guidance", "If the system must remain online, place it behind a VPN or firewall that restricts access to trusted IPs only", "Review server logs for suspicious requests to subtitles.php containing special characters like semicolons or ampersands"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Unauthenticated remote code execution is extremely severe, but Guardian language-system appears to be niche software with limited deployment across Texas critical infrastructure sectors.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:33.657", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "Delta Electronics DVP12SE PLC", "cve": "ICSA-26-181-07", "summary": "Delta Electronics DVP12SE programmable logic controllers have critical security flaws allowing attackers to remotely send commands and change operational settings without any login or authentication. All versions of this PLC are affected, which could let attackers disrupt or manipulate industrial control processes. These devices are used in manufacturing and may also be found in water treatment, energy, and other utility automation systems.", "score": 72, "impact_score": 58, "sectors": ["Critical Manufacturing", "Water and Wastewater Systems", "Energy"], "source": "CISA ICS Advisory", "remediation": ["Immediately isolate affected DVP12SE PLCs from internet-facing networks and place behind firewalls", "Implement network segmentation to restrict PLC access to only authorized engineering workstations", "Monitor for unusual commands or configuration changes on affected controllers", "Contact Delta Electronics for firmware updates or compensating controls while awaiting a patch"], "origin": {"product": "DVP12SE PLC", "vendor": "Delta Electronics", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Critical 9.8 CVSS vulnerability in industrial PLCs that could affect Texas manufacturing facilities and potentially water/energy utilities using Delta automation equipment, though no active exploitation reported yet.", "patch_available": false, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-07", "source_date": "Tue, 30 Jun 26 12:00:00 +0000", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "StoneFly Storage Concentrator", "cve": "ICSA-26-181-06", "summary": "StoneFly Storage Concentrator devices have critical vulnerabilities that could allow attackers to gain full unauthorized access, run commands with the highest system privileges, and steal sensitive data. These storage systems are used for data backup and management in various organizations. Immediate patching is essential as the vulnerabilities have the maximum severity rating.", "score": 72, "impact_score": 55, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Information Technology"], "source": "CISA ICS Advisory", "remediation": ["Update StoneFly Storage Concentrator to version 8.0.4.29 or later immediately", "Isolate storage systems from internet-facing networks and place behind firewalls", "Review access logs for signs of unauthorized access or suspicious activity", "Change all default and administrative credentials on storage devices"], "origin": {"product": "Storage Concentrator", "vendor": "StoneFly", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "CVSS 10 rating indicates maximum severity with potential for complete system compromise affecting storage infrastructure used by Texas utilities and government facilities, though StoneFly has limited deployment compared to major vendors.", "patch_available": true, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06", "source_date": "Tue, 30 Jun 26 12:00:00 +0000", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-14396", "cve": "CVE-2026-14396", "summary": "A security flaw in Google Chrome's graphics engine (ANGLE) allows attackers to steal sensitive data from other websites you're viewing by tricking you into visiting a malicious webpage. This affects all Chrome users who haven't updated to version 150.0.7871.46 or later. Staff using Chrome for work email, financial systems, or sensitive operations are at risk of data exposure.", "score": 72, "impact_score": 75, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome to version 150.0.7871.46 or later immediately on all workstations", "Enable automatic Chrome updates via Group Policy or device management", "Remind staff not to click suspicious links or visit untrusted websites until patched", "Verify updates completed by checking chrome://settings/help on each device"], "origin": {"product": "Chrome (ANGLE component)", "vendor": "Google", "first_reported": "2026-06-01", "exploited_by": []}, "score_reason": "Chrome is universally deployed across Texas public sector organizations for daily operations, and this high-severity vulnerability enables cross-origin data theft, threatening sensitive government and utility information.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-07-01T23:16:48.030", "first_seen": "2026-07-03T00:34:34.717858", "seen_at": "2026-07-03T00:34:34.717858"}, {"title": "CVE-2026-34116", "cve": "CVE-2026-34116", "summary": "Guardian language-system software has a critical flaw allowing anyone on the internet to run commands on the server without logging in. Attackers can exploit the transcribe.php file to take complete control of affected systems. This could let criminals steal data, install ransomware, or disrupt operations.", "score": 72, "impact_score": 65, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Immediately take Guardian language-system offline or block external access to transcribe.php", "Contact the vendor for a patched version or security guidance", "If no patch exists, implement a web application firewall rule blocking malicious characters in the id parameter", "Review server logs for suspicious requests to transcribe.php and check for signs of compromise"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability in web software potentially used by Texas government and healthcare facilities, though vendor deployment scope in Texas is unclear.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:35.033", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-5524", "cve": "CVE-2026-5524", "summary": "A critical vulnerability in the Divi Form Builder WordPress plugin allows unauthenticated attackers to upload malicious files and take complete control of affected websites. Attackers can bypass security protections especially on Nginx servers to execute harmful code remotely. Any Texas organization using this popular WordPress form plugin on public-facing websites is at immediate risk.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Immediately update Divi Form Builder plugin to version 5.1.9 or later from the vendor changelog", "Check /wp-content/uploads/de_fb_uploads/ directory for any suspicious .phtml, .phar, .php5, or .php7 files and remove them", "If running Nginx, add server-level rules to block PHP execution in the uploads directory", "Temporarily disable the Divi Form Builder plugin if updates cannot be applied immediately"], "origin": {"product": "Divi Form Builder", "vendor": "Divi Engine", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "WordPress is widely used by Texas municipal websites, school districts, and small utilities; unauthenticated remote code execution with public exploit path poses significant risk to government facilities and public services across rural communities.", "patch_available": true, "reference_url": "https://diviengine.com/divi-form-builder-changelog/", "source_date": "2026-07-02T13:17:00.587", "first_seen": "2026-07-02T14:02:53.142152", "seen_at": "2026-07-02T14:02:53.142152"}, {"title": "CVE-2018-1273", "cve": "CVE-2018-1273", "summary": "This vulnerability in Spring Data Commons allows attackers to remotely execute malicious code on servers without needing login credentials. Attackers can send specially crafted web requests to take complete control of affected systems. This is a well-known vulnerability from 2018 that continues to be targeted by threat actors.", "score": 72, "impact_score": 65, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately update Spring Data Commons to version 1.13.11+ or 2.0.6+ or newer supported versions", "Inventory all Java web applications to identify Spring Data Commons usage", "Implement web application firewalls to filter malicious request parameters", "Isolate legacy systems that cannot be patched from internet-facing networks"], "origin": {"product": "Spring Data Commons", "vendor": "VMware (Pivotal)", "first_reported": "2018-04-11", "exploited_by": ["Mirai botnet variants", "Cryptocurrency miners"]}, "score_reason": "Spring Data is widely used in Java-based web applications across government and utility SCADA/web portals, and this RCE vulnerability has been actively exploited in the wild since 2018.", "patch_available": true, "reference_url": "http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E", "source_date": "2018-04-11T13:29:00.290", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-58289", "cve": "CVE-2026-58289", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer simply by visiting a compromised website. This affects anyone using the Edge browser, which is installed by default on Windows computers. Staff at water utilities, schools, clinics, and government offices who browse the internet are at risk.", "score": 72, "impact_score": 68, "sectors": ["Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Emergency Services", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Update Microsoft Edge to the latest version immediately through Windows Update or Edge settings", "Enable automatic updates for Edge browser on all managed workstations", "Consider temporarily using alternative browsers if patch is unavailable", "Train staff to avoid clicking suspicious links until systems are patched"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations on standard Windows workstations, and network-based code execution vulnerabilities pose significant risk to multiple critical infrastructure sectors.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58289", "source_date": "2026-07-03T21:17:03.640", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-57974", "cve": "CVE-2026-57974", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer when you visit a compromised website. This affects anyone using the Edge browser for daily work including accessing email, web applications, or online services. Staff at utilities, clinics, schools, and government offices should update Edge immediately.", "score": 72, "impact_score": 68, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via WSUS/group policy", "Enable automatic browser updates to ensure future patches are applied promptly", "Remind staff to avoid clicking suspicious links or visiting unfamiliar websites until patched", "Consider temporarily using an alternative browser for sensitive operations if update cannot be applied immediately"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations for daily operations, and network-based code execution poses significant risk to government facilities and critical infrastructure staff workstations.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57974", "source_date": "2026-07-03T21:17:00.957", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-58292", "cve": "CVE-2026-58292", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer over the network if you visit a compromised website or click a malicious link. This affects any organization using Edge as their web browser, which is common on Windows computers. Staff should update Edge immediately and avoid clicking unknown links until patched.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via Windows Update", "Enable automatic updates for Edge browser on all workstations", "Remind staff not to click suspicious links or visit untrusted websites until systems are patched", "Consider using browser isolation or web filtering to reduce exposure"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas local governments, schools, clinics, and utilities on standard Windows systems, and network-based code execution poses significant risk to daily operations.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58292", "source_date": "2026-07-03T21:17:04.013", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "Ivanti Sentry OS Command Injection Vulnerability", "cve": "CVE-2026-10520", "summary": "Ivanti Sentry, a mobile device management gateway, has a critical flaw that lets attackers run commands with full system control without needing a password. This affects organizations using Sentry appliances that are exposed to the internet without proper security configurations. School districts, clinics, and local governments using Ivanti for mobile device management should act immediately.", "score": 72, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Emergency Services"], "source": "CISA KEV", "remediation": ["Immediately check if your Ivanti Sentry appliance is internet-exposed and in an unmanaged state", "Apply vendor patches or mitigations following Ivanti's security advisory", "Enable mTLS with EPMM or restrict HTTPS access through Neurons for MDM to block external attackers", "If mitigations cannot be applied, isolate the appliance from the internet or discontinue use until patched"], "origin": {"product": "Sentry", "vendor": "Ivanti", "first_reported": "2026-06-11", "exploited_by": []}, "score_reason": "This is a critical remote code execution vulnerability in CISA's KEV catalog affecting mobile device management systems used by Texas schools, clinics, and local governments, though it requires specific exposure conditions to exploit.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-11", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-48276", "cve": "CVE-2026-48276", "summary": "Adobe ColdFusion has a critical vulnerability allowing attackers to upload malicious files and execute code on servers without any user interaction. This affects web servers running ColdFusion 2025.9, 2023.20 and earlier versions. Organizations using ColdFusion for web applications or internal portals should patch immediately as this could allow complete system compromise.", "score": 72, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Update Adobe ColdFusion immediately to the latest patched version from Adobe's security bulletin APSB26-68", "Restrict file upload functionality and validate all uploaded file types at the application level", "Implement web application firewall rules to block suspicious file upload attempts", "Audit ColdFusion servers for signs of unauthorized file uploads or unexpected code execution"], "origin": {"product": "ColdFusion", "vendor": "Adobe", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "ColdFusion is used by some Texas government agencies and utilities for web portals; the critical severity, no user interaction requirement, and scope change indicating broader impact warrant elevated concern.", "patch_available": true, "reference_url": "https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html", "source_date": "2026-06-30T16:16:54.193", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-56645", "cve": "CVE-2026-56645", "summary": "A serious security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer simply by visiting a compromised website. This affects anyone using Microsoft Edge for web browsing and could give attackers control of affected systems. All staff computers and workstations using Edge should be updated immediately.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via your IT management system", "Enable automatic updates for Edge browser on all workstations to ensure future patches are applied promptly", "Remind staff not to click suspicious links or visit untrusted websites until patching is confirmed", "Consider temporarily using an alternative browser for critical operations if immediate patching is not possible"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas local governments, schools, and utilities for daily operations, and network-exploitable code execution vulnerabilities pose significant risk, though browser auto-updates may limit exposure.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56645", "source_date": "2026-07-03T21:17:00.670", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-58293", "cve": "CVE-2026-58293", "summary": "A security flaw in Microsoft Edge browser allows attackers to remotely run malicious code on your computer by manipulating file paths. This could let hackers take control of systems used for daily operations. Staff who use Edge for web browsing or accessing online services are at risk.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge", "Enable automatic updates for Edge browser on all organization computers", "Train staff not to click suspicious links or download unexpected files", "Consider using browser isolation or restricting Edge access on critical operational systems"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely used across Texas local governments, schools, clinics, and utilities for daily operations, and remote code execution poses serious risk, though browser-based attacks require user interaction.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58293", "source_date": "2026-07-03T21:17:04.143", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-58126", "cve": "CVE-2026-58126", "summary": "PACSgear PACS Scan 5.2.1, medical imaging software used in healthcare facilities, has a critical vulnerability allowing attackers to remotely take complete control of systems without any login required. Attackers can read and write files and execute malicious code with the highest system privileges. Rural clinics and hospitals using this PACS imaging system should treat this as an emergency.", "score": 72, "impact_score": 58, "sectors": ["Healthcare and Public Health"], "source": "NVD (Critical)", "remediation": ["Immediately block inbound TCP port 22222 at your firewall to prevent remote exploitation", "Contact PACSgear vendor for emergency patch or updated software version", "Isolate PACS systems on a separate network segment from general hospital/clinic networks", "Monitor for unexpected DLL files appearing in the PACSgear application directory"], "origin": {"product": "PACS Scan", "vendor": "PACSgear", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution in medical imaging software threatens rural Texas clinics and hospitals, though not a lifeline sector and exploitation status unclear.", "patch_available": false, "reference_url": "https://gist.github.com/VAMorales/6dc232729cdd517fa30d581fbcd98d8f", "source_date": "2026-07-01T16:16:51.283", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "CVE-2026-58285", "cve": "CVE-2026-58285", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer simply by visiting a compromised website. This affects any organization using Edge for web browsing. Staff should update Edge immediately and avoid clicking suspicious links until patched.", "score": 72, "impact_score": 68, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge", "Enable automatic updates for Edge browser on all workstations", "Remind staff not to click unknown links or visit untrusted websites until update is confirmed", "Consider temporarily using an alternative browser for sensitive operations if immediate patching is not possible"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations including schools, clinics, and local governments; network-based code execution poses significant risk though requires user interaction.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58285", "source_date": "2026-07-03T21:17:03.180", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-8451", "cve": "CVE-2026-8451", "summary": "A security flaw in Citrix NetScaler ADC and NetScaler Gateway allows attackers to read sensitive memory contents when these devices are configured as SAML identity providers. This could expose passwords, session tokens, or other confidential data. Organizations using Citrix for remote access or authentication should patch immediately.", "score": 72, "impact_score": 65, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "NVD (High)", "remediation": ["Check if your NetScaler ADC or Gateway is configured as a SAML IDP and prioritize patching those systems first", "Apply the latest firmware update from Citrix per advisory CTX696604", "Review logs for unusual authentication activity or memory-related errors", "Coordinate with your IT provider or managed service provider if you outsource network security"], "origin": {"product": "NetScaler ADC and NetScaler Gateway", "vendor": "Citrix", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "NetScaler devices are commonly used by Texas local governments, utilities, and healthcare organizations for secure remote access, and memory disclosure vulnerabilities can leak credentials affecting critical operations.", "patch_available": true, "reference_url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604", "source_date": "2026-06-30T13:19:33.347", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "Multiple VMware Products Command Injection Vulnerability", "cve": "CVE-2020-4006", "summary": "VMware identity and access management products have a command injection flaw that lets attackers with admin credentials run any command on the server. This affects organizations using VMware Workspace One Access or Identity Manager for single sign-on or remote access. Attackers who obtain admin passwords can completely compromise affected systems.", "score": 68, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Energy", "Water and Wastewater Systems"], "source": "CISA KEV", "remediation": ["Update affected VMware products to patched versions immediately per VMware security advisory VMSA-2020-0027", "Change all administrative passwords for the configurator interface on port 8443", "Restrict network access to port 8443 to trusted management networks only", "Monitor logs for suspicious authentication attempts or unexpected commands"], "origin": {"product": "Workspace One Access, Access Connector, Identity Manager, Identity Manager Connector", "vendor": "VMware", "first_reported": "2020-11-23", "exploited_by": ["Russian SVR (APT29)"]}, "score_reason": "VMware identity products are used by some Texas government and healthcare organizations for remote access; exploitation requires valid admin credentials which limits mass exploitation but confirmed active exploitation raises concern.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-53488", "cve": "CVE-2026-53488", "summary": "A vulnerability in containerd, a widely-used container runtime, allows malicious container images to execute arbitrary commands on the host system through unvalidated image labels. This affects organizations running containerized applications or cloud infrastructure. Attackers could potentially take full control of systems hosting containers.", "score": 68, "impact_score": 55, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update containerd immediately to fixed versions: 1.7.33, 2.3.2, 2.2.5, 2.1.9, or 2.0.10", "Audit container image sources and only pull from trusted registries", "Review container orchestration plugins that consume container labels", "Implement image scanning and admission control policies to block untrusted images"], "origin": {"product": "containerd", "vendor": "containerd", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Containerd is foundational to Kubernetes and Docker environments increasingly used by Texas utilities and government IT systems, though exploitation requires specific plugin configurations and malicious image deployment.", "patch_available": true, "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp", "source_date": "2026-07-01T02:17:00.467", "first_seen": "2026-07-02T20:02:53.211356", "seen_at": "2026-07-02T20:02:53.211356"}, {"title": "Widget Factory Joomla Content Editor Improper Access Control Vulnerability", "cve": "CVE-2026-48907", "summary": "A vulnerability in Widget Factory's Joomla Content Editor plugin allows attackers to upload and run malicious code on websites without needing to log in. This could let hackers take complete control of affected websites. Any Texas organization using Joomla with this content editor plugin should take immediate action.", "score": 68, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services", "Energy"], "source": "CISA KEV", "remediation": ["Check if your organization's website uses Joomla with Widget Factory Content Editor plugin and disable or remove it immediately if so", "Contact your website vendor or IT provider to apply vendor patches or mitigations as soon as available", "Review web server logs for suspicious PHP file uploads or unauthorized access attempts", "If no patch is available, discontinue use of the plugin and switch to an alternative content editor"], "origin": {"product": "Joomla Content Editor", "vendor": "Widget Factory", "first_reported": "2026-06-16", "exploited_by": []}, "score_reason": "This vulnerability affects Joomla websites which many small Texas municipalities, school districts, and utilities use for public-facing sites, and it is actively exploited with no authentication required.", "patch_available": false, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-16", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-13785", "cve": "CVE-2026-13785", "summary": "A critical security flaw in Google Chrome's Bluetooth feature on Mac computers could allow attackers to escape the browser's security sandbox if a user clicks on a malicious webpage and performs certain actions. This could give attackers deeper access to the affected computer. Organizations using Chrome on Mac should update immediately.", "score": 62, "impact_score": 45, "sectors": ["Communications", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Update Google Chrome on all Mac computers to version 150.0.7871.47 or later immediately", "Enable automatic Chrome updates across your organization", "Remind staff not to click suspicious links or visit untrusted websites", "Consider using Chrome's enterprise policies to enforce automatic updates"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this is a critical Chrome vulnerability, it only affects Mac users and requires user interaction, limiting its impact on Texas infrastructure which predominantly uses Windows systems.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:53.347", "first_seen": "2026-07-01T20:02:52.970072", "seen_at": "2026-07-01T20:02:52.970072"}, {"title": "CVE-2026-58452", "cve": "CVE-2026-58452", "summary": "JAIOTlink C492A-W6 Wi-Fi IP cameras with firmware version 4.8.30.57701411 have a serious security flaw that lets attackers run malicious commands on the device. An attacker who can log into the camera can take complete control of it by sending specially crafted data to a network configuration setting. These cameras are often used for security monitoring at facilities like water plants, schools, and government buildings.", "score": 62, "impact_score": 48, "sectors": ["Water and Wastewater Systems", "Government Facilities", "Healthcare and Public Health", "Energy", "Emergency Services"], "source": "NVD (High)", "remediation": ["Immediately check if any JAIOTlink C492A-W6 cameras are deployed on your network and isolate them from internet access", "Change all default passwords on these cameras and use strong unique credentials", "Segment camera networks from operational technology and business networks using firewalls or VLANs", "Contact the vendor for firmware updates and monitor for patches addressing this vulnerability"], "origin": {"product": "C492A-W6 Wi-Fi IP Camera", "vendor": "JAIOTlink", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "IP cameras are commonly deployed at Texas critical infrastructure sites for physical security, and remote code execution could allow attackers to disable surveillance, pivot to internal networks, or conduct reconnaissance, though exploitation requires authentication.", "patch_available": false, "reference_url": "https://github.com/rwprimitives/jaiotlink-c492a-wifi-camera/blob/main/writeups/01-setmac-command-injection.md", "source_date": "2026-07-01T17:16:40.347", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-13228", "cve": "CVE-2026-13228", "summary": "The LatePoint calendar booking plugin for WordPress has a critical security flaw that allows attackers with basic agent-level access to escalate their privileges to full Administrator control. This could let attackers take over websites used by local governments, clinics, or school districts for appointment scheduling. Organizations using this WordPress booking plugin should update immediately.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (High)", "remediation": ["Update LatePoint plugin to version 5.6.4 or later immediately", "Audit all WordPress user accounts for unauthorized administrator accounts or suspicious activity", "Review and remove unnecessary Agent-level accounts from LatePoint", "Implement Web Application Firewall rules to monitor for suspicious privilege changes"], "origin": {"product": "LatePoint Calendar Booking Plugin for WordPress", "vendor": "LatePoint", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "WordPress plugins are widely used by Texas local governments, clinics, and school districts for public-facing services; privilege escalation to admin poses significant risk but requires authenticated agent access, limiting immediate exploitation scope.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.2/lib/controllers/orders_controller.php#L112", "source_date": "2026-07-01T11:16:25.377", "first_seen": "2026-07-01T15:34:34.687056", "seen_at": "2026-07-01T15:34:34.687056"}, {"title": "CVE-2026-58288", "cve": "CVE-2026-58288", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer when you visit a compromised website. This affects any Windows computer using Edge for web browsing. Staff should update Edge immediately and avoid clicking unknown links until patched.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge", "Enable automatic updates for Edge browser on all workstations", "Remind staff not to click suspicious links or visit untrusted websites", "Consider using application whitelisting to restrict browser-based code execution"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas local governments, schools, and utilities, but requires user interaction to exploit and is not yet confirmed actively exploited in the wild.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58288", "source_date": "2026-07-03T21:17:03.523", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-58138", "cve": "CVE-2026-58138", "summary": "Orkes Conductor workflow automation software versions 3.21.21 through 3.30.1 have a critical security flaw that lets attackers run malicious commands on your servers without needing to log in. An attacker can submit specially crafted workflow requests that execute harmful code on your systems. This could give attackers complete control of affected servers.", "score": 62, "impact_score": 45, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately upgrade Orkes Conductor to version 3.30.2 or later", "Block external access to Conductor workflow API endpoints using firewall rules until patched", "Review server logs for suspicious workflow submissions or unexpected process execution", "If upgrade is not immediately possible, disable inline JavaScript and Python evaluators in Conductor configuration"], "origin": {"product": "Conductor", "vendor": "Orkes", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this is a critical unauthenticated remote code execution vulnerability, Orkes Conductor is specialized workflow orchestration software not commonly deployed in small Texas municipalities, limiting widespread impact to organizations using this specific platform.", "patch_available": true, "reference_url": "https://github.com/conductor-oss/conductor/commit/87a7d96aabbb706d6e84f812b93da5165028d18f", "source_date": "2026-06-30T19:17:00.520", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-14249", "cve": "CVE-2026-14249", "summary": "A WordPress plugin called 'Request a Quote' has a serious security flaw that allows anyone on the internet to run dangerous code on your website without logging in. Attackers can exploit this to view sensitive server information, steal credentials, or damage your website. Any Texas organization using this plugin on their WordPress site should update or remove it immediately.", "score": 62, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "NVD (High)", "remediation": ["Check all WordPress sites for the 'Request a Quote' plugin and update to version 2.5.6 or later if available", "If no patch exists, immediately deactivate and delete the plugin from your WordPress installation", "Review server logs for unusual activity or unauthorized access attempts", "Implement a web application firewall (WAF) to help block exploitation attempts"], "origin": {"product": "Request a Quote", "vendor": "emdplugins", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "This vulnerability affects WordPress sites which are commonly used by small Texas municipalities, utilities, and public agencies for public-facing services, and requires no authentication to exploit, though it is limited to sites using this specific plugin.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/request-a-quote/tags/2.5.5/includes/class-install-deactivate.php#L60", "source_date": "2026-07-02T06:16:13.760", "first_seen": "2026-07-02T06:34:34.623151", "seen_at": "2026-07-02T06:34:34.623151"}, {"title": "CVE-2026-57992", "cve": "CVE-2026-57992", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer simply by visiting a compromised website. This affects any organization using Microsoft Edge for web browsing. Staff should update Edge immediately and avoid clicking unknown links until patched.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge", "Enable automatic updates for Edge browser on all workstations", "Remind staff not to click suspicious links or visit untrusted websites", "Consider temporarily using an alternative browser until the patch is confirmed installed"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely used across Texas local governments, schools, and utilities for daily operations, but exploitation requires user interaction via network access, somewhat limiting immediate risk.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57992", "source_date": "2026-07-03T21:17:02.310", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2017-8046", "cve": "CVE-2017-8046", "summary": "This vulnerability allows attackers to run malicious code on servers using older versions of Spring Data REST and Spring Boot by sending specially crafted requests. If your organization uses Java-based web applications built with these frameworks, attackers could take complete control of affected systems. This is a well-known vulnerability from 2017 that may still affect unpatched legacy systems.", "score": 62, "impact_score": 55, "sectors": ["Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Inventory all Java-based web applications to identify those using Spring Data REST or Spring Boot", "Upgrade Spring Data REST to version 2.6.9 or 3.0.1+ and Spring Boot to 1.5.9 or 2.0+ immediately", "If upgrading is not possible, disable or restrict access to PATCH request endpoints", "Monitor application logs for suspicious PATCH requests with unusual JSON payloads"], "origin": {"product": "Spring Data REST, Spring Boot", "vendor": "Pivotal (VMware)", "first_reported": "2017-09-21", "exploited_by": []}, "score_reason": "Spring framework is commonly used in Java web applications across government and utility sectors, and this allows remote code execution, though the vulnerability is older and many systems have been patched.", "patch_available": true, "reference_url": "http://www.securityfocus.com/bid/100948", "source_date": "2018-01-04T06:29:00.307", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-11806", "cve": "CVE-2026-11806", "summary": "IBM WebSphere Application Server Liberty has a vulnerability that allows attackers to read any file on the server when the restConnector-2.0 feature is enabled. This could expose sensitive configuration files, passwords, and other critical data. Organizations using IBM WebSphere Liberty for web applications should apply patches immediately.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (High)", "remediation": ["Check if restConnector-2.0 feature is enabled in your WebSphere Liberty configuration and disable if not required", "Apply IBM security update from the referenced support page immediately", "Review server logs for unauthorized file access attempts", "Restrict network access to WebSphere admin interfaces to trusted IPs only"], "origin": {"product": "WebSphere Application Server Liberty", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "WebSphere Liberty is used by some Texas government agencies and utilities for web applications, and arbitrary file read vulnerabilities can expose credentials and sensitive data, though exploitation requires specific feature configuration.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277536", "source_date": "2026-06-30T20:17:28.157", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-34111", "cve": "CVE-2026-34111", "summary": "Guardian language-system software has a critical security flaw that allows attackers to run any command on the server without logging in. The vulnerability exists because user input is passed directly to system commands without checking. Any organization using this software is at immediate risk of complete system compromise.", "score": 62, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately take Guardian language-system offline or block public internet access to it until patched", "Contact the Guardian vendor for an emergency security update or patch", "If the system must remain online, place it behind a VPN or firewall that requires authentication before access", "Review server logs for suspicious requests to speechmac_text.php containing unusual characters like semicolons or pipes"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability, but Guardian language-system appears to be niche software with limited deployment in Texas critical infrastructure sectors.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:34.397", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "Schneider Electric EcoStruxure IT Data Center Expert", "cve": "ICSA-26-181-03", "summary": "Schneider Electric EcoStruxure IT Data Center Expert software has a vulnerability that could allow attackers to access sensitive information through improper handling of XML data. This monitoring software is used in data centers, manufacturing facilities, and energy operations to track critical equipment. Organizations using versions 9.1.1, 9.1.2 or earlier should apply updates to prevent potential information disclosure.", "score": 62, "impact_score": 45, "sectors": ["Information Technology", "Critical Manufacturing", "Energy"], "source": "CISA ICS Advisory", "remediation": ["Check if EcoStruxure IT Data Center Expert versions 9.1.1, 9.1.2 or earlier are in use at your facility", "Apply the latest security update from Schneider Electric as soon as available", "Restrict network access to the monitoring software to authorized personnel only", "Monitor system logs for unusual XML processing or unauthorized data access attempts"], "origin": {"product": "EcoStruxure IT Data Center Expert", "vendor": "Schneider Electric", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This vulnerability affects data center monitoring software used in energy and manufacturing sectors with a moderate CVSS score of 6.5, but no confirmed active exploitation reduces immediate urgency for Texas infrastructure.", "patch_available": true, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-03", "source_date": "Tue, 30 Jun 26 12:00:00 +0000", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability", "cve": "CVE-2019-8394", "summary": "Zoho ManageEngine ServiceDesk Plus has a vulnerability that allows attackers to upload malicious files through the login page without proper authorization. This IT help desk software is used by many organizations to manage support tickets and IT assets. If exploited, attackers could gain unauthorized access to your systems and potentially move deeper into your network.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems", "Energy"], "source": "CISA KEV", "remediation": ["Immediately update ManageEngine ServiceDesk Plus to the latest patched version from Zoho", "Review server logs for any suspicious file uploads or unauthorized login page modifications", "Restrict network access to the ServiceDesk Plus management interface to trusted internal IPs only", "Implement network segmentation to isolate IT management systems from critical operational technology"], "origin": {"product": "ManageEngine ServiceDesk Plus", "vendor": "Zoho", "first_reported": "2019-02-07", "exploited_by": []}, "score_reason": "This vulnerability affects IT service management software used by government agencies and utilities across Texas, with confirmed active exploitation tracked by CISA since 2021, though it is an older vulnerability with patches available.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "WordPress Snap Creek Duplicator Plugin File Download Vulnerability", "cve": "CVE-2020-11738", "summary": "The WordPress Snap Creek Duplicator plugin has a vulnerability that allows attackers to download backup files containing sensitive site data when administrators create copies of their website. These backup files often contain database credentials, configuration files, and other sensitive information. This affects many Texas organizations using WordPress for their public websites.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "CISA KEV", "remediation": ["Update Duplicator plugin to version 1.3.28 or later (or Duplicator Pro to 3.8.7.1 or later) immediately", "Delete any existing backup archives from the wp-snapshots directory on your server", "Review server logs for unauthorized access to backup files", "Limit WordPress admin access to trusted users only"], "origin": {"product": "Duplicator Plugin for WordPress", "vendor": "Snap Creek", "first_reported": "2020-02-12", "exploited_by": []}, "score_reason": "WordPress is widely used by Texas local governments, school districts, and small utilities for public websites, and this vulnerability is confirmed actively exploited, though it requires specific conditions to trigger.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2022-24293", "cve": "CVE-2022-24293", "summary": "Certain HP printers have a critical vulnerability that could allow attackers to steal information, crash the device, or run malicious code remotely. This affects many common HP print devices used in offices across Texas. Organizations should update printer firmware immediately to prevent potential network compromise.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Check HP's security bulletin to identify if your printer models are affected", "Download and apply the latest firmware update from HP's support website", "Isolate printers on a separate network segment from critical operational systems", "Disable unnecessary network services and remote management features on printers"], "origin": {"product": "HP Print Devices", "vendor": "HP", "first_reported": "2022-03-23", "exploited_by": []}, "score_reason": "HP printers are widely deployed across Texas government offices, schools, clinics, and utilities, and remote code execution capability poses significant risk to network security, though printers are not typically internet-facing.", "patch_available": true, "reference_url": "https://support.hp.com/us-en/document/ish_5950417-5950443-16", "source_date": "2022-03-23T20:15:10.963", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-8655", "cve": "CVE-2026-8655", "summary": "Citrix NetScaler ADC and Gateway devices have memory overflow vulnerabilities that can cause systems to crash or behave unpredictably. If your organization uses NetScaler for load balancing Oracle databases, DNS proxy, or DNS resolver functions, attackers could knock these services offline. This affects network security appliances that many organizations use to manage internet traffic and protect internal systems.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Check if your organization uses Citrix NetScaler ADC or Gateway appliances and identify if they are configured as Oracle load balancers, DNS proxies, or DNS resolvers", "Apply the security update from Citrix immediately by visiting the referenced support article CTX696604", "If patching is delayed, consider temporarily disabling affected configurations (Oracle LB, DNS proxy, DNS resolver) until updates are applied", "Monitor NetScaler devices for unusual crashes or performance issues that may indicate exploitation attempts"], "origin": {"product": "NetScaler ADC and NetScaler Gateway", "vendor": "Citrix", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "NetScaler devices are used by some Texas local governments and healthcare facilities for network management, but deployment in small rural organizations is limited; denial of service impact is significant but not as severe as remote code execution.", "patch_available": true, "reference_url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604", "source_date": "2026-06-30T13:19:34.083", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "CVE-2026-14544", "cve": "CVE-2026-14544", "summary": "A security flaw in HP Linux Imaging and Printing Software (HPLIP) allows attackers to potentially take control of systems or run malicious code by sending specially crafted print jobs. This affects Linux computers connected to HP printers and could let attackers gain elevated access to your network. The vulnerability is an incomplete fix for a previous issue, meaning systems thought to be patched may still be at risk.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Check all Linux systems for HPLIP installation and update to the latest patched version from HP or your Linux distribution", "Restrict network access to printing services by placing printers on isolated network segments", "Monitor print server logs for unusual activity or failed print jobs from unknown sources", "Consider temporarily disabling remote printing capabilities until patches are applied"], "origin": {"product": "HPLIP (HP Linux Imaging and Printing Software)", "vendor": "HP", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "HPLIP is commonly used in Linux environments across Texas government offices, clinics, and utilities with HP printers, but exploitation requires network access to printing services, limiting immediate widespread impact.", "patch_available": false, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-14544", "source_date": "2026-07-03T08:16:24.433", "first_seen": "2026-07-03T09:34:34.510709", "seen_at": "2026-07-03T09:34:34.510709"}, {"title": "CVE-2026-57983", "cve": "CVE-2026-57983", "summary": "A security flaw in Microsoft Edge browser allows attackers to bypass security protections over a network without authorization. This could let malicious websites or network-based attackers circumvent browser safety features. Staff using Edge for web browsing or accessing online systems could be at risk.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via WSUS/group policy", "Enable automatic browser updates to ensure timely security patches", "Remind staff to avoid clicking suspicious links and report unusual browser behavior", "Consider using browser isolation or web filtering for sensitive operations"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely used across Texas local governments, schools, and utilities for daily operations, but this authorization bypass requires network access and no active exploitation is currently confirmed.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57983", "source_date": "2026-07-03T21:17:01.433", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-14241", "cve": "CVE-2026-14241", "summary": "Mozilla Firefox version 152.0.3 contains memory safety bugs that could allow attackers to run malicious code on affected computers. These vulnerabilities have been fixed in Firefox version 152.0.4. Organizations using Firefox as their web browser should update immediately to prevent potential compromise.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Update Firefox immediately to version 152.0.4 or later on all workstations and servers", "Enable automatic updates in Firefox settings to receive future security patches promptly", "Verify all staff computers have been updated by checking Help > About Firefox", "Consider implementing browser management policies to enforce timely updates across your organization"], "origin": {"product": "Firefox", "vendor": "Mozilla", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Firefox is widely deployed across Texas public sector organizations for daily operations, and memory corruption vulnerabilities enabling arbitrary code execution pose significant risk, though no active exploitation is currently confirmed.", "patch_available": true, "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2043241%2C2045514%2C2045576%2C2045623%2C2045765%2C2049409%2C2049840", "source_date": "2026-06-30T14:16:26.087", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "CVE-2026-34109", "cve": "CVE-2026-34109", "summary": "Guardian language-system software has a critical flaw where attackers can run any command on the server without logging in, by manipulating a web address parameter. This could allow complete takeover of systems running this software, potentially affecting websites or applications used by local organizations.", "score": 62, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately take any Guardian language-system installations offline or block public internet access to them", "Contact the vendor for a patched version or security guidance", "Review server logs for suspicious requests to speech.php containing special characters", "If no patch is available, consider replacing with alternative software"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability, but Guardian language-system has limited known deployment in Texas critical infrastructure sectors.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:34.107", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-14721", "cve": "CVE-2026-14721", "summary": "A security flaw in UTT HiPER 1250GW wireless routers (versions up to 3.2.7) allows remote attackers to crash or take control of the device by sending malicious data to its web interface. This affects the router's wireless configuration page and exploit code is publicly available, making attacks more likely.", "score": 62, "impact_score": 35, "sectors": ["Communications", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Immediately check if any UTT HiPER 1250GW routers are deployed in your network and identify their firmware versions", "Restrict access to the router's web management interface to trusted internal IP addresses only", "Place affected routers behind a firewall and disable remote administration from the internet", "Contact UTT for firmware updates or consider replacing with supported equipment from major vendors"], "origin": {"product": "HiPER 1250GW", "vendor": "UTT", "first_reported": "2026-07-05", "exploited_by": ["Public exploit available"]}, "score_reason": "This vulnerability affects network infrastructure equipment with public exploit code available, posing moderate risk to small Texas organizations using these routers for connectivity, though UTT devices have limited deployment in US markets.", "patch_available": false, "reference_url": "https://github.com/J-CLOWN-TAROT/UTT", "source_date": "2026-07-05T08:16:26.647", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability", "cve": "CVE-2019-9978", "summary": "The WordPress Social Warfare plugin has a security flaw that allows attackers to inject malicious code into websites, potentially taking control of the site. This affects any Texas organization using WordPress with this social sharing plugin installed. Attackers have actively exploited this vulnerability in the wild.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "CISA KEV", "remediation": ["Update Social Warfare plugin to version 3.5.3 or later immediately", "If unable to update, deactivate and delete the Social Warfare plugin", "Scan your WordPress site for signs of compromise or unauthorized admin accounts", "Review and limit WordPress admin access to essential personnel only"], "origin": {"product": "Social Warfare Plugin", "vendor": "Warfare Plugins", "first_reported": "2019-03-21", "exploited_by": []}, "score_reason": "WordPress is commonly used by small Texas government entities, school districts, and utilities for public websites, and this vulnerability has confirmed active exploitation, though impact is limited to web presence rather than operational systems.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-57993", "cve": "CVE-2026-57993", "summary": "A security flaw in Microsoft Edge browser allows attackers to trick the browser into making unauthorized network requests on their behalf, potentially accessing internal systems or sensitive information. This affects any organization using Microsoft Edge as their web browser. Users could be compromised simply by visiting a malicious website.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via your IT management system", "Enable automatic updates for Edge browser on all workstations", "Consider using browser isolation for sensitive administrative tasks", "Monitor network logs for unusual outbound requests from user workstations"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas government offices, schools, and utilities, but SSRF attacks typically require user interaction and network access, limiting immediate impact to lifeline sectors.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57993", "source_date": "2026-07-03T21:17:02.443", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-58276", "cve": "CVE-2026-58276", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer when you visit a compromised website. This affects all organizations using Edge for web browsing. Staff should avoid clicking unknown links until the browser is updated.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge", "Enable automatic updates for Edge browser on all workstations", "Remind staff not to click suspicious links or visit untrusted websites", "Consider using browser isolation or web filtering for high-risk users"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas government offices, schools, and utilities, and network-based code execution poses significant risk, though exploitation requires user interaction via web browsing.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58276", "source_date": "2026-07-03T21:17:02.573", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability", "cve": "CVE-2026-7473", "summary": "Arista network switches running EOS have a flaw where they incorrectly handle certain tunneled network packets, potentially allowing attackers to bypass security controls or disrupt network traffic. This affects network infrastructure equipment that may be used in larger Texas utilities and government facilities. The vulnerability is being actively exploited according to CISA.", "score": 62, "impact_score": 45, "sectors": ["Communications", "Energy", "Water and Wastewater Systems", "Government Facilities", "Healthcare and Public Health"], "source": "CISA KEV", "remediation": ["Check with your network equipment vendor or IT provider to determine if you have Arista EOS switches in your infrastructure", "Apply vendor-provided patches or configuration mitigations immediately if Arista equipment is present", "Implement network segmentation to limit exposure of vulnerable switches", "If no patch is available, consider disabling tunneling features or restricting access to management interfaces"], "origin": {"product": "Extensible Operating System", "vendor": "Arista", "first_reported": "2026-06-09", "exploited_by": []}, "score_reason": "Arista switches are primarily deployed in larger enterprise and data center environments, with limited presence in small rural Texas organizations, but active exploitation and potential impact on lifeline sector networks elevates concern.", "patch_available": false, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-09", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2022-24292", "cve": "CVE-2022-24292", "summary": "Certain HP printers have a serious vulnerability that could allow attackers to steal information, crash the device, or take complete control remotely. This affects many common HP print devices used in offices across Texas. If your organization uses HP printers, they should be updated immediately.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Check HP's security bulletin to identify if your printer models are affected", "Download and apply the latest firmware updates from HP support website", "Restrict printer network access by placing printers on isolated network segments", "Disable unused network protocols and remote management features on printers"], "origin": {"product": "HP Print Devices", "vendor": "HP", "first_reported": "2022-03-23", "exploited_by": []}, "score_reason": "HP printers are widely deployed in Texas government offices, clinics, schools, and utilities; remote code execution capability poses significant risk though no confirmed active exploitation in critical infrastructure has been reported.", "patch_available": true, "reference_url": "https://support.hp.com/us-en/document/ish_5950417-5950443-16", "source_date": "2022-03-23T20:15:10.923", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-50521", "cve": "CVE-2026-50521", "summary": "A security flaw in Microsoft Edge browser could allow an attacker to run malicious code on your computer over the network. This affects anyone using the Edge web browser, which is common on Windows computers in offices and public workstations. Staff should update Edge immediately and avoid clicking suspicious links until patched.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge", "Enable automatic updates for Edge browser on all workstations", "Remind staff not to click unknown links or visit untrusted websites", "Consider using browser isolation or restricting Edge use on critical operational systems"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas local governments, schools, and utilities, but exploitation requires network access and user interaction, moderately limiting immediate risk.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50521", "source_date": "2026-07-01T21:17:03.037", "first_seen": "2026-07-01T21:34:34.848332", "seen_at": "2026-07-01T21:34:34.848332"}, {"title": "CVE-2025-71380", "cve": "CVE-2025-71380", "summary": "The n8n workflow automation tool has a vulnerability that allows users with valid credentials to run dangerous commands on the server hosting n8n. If an attacker gains access to an n8n account, they could steal data, disrupt services, or take full control of the system. Organizations using n8n for automation workflows should immediately review access controls and apply security updates.", "score": 62, "impact_score": 48, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update n8n to the latest patched version immediately", "Audit all n8n user accounts and remove unnecessary access", "Enable multi-factor authentication for all n8n users", "Restrict network access to n8n instances using firewall rules"], "origin": {"product": "n8n", "vendor": "n8n-io", "first_reported": "2025-07-04", "exploited_by": []}, "score_reason": "n8n is used by some Texas organizations for workflow automation, and authenticated command execution could compromise connected systems, but exploitation requires valid credentials limiting immediate widespread impact.", "patch_available": true, "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-365g-vjw2-grx8", "source_date": "2026-07-04T02:16:23.477", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-13759", "cve": "CVE-2026-13759", "summary": "IBM WebSphere Extreme Scale has a critical security flaw that allows attackers to run malicious code on affected servers. An attacker who gains basic access or is on the same network can completely take over systems running this software. This affects enterprise Java application servers that some larger utilities and government organizations may use.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (High)", "remediation": ["Check if IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 are deployed in your environment", "Apply IBM's security patch from the referenced support page immediately", "Restrict network access to WebSphere replication ports to trusted systems only", "Remove Oracle Coherence from the classpath if not needed to eliminate gadget chains"], "origin": {"product": "WebSphere Extreme Scale", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Remote code execution vulnerability in enterprise middleware that may be used by larger Texas government and utility organizations, though deployment in small rural Texas entities is limited.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278595", "source_date": "2026-06-30T20:17:28.953", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-6070", "cve": "CVE-2026-6070", "summary": "The WP-BusinessDirectory plugin for WordPress has a critical security flaw allowing anyone on the internet to delete important files from your website without logging in. Attackers can remove wp-config.php and other critical files, which would take your website completely offline. This affects any organization using this WordPress plugin for business directory listings.", "score": 62, "impact_score": 48, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (Critical)", "remediation": ["Immediately update WP-BusinessDirectory plugin to version 4.0.2 or higher if available, or deactivate the plugin until patched", "Restrict access to WordPress admin and plugin directories using web server rules", "Implement regular backups of wp-config.php and database to enable quick recovery", "Monitor web server logs for suspicious requests containing 'task=upload.remove' or path traversal patterns"], "origin": {"product": "WP-BusinessDirectory", "vendor": "CMSJunkie", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "WordPress is widely used by Texas local governments, clinics, and utilities for public-facing websites; unauthenticated file deletion could disrupt public communications and services, though this does not directly impact operational technology systems.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/wp-businessdirectory/tags/4.0.0/site/controllers/upload.php#L127", "source_date": "2026-07-01T05:16:23.277", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-11714", "cve": "CVE-2026-11714", "summary": "IBM WebSphere Application Server Liberty has a security flaw that could allow attackers to trick the server into making unauthorized requests to internal systems when the API Discovery feature is enabled. This type of vulnerability (server-side request forgery) could let attackers access internal resources or sensitive data that should not be publicly accessible. Organizations running WebSphere Liberty for web applications or services should apply patches promptly.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (High)", "remediation": ["Check if your organization uses IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 and has the apiDiscovery-1.0 feature enabled", "Apply the latest IBM security update from the referenced support page immediately", "If patching is delayed, disable the apiDiscovery-1.0 feature until the update can be applied", "Review server logs for unusual outbound connection attempts that may indicate exploitation"], "origin": {"product": "WebSphere Application Server Liberty", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "WebSphere Application Server is used by some Texas government agencies, utilities, and healthcare organizations for enterprise applications, but the vulnerability requires a specific feature to be enabled, limiting exposure.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278580", "source_date": "2026-06-30T20:17:28.033", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-13773", "cve": "CVE-2026-13773", "summary": "IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 contain a vulnerability where attackers can exploit Java deserialization flaws to redirect server connections to malicious hosts and potentially execute unauthorized code remotely. This affects organizations running IBM WebSphere application servers with the Extreme Scale caching component. If your systems use this IBM software, attackers could gain control of affected servers.", "score": 62, "impact_score": 48, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Check if IBM WebSphere Extreme Scale 8.6.1.0-8.6.1.6 is installed on any servers and identify all instances", "Apply the security patch from IBM Support page node/7278594 immediately", "Implement network segmentation to restrict outbound IIOP connections from WebSphere servers", "Review and harden Java deserialization filters on all WebSphere Application Server instances"], "origin": {"product": "WebSphere Extreme Scale", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "WebSphere is used by some Texas government agencies and healthcare organizations for enterprise applications, and the remote code execution capability poses serious risk, though deployment in small rural organizations is limited.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278594", "source_date": "2026-06-30T20:17:29.227", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-58455", "cve": "CVE-2026-58455", "summary": "Dockwatch, a Docker container management tool, has a critical security flaw that allows attackers to run any commands on the server without logging in. Because Dockwatch typically has access to the Docker socket, attackers can take complete control of the host system and all containers. This affects organizations using Dockwatch to manage their Docker deployments.", "score": 62, "impact_score": 45, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (Critical)", "remediation": ["Immediately update Dockwatch to a version newer than 0.6.567 or apply the patch from the referenced GitHub pull request", "Block external network access to Dockwatch instances using firewall rules", "Review Docker socket mounting permissions and restrict container privileges", "Audit systems for signs of compromise including unexpected commands or new containers"], "origin": {"product": "Dockwatch", "vendor": "Notifiarr", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "While this is a critical vulnerability allowing full host compromise, Dockwatch is a specialized Docker management tool with limited deployment in Texas critical infrastructure; however, any organization using it for SCADA or operational systems faces severe risk.", "patch_available": true, "reference_url": "https://github.com/Notifiarr/dockwatch/pull/135", "source_date": "2026-07-02T16:16:35.287", "first_seen": "2026-07-02T17:02:53.033598", "seen_at": "2026-07-02T17:02:53.033598"}, {"title": "CVE-2026-58295", "cve": "CVE-2026-58295", "summary": "A security flaw in Microsoft Edge browser allows attackers to bypass security protections over a network. This type confusion vulnerability could let unauthorized users circumvent browser security features when staff visit malicious websites. All organizations using Microsoft Edge for web browsing should update immediately.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge or via WSUS/Intune", "Enable automatic updates for Edge browser on all managed devices", "Remind staff to avoid clicking suspicious links or visiting untrusted websites", "Consider using browser isolation or web filtering for high-risk browsing"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas government offices, schools, clinics, and utilities for daily operations, but exploitation requires user interaction via network access rather than direct infrastructure compromise.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58295", "source_date": "2026-07-03T21:17:04.417", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-58453", "cve": "CVE-2026-58453", "summary": "JAIOTlink C492A-W6 Wi-Fi IP cameras have a serious security flaw where attackers on the same network can log in using default credentials (admin with no password). Once inside, they can view camera feeds, change network settings, and potentially take control of the device. These cameras may be used in facilities, schools, or utility sites for security monitoring.", "score": 62, "impact_score": 45, "sectors": ["Water and Wastewater Systems", "Government Facilities", "Healthcare and Public Health", "Energy", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Immediately change default admin credentials on all JAIOTlink cameras or disable HTTP access if password cannot be set", "Isolate cameras on a separate VLAN with no internet access and restrict to authorized management stations only", "Check with vendor for firmware updates that remove hard-coded credentials", "Consider replacing affected cameras with models that enforce strong authentication"], "origin": {"product": "C492A-W6 Wi-Fi IP Camera", "vendor": "JAIOTlink", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Hard-coded credentials in IP cameras pose moderate risk to Texas infrastructure; these devices are commonly deployed at small utilities, schools, and government facilities for physical security, and network-adjacent exploitation could enable surveillance or pivot attacks.", "patch_available": false, "reference_url": "https://github.com/rwprimitives/jaiotlink-c492a-wifi-camera/blob/main/writeups/02-default-http-credentials.md", "source_date": "2026-07-01T17:16:40.517", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M", "cve": "ICSA-26-181-01", "summary": "Mitsubishi Electric MELSOFT Update Manager software used for industrial automation has critical vulnerabilities that could let an attacker with local access tamper with data, crash the system, or run malicious code through specially crafted archive files. This software manages updates for programmable logic controllers and other industrial equipment commonly found in utilities and manufacturing facilities. Organizations using Mitsubishi Electric automation systems should verify if this update manager is installed and apply mitigations.", "score": 62, "impact_score": 45, "sectors": ["Critical Manufacturing", "Energy", "Water and Wastewater Systems"], "source": "CISA ICS Advisory", "remediation": ["Check if MELSOFT Update Manager versions 1.000A through 1.014Q are installed on engineering workstations and update to the latest patched version when available from Mitsubishi Electric.", "Restrict physical and network access to workstations running MELSOFT software to authorized personnel only.", "Do not open archive files from untrusted sources on systems with MELSOFT Update Manager installed.", "Monitor Mitsubishi Electric security advisories for official patches and apply promptly when released."], "origin": {"product": "MELSOFT Update Manager SW1DND-UDM-M", "vendor": "Mitsubishi Electric", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "High CVSS score (8.8) affecting industrial control system software used in Texas utilities and manufacturing, but requires local access which limits remote exploitation risk.", "patch_available": false, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-01", "source_date": "Tue, 30 Jun 26 12:00:00 +0000", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-11387", "cve": "CVE-2026-11387", "summary": "A critical WordPress plugin vulnerability allows attackers to take over any user account, including administrators, without authentication. The SMS Alert plugin used for WooCommerce stores fails to verify user identity before password resets. Sites using OTP verification for password resets with phone numbers configured are at risk of complete website takeover.", "score": 62, "impact_score": 45, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Immediately update SMS Alert plugin to version 3.9.6 or later if available", "Disable OTP verification for password resets until patched", "Review admin accounts for unauthorized email or password changes", "Implement web application firewall rules to block exploitation attempts"], "origin": {"product": "SMS Alert \u2013 SMS & OTP for WooCommerce", "vendor": "Developer Starter Pakistan", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "WordPress is widely used by small Texas municipalities and utilities for public-facing websites; unauthenticated admin takeover could enable defacement or phishing, but requires specific OTP configuration limiting widespread impact.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/sms-alert/tags/3.9.5/handler/forms/class-ultimatemember.php#L288", "source_date": "2026-07-01T08:16:20.587", "first_seen": "2026-07-01T09:34:34.619388", "seen_at": "2026-07-01T09:34:34.619388"}, {"title": "CVE-2026-41106", "cve": "CVE-2026-41106", "summary": "A security flaw in Microsoft 365 Copilot allows attackers to redirect users to malicious websites, potentially tricking them into revealing credentials or downloading malware. This affects organizations using Microsoft 365 with Copilot features enabled. Staff who click on manipulated links could unknowingly give attackers elevated access to systems.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Education", "Water and Wastewater Systems", "Energy"], "source": "NVD (Critical)", "remediation": ["Monitor Microsoft 365 admin center for security updates and apply any available patches immediately", "Train staff to verify URLs before clicking links, especially in emails or Copilot-generated content", "Enable multi-factor authentication on all Microsoft 365 accounts to limit damage from compromised credentials", "Review conditional access policies to restrict sign-ins from untrusted locations"], "origin": {"product": "M365 Copilot", "vendor": "Microsoft", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Microsoft 365 is widely used across Texas local governments, schools, clinics, and utilities, making this open redirect vulnerability a moderate-to-significant phishing and credential theft risk, though it requires user interaction.", "patch_available": false, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41106", "source_date": "2026-07-02T23:16:50.867", "first_seen": "2026-07-03T00:34:34.717858", "seen_at": "2026-07-03T00:34:34.717858"}, {"title": "CVE-2026-11541", "cve": "CVE-2026-11541", "summary": "IBM WebSphere Application Server has a vulnerability that allows attackers to smuggle malicious HTTP requests past security controls. This could let attackers bypass authentication, poison web caches, or hijack user sessions on affected systems. Organizations running WebSphere-based web applications or portals should apply patches promptly.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Financial Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Check if your organization runs IBM WebSphere Application Server versions 8.5, 9.0, or Liberty 17.0.0.3 through 26.0.0.6", "Apply the latest security patches from IBM Support page immediately", "Review web server and reverse proxy configurations to ensure proper HTTP request handling", "Monitor application logs for unusual HTTP request patterns that may indicate exploitation attempts"], "origin": {"product": "WebSphere Application Server", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "WebSphere is used in enterprise applications across Texas government portals, healthcare systems, and utility management platforms, but HTTP smuggling requires specific conditions and no active exploitation is currently confirmed.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277550", "source_date": "2026-06-30T22:16:46.317", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-13040", "cve": "CVE-2026-13040", "summary": "A vulnerability in the NEX-Forms WordPress plugin allows unauthenticated attackers to inject malicious scripts into web pages without any login required. When staff or visitors view affected pages, the malicious code runs in their browser, potentially stealing credentials or redirecting users. This affects WordPress sites using the NEX-Forms plugin version 9.2.2 and earlier.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (High)", "remediation": ["Update NEX-Forms plugin to version 9.2.3 or later immediately if available", "If no patch exists, deactivate and remove the NEX-Forms plugin until fixed", "Review website logs for suspicious form submissions containing script tags", "Implement a Web Application Firewall (WAF) to block XSS attack patterns"], "origin": {"product": "NEX-Forms \u2013 Ultimate Forms Plugin for WordPress", "vendor": "Starter Labs", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "WordPress is widely used by Texas local governments, school districts, and small utilities for public-facing websites, and unauthenticated exploitation increases risk, though impact is limited to web application compromise rather than operational systems.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/9.1.11/includes/classes/class.functions.php#L2461", "source_date": "2026-07-03T06:16:21.590", "first_seen": "2026-07-03T06:34:34.663202", "seen_at": "2026-07-03T06:34:34.663202"}, {"title": "CVE-2026-58451", "cve": "CVE-2026-58451", "summary": "A security flaw in Horde IMP webmail software allows attackers to read sensitive files from the server, including configuration files and passwords. Attackers need only trick an authenticated user into clicking a malicious link, or exploit an active login session, to steal data via email attachments. Organizations using Horde webmail for email access should update immediately.", "score": 62, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update Horde IMP to version 7.0.1 or later immediately", "Review server logs for unusual file access or email attachment activity", "Implement web application firewall rules to block path traversal sequences", "Train staff not to click suspicious links while logged into webmail"], "origin": {"product": "IMP", "vendor": "Horde", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Horde IMP webmail is used by some smaller Texas government offices, clinics, and utilities for web-based email; the vulnerability enables sensitive file theft and can be exploited via CSRF without direct authentication, posing moderate risk to Texas critical infrastructure.", "patch_available": true, "reference_url": "https://github.com/horde/imp/commit/fba972fab72ee6871e5d56e6390bee38593085de", "source_date": "2026-07-01T19:16:56.690", "first_seen": "2026-07-01T20:02:52.970072", "seen_at": "2026-07-01T20:02:52.970072"}, {"title": "CVE-2026-57991", "cve": "CVE-2026-57991", "summary": "A vulnerability in Microsoft Edge browser allows attackers to access sensitive files on your computer through malicious links. An unauthorized attacker could steal information from your system when you visit a compromised website. This affects any organization using Microsoft Edge as their web browser.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge", "Enable automatic updates for Microsoft Edge on all workstations", "Remind staff not to click suspicious links in emails or unfamiliar websites", "Consider using browser isolation or restricting Edge access on critical operational systems"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas government offices, schools, and utilities, but this information disclosure vulnerability requires user interaction and network access, limiting immediate critical infrastructure impact.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57991", "source_date": "2026-07-03T21:17:02.180", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-14618", "cve": "CVE-2026-14618", "summary": "A vulnerability in Open5GS software (used for 5G mobile network core infrastructure) allows remote attackers to crash the system and cause service outages. The flaw affects the AMF component which handles network functions, and a public exploit is already available. Organizations using Open5GS for private 5G networks should patch immediately.", "score": 62, "impact_score": 35, "sectors": ["Communications", "Emergency Services", "Energy", "Healthcare and Public Health"], "source": "NVD (Medium)", "remediation": ["Apply the vendor patch (commit fb5f67703de0213fb9c6e6ef3b48b6c1707e9503) immediately if running Open5GS 2.7.7 or earlier", "Review network logs for unusual traffic targeting AMF services", "Implement network segmentation to limit external access to 5G core components", "Contact your 5G network provider to confirm they have addressed this vulnerability"], "origin": {"product": "Open5GS AMF", "vendor": "Open5GS", "first_reported": "2026-07-04", "exploited_by": ["Public exploit available"]}, "score_reason": "This affects 5G core network software which could impact Communications infrastructure; while Open5GS is primarily used in research and smaller private 5G deployments rather than major carriers, the public exploit and potential impact on emergency services communications elevates concern.", "patch_available": true, "reference_url": "https://github.com/ferrancanellas/open5gs/commit/fb5f67703de0213fb9c6e6ef3b48b6c1707e9503", "source_date": "2026-07-04T07:16:24.503", "first_seen": "2026-07-05T09:34:34.661301", "seen_at": "2026-07-05T09:34:34.661301"}, {"title": "CVE-2026-34099", "cve": "CVE-2026-34099", "summary": "Guardian language-system software contains a critical SQL injection flaw that allows anyone on the internet to steal database contents without logging in. Attackers can extract sensitive information including usernames, passwords, and other data stored in the system. This vulnerability requires no special skills to exploit and could expose organizational data.", "score": 62, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately disable or restrict network access to job_info.php until patched", "Place a web application firewall (WAF) rule to block SQL injection patterns in the id parameter", "Contact the Guardian software vendor for an emergency patch or updated version", "Review database logs for signs of unauthorized access or data extraction"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated SQL injection vulnerability in web application software that may be used by small government and healthcare organizations in Texas, though deployment scope of Guardian language-system is unclear.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:32.820", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-58465", "cve": "CVE-2026-58465", "summary": "Eclipse Wakaama, software used in IoT and industrial control devices, has a vulnerability that lets attackers crash systems by exhausting memory through specially crafted network requests. This affects devices using the Lightweight M2M protocol common in smart meters, sensors, and industrial equipment. An attacker can remotely disable affected devices without needing any credentials.", "score": 62, "impact_score": 45, "sectors": ["Water and Wastewater Systems", "Energy", "Communications", "Critical Manufacturing"], "source": "NVD (High)", "remediation": ["Update Eclipse Wakaama to snapshot 2026-05-26 or later immediately on any devices using this library", "Isolate IoT and LwM2M devices on segmented networks not directly accessible from the internet", "Monitor for unusual UDP traffic spikes targeting CoAP ports (typically 5683)", "Contact device vendors to confirm if their products use Wakaama and request firmware updates"], "origin": {"product": "Wakaama LwM2M Library", "vendor": "Eclipse Foundation", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "This vulnerability affects IoT/industrial control software potentially deployed in Texas utilities for smart metering and remote monitoring, but exploitation requires direct network access to affected devices and impact is limited to denial of service.", "patch_available": true, "reference_url": "https://github.com/eclipse-wakaama/wakaama/commit/a83f1ca28fa090fbc03c3669fef40daf4f89cd03", "source_date": "2026-07-02T19:16:59.993", "first_seen": "2026-07-02T20:02:53.211356", "seen_at": "2026-07-02T20:02:53.211356"}, {"title": "CVE-2026-58287", "cve": "CVE-2026-58287", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer simply by visiting a compromised website. This affects any organization using Microsoft Edge for web browsing, which is common on Windows computers. Staff should update Edge immediately and avoid clicking unknown links until patched.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge", "Enable automatic updates for Edge browser on all workstations", "Remind staff not to click suspicious links or visit unknown websites until update is confirmed", "Consider temporarily using an alternative browser for critical operations if patch cannot be applied quickly"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas government offices, schools, and utilities, but this browser vulnerability requires user interaction and network access, limiting immediate critical infrastructure impact.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58287", "source_date": "2026-07-03T21:17:03.413", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-58286", "cve": "CVE-2026-58286", "summary": "Microsoft Edge browser has a security flaw that could allow attackers to impersonate legitimate websites or content over a network. This could trick employees into entering credentials or sensitive information on fake pages. All organizations using Edge as their web browser should update immediately.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version through Settings > About Microsoft Edge or via Windows Update", "Enable automatic updates for Edge browser on all workstations", "Train staff to verify website URLs and look for signs of spoofing before entering credentials", "Consider using browser isolation for sensitive financial or operational systems"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas government offices, schools, and utilities, but spoofing attacks require user interaction and no active exploitation is currently confirmed.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58286", "source_date": "2026-07-03T21:17:03.293", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-57984", "cve": "CVE-2026-57984", "summary": "A security flaw in Microsoft Edge browser allows attackers to run malicious code on your computer simply by visiting a compromised website. This affects any organization using Edge for web browsing, which is common on Windows computers. Staff should update Edge immediately and avoid clicking suspicious links until patched.", "score": 62, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately via Settings > About Microsoft Edge", "Enable automatic updates for Edge to receive security patches promptly", "Remind staff not to click unknown links or visit untrusted websites until update is confirmed", "Consider using browser isolation or web filtering for sensitive systems"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations for daily operations, and network-based code execution poses significant risk, though browser auto-updates typically mitigate exposure quickly.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57984", "source_date": "2026-07-03T21:17:01.550", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-50195", "cve": "CVE-2026-50195", "summary": "A vulnerability in containerd, a widely-used container runtime, allows attackers with pod creation permissions to poison the local image cache with malicious container images. Other pods on the same node may then unknowingly run the attacker's code instead of legitimate software. This affects containerized infrastructure and could lead to unauthorized code execution.", "score": 62, "impact_score": 55, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update containerd immediately to version 2.3.2, 2.2.5, or 2.1.9 depending on your version branch", "Review and restrict pod creation permissions to trusted users only", "Audit existing container images on affected nodes for unexpected or unauthorized tags", "Consider using Always pull policy for critical workloads to reduce cache poisoning risk"], "origin": {"product": "containerd", "vendor": "containerd", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Container infrastructure is increasingly used in Texas utilities and government systems, but exploitation requires existing pod creation permissions, limiting immediate risk to organizations running Kubernetes/container environments.", "patch_available": true, "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574", "source_date": "2026-07-01T19:16:53.333", "first_seen": "2026-07-02T20:02:53.211356", "seen_at": "2026-07-02T20:02:53.211356"}, {"title": "CVE-2024-14037", "cve": "CVE-2024-14037", "summary": "Redsea Cloud eHR, a human resources/employee health records system, has a critical flaw allowing attackers to upload malicious files without logging in and take complete control of the server. This vulnerability is actively being exploited in the wild since November 2024. Organizations using this HR/health records software should take immediate action to protect employee and patient data.", "score": 62, "impact_score": 45, "sectors": ["Healthcare and Public Health", "Government Facilities"], "source": "NVD (Critical)", "remediation": ["Immediately check if Redsea Cloud eHR is deployed in your organization and isolate the system from the internet if present", "Block external access to the PtFjk.mob servlet endpoint and uploadfile directory at your firewall or web application firewall", "Contact the vendor for a patched version or mitigation guidance", "Review server logs for suspicious JSP file uploads and unauthorized access attempts since November 2024"], "origin": {"product": "Cloud eHR", "vendor": "Redsea", "first_reported": "2024-11-03", "exploited_by": ["Unknown threat actors observed by Shadowserver Foundation"]}, "score_reason": "Active exploitation of a healthcare HR system poses significant risk to Texas clinics and government HR departments, though Redsea Cloud eHR has limited deployment in rural Texas communities compared to major US vendors.", "patch_available": false, "reference_url": "https://cn-sec.com/archives/2734791.html", "source_date": "2026-07-02T17:16:57.360", "first_seen": "2026-07-02T18:34:34.582522", "seen_at": "2026-07-02T18:34:34.582522"}, {"title": "CVE-2026-7663", "cve": "CVE-2026-7663", "summary": "IBM Langflow OSS versions 1.0.0 through 1.9.6 has a critical security flaw that allows attackers without credentials to access protected project resources and run unauthorized operations. This affects organizations using this AI workflow tool for automation projects. Attackers can bypass security controls to access sensitive data and execute commands without logging in.", "score": 62, "impact_score": 45, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (Critical)", "remediation": ["Immediately upgrade IBM Langflow OSS to version 1.9.7 or later from official IBM sources", "If upgrade is not immediately possible, disable or restrict network access to the Streamable MCP transport endpoint", "Review logs for unauthorized access attempts to MCP project resources", "Implement network segmentation to isolate AI workflow tools from critical operational systems"], "origin": {"product": "Langflow OSS", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this is a critical unauthenticated access vulnerability, IBM Langflow is a specialized AI development tool with limited deployment in small Texas municipalities and rural infrastructure, reducing widespread impact.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277570", "source_date": "2026-06-30T20:17:31.280", "first_seen": "2026-07-02T18:34:34.582522", "seen_at": "2026-07-02T18:34:34.582522"}, {"title": "CVE-2026-58015", "cve": "CVE-2026-58015", "summary": "A security flaw in GLib's D-Bus authentication allows a malicious server to trick client systems into reading arbitrary files and leaking sensitive data through path traversal. GLib is a core library used in many Linux systems including those running SCADA, utility management software, and government workstations. Exploitation requires connecting to a malicious D-Bus server, which could occur through compromised network services.", "score": 62, "impact_score": 55, "sectors": ["Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Communications"], "source": "NVD (High)", "remediation": ["Apply vendor patches from your Linux distribution (Red Hat, Ubuntu, etc.) when available", "Restrict D-Bus connections to trusted local services only", "Monitor systems for unusual file access patterns or unauthorized D-Bus connections", "Review network segmentation to limit exposure of operational technology systems"], "origin": {"product": "GLib", "vendor": "GNOME", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "GLib is widely deployed on Linux systems used in Texas utilities and government facilities, but exploitation requires specific conditions involving malicious D-Bus server connections, reducing immediate risk.", "patch_available": true, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-58015", "source_date": "2026-06-30T13:19:17.707", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "XZ Utils vulnerability impacting B&R Products", "cve": "ICSA-26-181-05", "summary": "A vulnerability in XZ Utils software affects B&R Industrial Automation products including various panel PCs and terminals (PPC3100, C50, C80, FT50, MT50, T30, T50, T80). An attacker could exploit this flaw to crash the system or corrupt memory data, potentially disrupting industrial control operations. Updates are available from B&R to fix this issue.", "score": 62, "impact_score": 45, "sectors": ["Critical Manufacturing", "Energy", "Water and Wastewater Systems"], "source": "CISA ICS Advisory", "remediation": ["Update affected B&R products to the fixed firmware versions (PPC3100/FT50/MT50/T50 to v1.8.1+, C50/C80/T30/T80 to v1.8.0+)", "Isolate industrial control systems on separate network segments from business networks", "Restrict remote access to B&R devices using firewalls and VPNs", "Monitor affected systems for unexpected crashes or memory errors until patches are applied"], "origin": {"product": "PPC3100, C50, C80, FT50, MT50, T30, T80, T50", "vendor": "B&R Industrial Automation GmbH", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "B&R industrial automation products are used in manufacturing and utility SCADA systems; while the CVSS 7.5 score indicates significant risk, no active exploitation is reported and deployment in small Texas utilities is limited.", "patch_available": true, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-05", "source_date": "Tue, 30 Jun 26 12:00:00 +0000", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-11546", "cve": "CVE-2026-11546", "summary": "IBM WebSphere Application Server Liberty has a server-side request forgery (SSRF) vulnerability when the adminCenter feature is enabled. This could allow attackers to make the server send requests to internal systems, potentially accessing sensitive data or internal services. Organizations using IBM WebSphere Liberty for web applications or backend services should patch immediately.", "score": 62, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (High)", "remediation": ["Update IBM WebSphere Application Server Liberty to version 26.0.0.8 or later immediately", "If patching is delayed, disable the adminCenter-1.0 feature until the update can be applied", "Review server logs for unusual outbound requests that may indicate exploitation attempts", "Restrict network access to administrative interfaces using firewall rules"], "origin": {"product": "WebSphere Application Server Liberty", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "IBM WebSphere is used by some Texas government agencies, healthcare systems, and utilities for enterprise applications, but the vulnerability requires the adminCenter feature to be enabled, limiting exposure.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278572", "source_date": "2026-06-30T20:17:27.507", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-44040", "cve": "CVE-2026-44040", "summary": "UltraVNC software versions through 1.8.2.2 have a weakness in how it generates security challenges for remote access authentication. An attacker who can watch network traffic could potentially predict these challenges and gain unauthorized access to systems using UltraVNC for remote desktop connections. This affects organizations using UltraVNC for IT support or remote system management.", "score": 62, "impact_score": 55, "sectors": ["Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Inventory all systems running UltraVNC and identify versions 1.8.2.2 or older", "Monitor UltraVNC project for security updates and upgrade when patches become available", "Restrict VNC access to internal networks only using firewalls and VPNs rather than exposing to internet", "Consider migrating to alternative remote access solutions with stronger authentication such as encrypted VPN with multi-factor authentication"], "origin": {"product": "UltraVNC", "vendor": "UltraVNC", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "UltraVNC is commonly used for remote support in smaller organizations including utilities and local governments; while exploitation requires network observation capability, successful attack could provide unauthorized access to critical control systems.", "patch_available": false, "reference_url": "https://github.com/ultravnc/UltraVNC", "source_date": "2026-07-01T05:16:20.897", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability", "cve": "CVE-2026-54420", "summary": "A vulnerability in the LiteSpeed cPanel Plugin allows attackers with FTP or web shell access on shared hosting servers to exploit symbolic links and potentially access files belonging to other users on the same server. This affects organizations using shared web hosting with LiteSpeed and cPanel. The vulnerability is being actively exploited and requires immediate attention from any organization using affected hosting environments.", "score": 58, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Information Technology"], "source": "CISA KEV", "remediation": ["Contact your web hosting provider immediately to confirm whether they use LiteSpeed cPanel Plugin and if patches have been applied", "Review your hosted websites for any signs of unauthorized file access or data breach", "If you manage your own cPanel server, apply vendor mitigations or patches as soon as available", "Consider migrating critical web applications to dedicated hosting environments if using shared hosting"], "origin": {"product": "cPanel Plugin", "vendor": "LiteSpeed", "first_reported": "2026-06-15", "exploited_by": []}, "score_reason": "While actively exploited, this vulnerability requires existing FTP or shell access and primarily affects shared hosting environments, which limits impact to Texas critical infrastructure that may use third-party hosting for public websites rather than core operational systems.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-15", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-11592", "cve": "CVE-2026-11592", "summary": "A popular WordPress email newsletter plugin has a security flaw allowing users with basic contributor access to hijack email settings, create mailing lists, and send mass emails to anyone. Attackers could use this to send phishing emails that appear to come from your organization, potentially damaging your reputation and targeting your community members.", "score": 58, "impact_score": 52, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update Email Subscribers & Newsletters plugin to version 5.9.28 or later immediately", "Audit all WordPress user accounts and remove unnecessary contributor-level access", "Review recent email campaign logs and mailing list changes for unauthorized activity", "Consider implementing two-factor authentication for all WordPress administrative accounts"], "origin": {"product": "Email Subscribers & Newsletters Plugin for WordPress", "vendor": "Icegram", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "WordPress is widely used by small Texas government websites, clinics, and utilities for public communications; this plugin flaw enables email spoofing and spam campaigns but requires authenticated access, limiting immediate mass exploitation.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.9.21/lite/admin/class-email-subscribers-admin.php#L216", "source_date": "2026-07-02T06:16:13.013", "first_seen": "2026-07-02T06:34:34.623151", "seen_at": "2026-07-02T06:34:34.623151"}, {"title": "CVE-2026-13984", "cve": "CVE-2026-13984", "summary": "A security flaw in Google Chrome's tab interface allows attackers to create fake or misleading browser displays through malicious web pages. This could trick users into thinking they are on legitimate websites when they are not, potentially leading to credential theft or other scams. All organizations using Chrome browsers should update immediately.", "score": 58, "impact_score": 65, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all workstations immediately", "Enable automatic Chrome updates through group policy or device management", "Train staff to verify website URLs carefully before entering credentials", "Consider using browser security extensions that warn about suspicious sites"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is universally deployed across Texas public sector organizations, and UI spoofing can facilitate phishing attacks against staff at utilities, clinics, and local governments, though this requires user interaction and has medium severity.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:11.707", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "CVE-2026-14381", "cve": "CVE-2026-14381", "summary": "A security flaw in Google Chrome's web app installation feature allows attackers to create fake or misleading browser interface elements through malicious websites. This could trick users into clicking dangerous links or providing sensitive information by making fraudulent prompts appear legitimate. Staff using Chrome versions older than 150.0.7871.46 are at risk when visiting compromised websites.", "score": 52, "impact_score": 58, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome to version 150.0.7871.46 or later on all workstations immediately", "Enable automatic Chrome updates through group policy or device management", "Train staff to verify browser prompts carefully and report suspicious web app installation requests", "Consider blocking web app installations from untrusted sources via Chrome enterprise policies"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-01", "exploited_by": []}, "score_reason": "Chrome is widely deployed across all Texas public sector organizations, but UI spoofing requires user interaction and has medium severity with no confirmed active exploitation.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-07-01T23:16:46.153", "first_seen": "2026-07-02T23:02:53.198472", "seen_at": "2026-07-02T23:02:53.198472"}, {"title": "CVE-2026-14327", "cve": "CVE-2026-14327", "summary": "The AR for WordPress plugin has a security flaw that allows attackers without login credentials to read sensitive files from your website server. This affects all versions through 8.40 and is especially easy to exploit on free or unlicensed installations. Attackers could access configuration files containing passwords, database credentials, or other sensitive organizational data.", "score": 52, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "NVD (High)", "remediation": ["Update the AR for WordPress plugin to version 8.41 or later immediately if available", "If no patch exists, deactivate and remove the AR for WordPress plugin until fixed", "Review server access logs for suspicious requests to ar_get_fresh_nonce or ar_process_user_image endpoints", "Ensure WordPress admin credentials and database passwords are changed if compromise is suspected"], "origin": {"product": "AR for WordPress plugin", "vendor": "AR for WordPress", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "WordPress is widely used by Texas local governments, schools, and small utilities for public websites, but this plugin has limited deployment and requires specific conditions for exploitation; no confirmed active exploitation yet.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/ar-for-wordpress/tags/8.40/ar-wordpress.php#L118", "source_date": "2026-07-03T02:16:23.470", "first_seen": "2026-07-03T03:34:34.672127", "seen_at": "2026-07-03T03:34:34.672127"}, {"title": "CVE-2026-5136", "cve": "CVE-2026-5136", "summary": "A security flaw in Foreman infrastructure management software allows any authenticated user with basic usergroup permissions to grant themselves full administrator access. This privilege escalation vulnerability could let an insider or compromised account take complete control of systems managed by Foreman. Organizations using Foreman for server or infrastructure management should prioritize patching.", "score": 52, "impact_score": 45, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health", "Energy", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Check if your organization uses Foreman for infrastructure management and identify affected versions", "Apply vendor patches from Red Hat or Foreman project as soon as available", "Audit usergroup role assignments and remove unnecessary usergroup management permissions", "Monitor administrative account creation and privilege changes for suspicious activity"], "origin": {"product": "Foreman", "vendor": "The Foreman Project", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Foreman is used in data center and infrastructure management but has limited deployment in small Texas municipalities; the privilege escalation is serious but requires authenticated access, reducing immediate risk to rural organizations.", "patch_available": true, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-5136", "source_date": "2026-07-01T14:16:47.277", "first_seen": "2026-07-01T15:34:34.687056", "seen_at": "2026-07-01T15:34:34.687056"}, {"title": "CVE-2026-26145", "cve": "CVE-2026-26145", "summary": "A security flaw in Microsoft Azure Synapse Analytics allows authorized users to gain higher-level privileges than they should have over the network. This could let an attacker with some access escalate to administrative control of cloud data analytics systems. Organizations using Azure Synapse for data warehousing or analytics should apply updates promptly.", "score": 52, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Review Azure Synapse deployments and apply Microsoft security updates immediately", "Audit user permissions in Azure Synapse to enforce least-privilege access", "Enable Azure AD Conditional Access policies to restrict network access to Synapse resources", "Monitor Azure activity logs for unusual privilege escalation attempts"], "origin": {"product": "Azure Synapse Analytics", "vendor": "Microsoft", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Medium severity cloud vulnerability requiring prior authentication reduces immediate risk, but Azure services are used by Texas government agencies and utilities for data analytics, warranting moderate concern.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26145", "source_date": "2026-07-02T23:16:49.813", "first_seen": "2026-07-03T00:34:34.717858", "seen_at": "2026-07-03T00:34:34.717858"}, {"title": "CVE-2026-13989", "cve": "CVE-2026-13989", "summary": "A flaw in Google Chrome's PageInfo feature allows attackers who have already compromised your browser to display fake security indicators or misleading pop-ups, potentially tricking users into revealing sensitive information or trusting malicious websites. This requires an attacker to first compromise Chrome through another vulnerability. Update Chrome browsers on all workstations to version 150.0.7871.47 or later.", "score": 52, "impact_score": 55, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all devices immediately", "Enable automatic Chrome updates through group policy or device management", "Train staff to verify website authenticity through multiple indicators, not just browser UI elements", "Consider implementing browser isolation for high-risk users accessing sensitive systems"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is widely deployed across all Texas sectors including lifeline infrastructure; however, this medium-severity UI spoofing flaw requires prior renderer compromise, limiting immediate exploitation risk.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:12.133", "first_seen": "2026-07-01T20:02:52.970072", "seen_at": "2026-07-01T20:02:52.970072"}, {"title": "CVE-2026-9148", "cve": "CVE-2026-9148", "summary": "The wpDiscuz comments plugin for WordPress has a security flaw that lets attackers inject malicious code through the website field when leaving comments. This affects WordPress sites using wpDiscuz version 7.6.56 or older. When visitors view pages with infected comments, the malicious code runs in their browser, potentially stealing login credentials or spreading malware.", "score": 52, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (High)", "remediation": ["Update wpDiscuz plugin to version 7.6.57 or later immediately through WordPress admin dashboard", "Review and delete any suspicious comments containing unusual URLs or script-like content", "Consider temporarily disabling guest commenting or the website URL field until patched", "Install a web application firewall plugin to help block malicious input attempts"], "origin": {"product": "Comments - wpDiscuz", "vendor": "gVectors Team", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "WordPress is widely used by Texas local governments, school districts, and small utilities for public websites, and this unauthenticated attack requires no special access, but impact is limited to web defacement and credential theft rather than operational systems.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/wpdiscuz/tags/7.6.48/forms/wpdFormAttr/Field/DefaultField/Website.php#L119", "source_date": "2026-07-03T08:16:25.367", "first_seen": "2026-07-03T09:34:34.510709", "seen_at": "2026-07-03T09:34:34.510709"}, {"title": "CVE-2026-58283", "cve": "CVE-2026-58283", "summary": "A security flaw in Microsoft Edge browser allows attackers to trick users through spoofing attacks over a network. This could let attackers display fake content or misleading information to users browsing the web. Staff using Edge for daily work or accessing sensitive systems could be targeted.", "score": 52, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version through Windows Update or Edge's built-in updater", "Enable automatic updates for Edge browser on all workstations", "Train staff to verify website authenticity before entering credentials", "Consider using browser security policies to block suspicious sites"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely used across Texas public sector organizations, but spoofing attacks require user interaction and no active exploitation is currently confirmed.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58283", "source_date": "2026-07-03T21:17:02.943", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-47262", "cve": "CVE-2026-47262", "summary": "A vulnerability in containerd (container runtime software) allows malicious container images to crash the system by exhausting memory. This could take down container services used by IT systems, potentially affecting any organization using Docker or Kubernetes for managing applications. The issue requires pulling and running a maliciously crafted container image.", "score": 52, "impact_score": 45, "sectors": ["Information Technology", "Communications", "Healthcare and Public Health", "Government Facilities", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update containerd immediately to patched versions: 1.7.33, 2.0.10, 2.1.9, 2.2.5, or 2.3.2", "Review container image sources and only pull images from trusted registries", "Implement container image scanning to detect malicious content before deployment", "Monitor systems for unusual memory consumption in container runtime processes"], "origin": {"product": "containerd", "vendor": "containerd", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Medium severity DoS vulnerability in container runtime software; while containerd is widely used in cloud and IT infrastructure, exploitation requires running malicious images and primarily affects organizations with containerized deployments, which is less common in small rural Texas organizations.", "patch_available": true, "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq", "source_date": "2026-07-01T19:16:52.097", "first_seen": "2026-07-02T21:34:34.775050", "seen_at": "2026-07-02T21:34:34.775050"}, {"title": "CVE-2026-56646", "cve": "CVE-2026-56646", "summary": "A vulnerability in Microsoft Edge browser allows attackers to trick users by spoofing content over a network, potentially leading to phishing or credential theft. This affects any organization using Microsoft Edge as their web browser. Users could be deceived into providing sensitive information to malicious actors.", "score": 52, "impact_score": 55, "sectors": ["Communications", "Emergency Services", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge to the latest version through Windows Update or Edge settings", "Enable automatic updates for Microsoft Edge across all managed devices", "Train staff to verify website authenticity before entering credentials", "Consider using browser security policies via Group Policy to restrict navigation to untrusted sites"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations, but this medium-severity spoofing vulnerability requires network access and user interaction, reducing immediate critical infrastructure risk.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56646", "source_date": "2026-07-03T21:17:00.783", "first_seen": "2026-07-05T06:34:34.571906", "seen_at": "2026-07-05T06:34:34.571906"}, {"title": "CVE-2026-58467", "cve": "CVE-2026-58467", "summary": "Cockpit CMS (a web-based content management system) has a serious security flaw that lets attackers without any login credentials read sensitive files or run malicious code on the server. This could expose configuration files, passwords, or allow complete system takeover. Organizations using Cockpit CMS for their websites should update immediately.", "score": 52, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Cockpit CMS to version 364 or later immediately", "If unable to update, take the Cockpit CMS application offline until patched", "Review server logs for suspicious URL patterns containing '../' sequences that may indicate exploitation attempts", "Avoid running Cockpit CMS with PHP built-in server in production environments"], "origin": {"product": "Cockpit CMS", "vendor": "Cockpit CMS", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "While this is a serious vulnerability allowing unauthenticated access, Cockpit CMS is a niche content management system not widely deployed in Texas critical infrastructure; impact is limited to organizations specifically using this software for web applications.", "patch_available": true, "reference_url": "https://github.com/cockpit-project/cockpit/releases/tag/364", "source_date": "2026-07-02T20:17:06.733", "first_seen": "2026-07-02T21:34:34.775050", "seen_at": "2026-07-02T21:34:34.775050"}, {"title": "CVE-2026-7311", "cve": "CVE-2026-7311", "summary": "A security flaw in the TinyPNG image compression plugin for WordPress allows attackers with author-level access to delete critical server files, potentially leading to complete website takeover. This affects WordPress sites using the TinyPNG plugin version 3.6.13 and earlier. Attackers could delete configuration files to gain full control of the website.", "score": 52, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (High)", "remediation": ["Update the TinyPNG WordPress plugin to version 3.6.14 or later immediately", "Audit WordPress user accounts and remove unnecessary author-level access", "Review recent file deletions and restore wp-config.php from backup if compromised", "Consider implementing WordPress security plugins that monitor file integrity"], "origin": {"product": "TinyPNG \u2013 JPEG, PNG & WebP image compression WordPress Plugin", "vendor": "TinyPNG", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "WordPress is widely used by Texas municipal websites, school districts, and small utilities for public communication, but exploitation requires authenticated author-level access which limits attack surface.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/tiny-compress-images/tags/3.6.13/src/class-tiny-image-size.php#L245", "source_date": "2026-07-02T19:17:00.127", "first_seen": "2026-07-02T20:02:53.211356", "seen_at": "2026-07-02T20:02:53.211356"}, {"title": "CVE-2026-48286", "cve": "CVE-2026-48286", "summary": "Adobe Campaign Classic, used for marketing and communications by some government and healthcare organizations, has a critical flaw allowing attackers to run malicious code without any user interaction. This vulnerability affects versions 7.4.3 build 9396 and earlier. Organizations using this email marketing platform should patch immediately.", "score": 52, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Communications"], "source": "NVD (Critical)", "remediation": ["Update Adobe Campaign Classic to the latest patched version immediately per Adobe Security Bulletin APSB26-69", "Verify your current ACC version and build number to confirm if affected", "Restrict network access to Campaign Classic servers to authorized users only", "Monitor ACC server logs for unusual activity or unauthorized access attempts"], "origin": {"product": "Campaign Classic", "vendor": "Adobe", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this is a critical vulnerability with arbitrary code execution, Adobe Campaign Classic has limited deployment in small and rural Texas organizations, though some county governments and health districts may use it for public outreach.", "patch_available": true, "reference_url": "https://helpx.adobe.com/security/products/campaign/apsb26-69.html", "source_date": "2026-06-30T16:16:54.870", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-5137", "cve": "CVE-2026-5137", "summary": "The RTMKit (RomeTheme for Elementor) WordPress plugin has a security flaw that allows attackers with contributor-level access to include and run malicious files on your website server. This could let hackers take control of websites built with WordPress and this popular page-builder plugin. Organizations using WordPress with this plugin should update immediately.", "score": 52, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update RTMKit (rometheme-for-elementor) plugin to version 2.0.8 or higher immediately", "Audit WordPress user accounts and remove or demote unnecessary contributor-level access", "Review server logs for suspicious AJAX requests to render_templates endpoint", "Consider using a web application firewall to block malicious file inclusion attempts"], "origin": {"product": "RTMKit (rometheme-for-elementor)", "vendor": "RomeTheme", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "WordPress is widely used by small Texas municipalities, school districts, and local utilities for public-facing websites, but exploitation requires authenticated contributor access which limits attack surface.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/rometheme-for-elementor/tags/2.0.3/Inc/Modules/Templatekits/TemplatekitAPI.php#L39", "source_date": "2026-07-03T10:16:33.113", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-14352", "cve": "CVE-2026-14352", "summary": "A WordPress plugin called AR for WooCommerce has a serious security flaw that lets attackers read any file on your web server without logging in. This could expose sensitive configuration files, passwords, and private data. Organizations running WordPress sites with this plugin should update or remove it immediately.", "score": 52, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update AR for WooCommerce plugin to version 8.41 or higher immediately if available", "If no patch exists, deactivate and delete the AR for WooCommerce plugin from your WordPress site", "Review server logs for suspicious requests to AJAX handlers containing ar_get_fresh_nonce or ar_process_user_image", "Change any passwords or API keys stored in configuration files that may have been exposed"], "origin": {"product": "AR for WooCommerce", "vendor": "Starter Labs", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "WordPress is widely used by small Texas government, utility, and healthcare organizations for public websites, and this unauthenticated file disclosure vulnerability could expose sensitive credentials, but it requires this specific plugin to be installed.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/ar-for-woocommerce/tags/8.40/ar-woocommerce.php#L143", "source_date": "2026-07-03T06:16:21.787", "first_seen": "2026-07-03T06:34:34.663202", "seen_at": "2026-07-03T06:34:34.663202"}, {"title": "CVE-2025-71385", "cve": "CVE-2025-71385", "summary": "Netdata monitoring software before version 2.3.1 has a security flaw that allows attackers to inject malicious scripts into web pages viewed by users. If someone clicks a specially crafted link to your Netdata dashboard, an attacker could steal login credentials or perform actions as that user. This affects the default installation since the vulnerable feature requires no authentication.", "score": 52, "impact_score": 40, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update Netdata to version 2.3.1 or later immediately", "Ensure Netdata dashboards are not exposed to the public internet - restrict access to internal networks only", "Enable authentication on Netdata instances if not already configured", "Review web server logs for suspicious requests to /api/v2/ilove.svg or /api/v3/ilove.svg endpoints"], "origin": {"product": "Netdata", "vendor": "Netdata", "first_reported": "2025-07-02", "exploited_by": []}, "score_reason": "Netdata is used for IT monitoring in various organizations including utilities and government; the XSS vulnerability requires user interaction and is medium severity, but default anonymous access increases risk for exposed systems.", "patch_available": true, "reference_url": "https://github.com/netdata/netdata/commit/f82554fe9b21b5ae51a8663a3f4ddce84cac16af", "source_date": "2026-07-02T20:17:00.420", "first_seen": "2026-07-03T00:34:34.717858", "seen_at": "2026-07-03T00:34:34.717858"}, {"title": "CVE-2026-58282", "cve": "CVE-2026-58282", "summary": "A security flaw in Microsoft Edge browser allows attackers to perform spoofing attacks over a network, potentially tricking users into visiting malicious websites or revealing sensitive information. This affects organizations using Edge as their default web browser. Users may encounter fake login pages or fraudulent content that appears legitimate.", "score": 52, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version through automatic updates or manual download from Microsoft", "Train staff to verify website URLs before entering credentials, especially after clicking links in emails", "Enable Microsoft Defender SmartScreen to help detect spoofing attempts", "Consider implementing web filtering to block known malicious domains"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely deployed across Texas public sector organizations, but spoofing requires user interaction and no active exploitation is currently confirmed, reducing immediate threat severity.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58282", "source_date": "2026-07-03T21:17:02.820", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-34113", "cve": "CVE-2026-34113", "summary": "Guardian language-system software has a critical flaw that lets attackers run any command on the server without logging in. The vulnerability is in a speech text feature that doesn't properly check user input before executing system commands. If exploited, attackers could take complete control of affected servers.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately disable or block access to speech_text.php if the feature is not essential", "Place the Guardian system behind a firewall that restricts access to trusted IP addresses only", "Contact the vendor for an emergency patch or updated version", "Monitor server logs for suspicious commands or unauthorized access attempts"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical severity remote code execution without authentication, but Guardian language-system has limited known deployment in Texas critical infrastructure sectors.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:34.650", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-58278", "cve": "CVE-2026-58278", "summary": "A security flaw in Microsoft Edge browser allows attackers to trick the browser into making unauthorized requests to internal network resources, potentially exposing sensitive systems. This could let attackers access internal services that should not be reachable from the internet. Staff using Edge for daily work could unknowingly trigger these attacks by visiting malicious websites.", "score": 45, "impact_score": 55, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge to the latest version through Windows Update or Edge settings immediately", "Enable automatic browser updates to ensure future patches are applied promptly", "Remind staff not to click suspicious links in emails or visit untrusted websites", "Consider using network segmentation to limit what internal resources browsers can access"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity SSRF in a widely-used browser affects many Texas organizations, but requires user interaction and has no confirmed active exploitation yet.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58278", "source_date": "2026-07-03T21:17:02.707", "first_seen": "2026-07-05T06:34:34.571906", "seen_at": "2026-07-05T06:34:34.571906"}, {"title": "CVE-2026-58014", "cve": "CVE-2026-58014", "summary": "A security flaw exists in GLib, a widely-used software library on Linux systems, that could cause applications to crash or malfunction when processing certain configuration files. This affects systems running Linux-based servers, workstations, and embedded devices. While primarily a denial of service risk, it could disrupt operations if exploited on critical systems.", "score": 45, "impact_score": 35, "sectors": ["Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Communications", "Information Technology"], "source": "NVD (High)", "remediation": ["Monitor your Linux distribution vendor (Red Hat, Ubuntu, etc.) for GLib security updates and apply when available", "Prioritize patching on internet-facing servers and critical operational systems", "Restrict access to configuration files on sensitive systems to trusted administrators only", "Consider temporary workarounds by validating key files before loading if custom applications are affected"], "origin": {"product": "GLib", "vendor": "GNOME", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "GLib is common in Linux environments used by utilities and government systems, but this requires local file access and has limited impact (denial of service), with no confirmed active exploitation.", "patch_available": false, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-58014", "source_date": "2026-06-30T13:19:17.580", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-14659", "cve": "CVE-2026-14659", "summary": "A SQL injection vulnerability exists in itsourcecode Hospital Management System 1.0 that allows remote attackers to manipulate database queries through the patient appointment page. This could let attackers access, modify, or delete sensitive patient records and medical information. Small clinics or healthcare facilities using this open-source system should take immediate action.", "score": 45, "impact_score": 30, "sectors": ["Healthcare and Public Health"], "source": "NVD (Medium)", "remediation": ["Immediately restrict access to /patientappointment.php or take the system offline if possible", "Check for signs of unauthorized database access or data exfiltration in logs", "Contact the software vendor or developer for a patched version", "Consider migrating to a more secure, actively maintained healthcare management system"], "origin": {"product": "Hospital Management System", "vendor": "itsourcecode", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "This affects a niche open-source hospital management system that may be used by small rural clinics in Texas, with public exploit code available, but it is not a lifeline sector and deployment is likely limited.", "patch_available": false, "reference_url": "https://github.com/ltranquility/vuln_submit/issues/21", "source_date": "2026-07-04T23:16:55.280", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-58016", "cve": "CVE-2026-58016", "summary": "A security flaw in GLib, a core software library used in many Linux systems, could allow attackers to crash applications by sending specially crafted malformed data. This affects systems running Linux-based servers, workstations, or embedded devices that use GLib for inter-process communication. The vulnerability causes a denial of service but does not allow attackers to take control of systems.", "score": 45, "impact_score": 40, "sectors": ["Communications", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Check with your Linux distribution vendor (Red Hat, Ubuntu, etc.) for patched GLib packages and apply updates when available", "Limit network exposure of systems running D-Bus services to trusted networks only", "Monitor system logs for unexpected application crashes that could indicate exploitation attempts", "Contact your IT vendor or managed service provider to verify your systems are updated"], "origin": {"product": "GLib", "vendor": "GNOME", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "GLib is widely deployed in Linux environments across Texas infrastructure, but this denial-of-service vulnerability requires specific conditions to exploit and has no confirmed active exploitation.", "patch_available": true, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-58016", "source_date": "2026-06-30T13:19:17.840", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-58524", "cve": "CVE-2026-58524", "summary": "A cross-site scripting vulnerability in Microsoft Edge browser could allow attackers to spoof content or steal information when users visit malicious websites. This affects the Chromium-based version of Edge that is commonly used on Windows computers in offices and public facilities. Staff who use Edge for daily work or accessing web applications could be tricked by fake content.", "score": 45, "impact_score": 50, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge to the latest version through Windows Update or Edge settings menu", "Enable automatic browser updates to ensure timely patching", "Train staff to avoid clicking suspicious links in emails or unfamiliar websites", "Consider using browser security policies to restrict access to untrusted sites"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium-severity browser vulnerability affecting commonly deployed Microsoft Edge; requires user interaction and no confirmed active exploitation, but widespread use across Texas public sector offices increases exposure.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58524", "source_date": "2026-07-03T21:17:06.000", "first_seen": "2026-07-05T09:34:34.661301", "seen_at": "2026-07-05T09:34:34.661301"}, {"title": "CVE-2026-10134", "cve": "CVE-2026-10134", "summary": "IBM Langflow OSS versions 1.0.0 through 1.9.3 have a critical vulnerability that allows attackers to steal secrets, read and modify all data in the system, access internal services, and maintain persistent access by injecting malicious code. This AI workflow tool, if used by your organization for automation projects, could give attackers complete control over sensitive operations and data.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately upgrade IBM Langflow OSS to version 1.9.4 or later from IBM's official download site", "Audit all flows, secrets, and user accounts in Langflow for unauthorized modifications", "Restrict network access to Langflow instances using firewalls to prevent external connections", "Review logs for suspicious API calls to /api/v1/build/ endpoints that may indicate exploitation"], "origin": {"product": "Langflow OSS", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this is a critical vulnerability allowing full system compromise, IBM Langflow OSS is a specialized AI development tool with limited deployment in small Texas municipalities and rural utilities, reducing widespread impact.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277559", "source_date": "2026-06-30T20:17:26.883", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-12557", "cve": "CVE-2026-12557", "summary": "The Ninja Forms File Uploads plugin for WordPress has a security flaw allowing anyone on the internet to read or delete debug log entries without logging in. This affects websites using this popular WordPress form plugin, potentially exposing sensitive information stored in logs. Organizations using WordPress with Ninja Forms should update immediately.", "score": 45, "impact_score": 40, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update Ninja Forms File Uploads plugin to version 3.3.30 or later immediately", "Review wp_nf3_log table for any sensitive information that may have been exposed", "Disable or restrict access to WordPress debug logging in production environments", "Monitor website logs for unusual access patterns to plugin endpoints"], "origin": {"product": "Ninja Forms - File Uploads", "vendor": "Saturday Drive", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity affecting WordPress sites commonly used by small Texas municipalities, clinics, and utilities for public-facing websites, but limited to debug log exposure rather than full system compromise.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/ninja-forms-uploads/trunk/includes/Common/Routes/DebugLog.php#L88", "source_date": "2026-07-03T06:16:21.207", "first_seen": "2026-07-03T06:34:34.663202", "seen_at": "2026-07-03T06:34:34.663202"}, {"title": "CVE-2026-5135", "cve": "CVE-2026-5135", "summary": "A security flaw in Foreman infrastructure management software allows users with limited permissions to improperly modify settings for hosts they shouldn't have access to. This could let someone change configurations on managed computers and servers across different departments or locations without authorization. Organizations using Foreman to manage their IT infrastructure should apply updates when available.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Information Technology", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Review Foreman user permissions and restrict host-edit access to only necessary personnel", "Monitor Foreman audit logs for unexpected lookup value or host configuration changes", "Apply vendor patches when Red Hat releases updates for this vulnerability", "Consider network segmentation to limit Foreman access to authorized management networks only"], "origin": {"product": "Foreman", "vendor": "Red Hat", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "This is a medium-severity access control issue requiring authenticated access, affecting Foreman which is used by some organizations for infrastructure management but is not widely deployed in small Texas communities.", "patch_available": false, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-5135", "source_date": "2026-07-01T15:17:11.740", "first_seen": "2026-07-01T15:34:34.687056", "seen_at": "2026-07-01T15:34:34.687056"}, {"title": "CVE-2026-13985", "cve": "CVE-2026-13985", "summary": "A security flaw in Google Chrome's MediaCapture feature could allow attackers to display fake or misleading interface elements to trick users into taking unintended actions. This requires an attacker to first compromise the browser, then use a malicious webpage to spoof what users see on screen. All organizations using Chrome browsers should update to the latest version.", "score": 45, "impact_score": 55, "sectors": ["Communications", "Emergency Services", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later immediately on all workstations", "Enable automatic Chrome updates through group policy or device management", "Train staff to recognize suspicious browser behavior and phishing attempts", "Consider using browser isolation for sensitive operations"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Medium severity UI spoofing vulnerability in widely-used Chrome browser affects all sectors but requires prior renderer compromise, limiting immediate exploitation risk.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:11.797", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "CVE-2026-34100", "cve": "CVE-2026-34100", "summary": "Guardian language-system software has a security flaw in its media.php file that allows attackers who are logged in to steal database information through a SQL injection attack. This could expose sensitive data stored in the system's database. Organizations using Guardian language-system should apply fixes immediately.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Contact Guardian vendor immediately for a security patch or updated version", "Remove or restrict access to media.php if not essential to operations", "Implement web application firewall rules to block SQL injection patterns", "Review database logs for unusual queries and potential unauthorized access"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Moderate threat affecting Guardian language-system with SQL injection vulnerability requiring authentication; not targeting lifeline sectors directly and no confirmed active exploitation in the wild.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:32.940", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-46680", "cve": "CVE-2026-46680", "summary": "A vulnerability in containerd (container runtime software) allows attackers to bypass security controls that prevent containers from running with full administrator (root) privileges. By using specially crafted container images, attackers can gain root access despite security policies meant to prevent this. This affects organizations using Kubernetes or container-based systems.", "score": 45, "impact_score": 40, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (High)", "remediation": ["Update containerd immediately to patched versions: 1.7.32, 2.0.9, 2.2.4, or 2.3.1", "Review container deployments to ensure no untrusted or unverified images are in use", "Audit existing containers for unexpected root-level processes", "Implement image scanning and admission controls to block containers with suspicious User directives"], "origin": {"product": "containerd", "vendor": "containerd", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "While this is a significant container security bypass, containerd and Kubernetes deployments are less common in small rural Texas organizations compared to enterprise environments, limiting direct impact on lifeline sectors.", "patch_available": true, "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w", "source_date": "2026-07-01T18:16:32.853", "first_seen": "2026-07-02T20:02:53.211356", "seen_at": "2026-07-02T20:02:53.211356"}, {"title": "CVE-2026-23537", "cve": "CVE-2026-23537", "summary": "A vulnerability in the Feast Feature Server allows attackers without any login credentials to write malicious files to the server, potentially overwriting critical configuration files. This could let attackers take control of affected systems, cause service outages, or run unauthorized commands. Organizations using Feast for machine learning data management should take immediate action.", "score": 45, "impact_score": 35, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (Critical)", "remediation": ["Immediately restrict network access to the Feast Feature Server's /save-document endpoint using firewall rules", "Check for any unauthorized or suspicious files that may have been written to the server filesystem", "Update Feast to the latest patched version once available from the vendor", "Implement authentication requirements for all Feast server endpoints if not already configured"], "origin": {"product": "Feature Server", "vendor": "Feast", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "While this is a critical unauthenticated remote code execution vulnerability, Feast Feature Server is a specialized machine learning tool with limited deployment in small Texas municipalities and rural infrastructure, reducing widespread impact.", "patch_available": false, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-23537", "source_date": "2026-07-01T15:17:06.790", "first_seen": "2026-07-01T15:34:34.687056", "seen_at": "2026-07-01T15:34:34.687056"}, {"title": "CVE-2026-56278", "cve": "CVE-2026-56278", "summary": "Flowise, an AI workflow automation tool, has a critical security flaw where it uses an easily guessable default password ('flowise') for user sessions. Attackers who know this default can forge login credentials to impersonate any user and gain unauthorized access to the system. Organizations using Flowise versions 3.0.13 or earlier without custom session secrets configured are vulnerable.", "score": 45, "impact_score": 35, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately upgrade Flowise to version 3.1.0 or later", "Set a strong, unique EXPRESS_SESSION_SECRET environment variable if upgrade is not immediately possible", "Audit user accounts and session logs for any signs of unauthorized access", "Restrict network access to Flowise instances to trusted internal networks only"], "origin": {"product": "Flowise", "vendor": "FlowiseAI", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this is a critical authentication bypass vulnerability, Flowise is a specialized AI/low-code tool with limited deployment in Texas critical infrastructure compared to mainstream operational technology systems.", "patch_available": true, "reference_url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2qqc-p94c-hxwh", "source_date": "2026-06-30T23:17:29.610", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-58597", "cve": "CVE-2026-58597", "summary": "A vulnerability in Microsoft Edge browser allows attackers to trick users by not properly warning them about dangerous actions, potentially leading to spoofing attacks over a network. This could let attackers impersonate legitimate websites or services to steal information. Users may be deceived into entering credentials or sensitive data on fake sites.", "score": 45, "impact_score": 50, "sectors": ["Government Facilities", "Healthcare and Public Health", "Education", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge to the latest version through automatic updates or manual download from Microsoft", "Train staff to verify website URLs and look for security indicators before entering credentials", "Enable Microsoft Defender SmartScreen to help detect spoofing attempts", "Consider implementing browser policies that restrict access to known-good websites for critical operations"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity spoofing vulnerability in widely-used Edge browser affects Texas government offices and utilities, but requires user interaction and network access to exploit.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58597", "source_date": "2026-07-03T21:17:06.127", "first_seen": "2026-07-05T09:34:34.661301", "seen_at": "2026-07-05T09:34:34.661301"}, {"title": "CVE-2026-14109", "cve": "CVE-2026-14109", "summary": "A security flaw in Google Chrome's Mojo component could allow an attacker who has already compromised part of the browser to escape its protective sandbox using a malicious webpage. This affects anyone using Chrome versions older than 150.0.7871.47. While rated low severity by Google, it could be chained with other attacks to gain broader system access.", "score": 45, "impact_score": 55, "sectors": ["Communications", "Emergency Services", "Energy", "Financial Services", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all workstations immediately", "Enable automatic Chrome updates through group policy or device management", "Remind staff not to click suspicious links or visit untrusted websites", "Consider using browser isolation for sensitive operations"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is widely deployed across all Texas sectors, but this requires prior renderer compromise and is rated low severity with no confirmed active exploitation.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:22.750", "first_seen": "2026-07-02T14:02:53.142152", "seen_at": "2026-07-02T14:02:53.142152"}, {"title": "CVE-2026-34117", "cve": "CVE-2026-34117", "summary": "Guardian language-system software has a critical security flaw that allows anyone on the internet to run malicious commands on your server without logging in. Attackers can exploit this by adding special characters to a web address, giving them full control of the affected system. If your organization uses Guardian language-system for subtitles or media processing, immediate action is required.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Immediately take any Guardian language-system installations offline or block external access until patched.", "Check vendor resources or the reference URL for security updates and apply any available patches.", "Review server logs for suspicious requests to text_to_subtitles.php containing unusual characters like semicolons or pipes.", "If no patch is available, implement a web application firewall rule to block or sanitize the 'id' parameter."], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Critical unauthenticated remote code execution vulnerability, but Guardian language-system is a specialized media/subtitle tool with limited deployment in Texas critical infrastructure sectors.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:35.160", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-57987", "cve": "CVE-2026-57987", "summary": "A vulnerability in Microsoft Edge browser allows attackers to trick the browser into making unauthorized network requests on behalf of a user. This could let attackers access internal systems or impersonate legitimate services. Staff using Edge for daily work could unknowingly expose internal network resources.", "score": 45, "impact_score": 50, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge to the latest version through automatic updates or manual download from Microsoft", "Ensure automatic browser updates are enabled across all managed workstations", "Consider using browser isolation or web filtering to limit access to untrusted sites", "Review network segmentation to limit internal resource exposure from compromised endpoints"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely used across Texas public sector organizations, but SSRF typically requires user interaction and network access, limiting immediate critical infrastructure impact.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57987", "source_date": "2026-07-03T21:17:01.903", "first_seen": "2026-07-05T06:34:34.571906", "seen_at": "2026-07-05T06:34:34.571906"}, {"title": "CVE-2026-58172", "cve": "CVE-2026-58172", "summary": "Ocelot API Gateway software (versions through 24.1.0) has a security bypass flaw where blocked IP addresses can still access systems by using WebSocket connections, because security checks are skipped for WebSocket requests. This could allow unauthorized users to reach protected internal services even when IP blocking rules are in place.", "score": 45, "impact_score": 35, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Check if your organization uses Ocelot API Gateway and identify the version installed", "Update Ocelot to a version containing commit f156fd4 or later when available", "Review firewall and network-level IP blocking as a backup to application-level controls", "Monitor logs for unusual WebSocket upgrade requests from blocked IP ranges"], "origin": {"product": "Ocelot", "vendor": "ThreeMammals", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Ocelot is a specialized .NET API gateway with limited deployment in small Texas organizations; the bypass requires specific WebSocket configurations and no active exploitation is reported, but could impact any sector using this gateway for access control.", "patch_available": true, "reference_url": "https://github.com/ThreeMammals/Ocelot/commit/f156fd4017ca25025fffdad8ec56c1d657dfb402", "source_date": "2026-06-30T17:16:24.313", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-58298", "cve": "CVE-2026-58298", "summary": "A security flaw in Microsoft Edge browser allows attackers to trick users by displaying fake content or stealing information through malicious web pages. This affects anyone using the Edge browser to access websites, which could include staff at utilities, schools, and government offices. Users could be deceived into entering credentials or clicking harmful links.", "score": 45, "impact_score": 50, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version immediately through Settings > About Microsoft Edge", "Enable automatic browser updates to ensure future patches are applied promptly", "Train staff to verify website authenticity before entering credentials or sensitive information", "Consider using browser security policies to block access to known malicious sites"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is commonly used across Texas local governments and utilities, but this spoofing vulnerability requires user interaction and is not confirmed to be actively exploited, limiting immediate threat severity.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58298", "source_date": "2026-07-03T21:17:04.790", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-14102", "cve": "CVE-2026-14102", "summary": "A security flaw in Google Chrome's password management feature could allow attackers to compromise your computer through a malicious webpage. While rated low severity by Google, any browser vulnerability affecting password handling warrants attention. Update Chrome to version 150.0.7871.47 or later on all computers.", "score": 45, "impact_score": 50, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all workstations immediately", "Enable automatic Chrome updates if not already configured", "Remind staff not to click suspicious links or visit untrusted websites", "Consider using browser management policies to enforce automatic updates"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is widely used across Texas public sector organizations, but the low severity rating and requirement for user interaction to visit a malicious page reduces immediate risk to critical infrastructure.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:22.113", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "CVE-2026-14638", "cve": "CVE-2026-14638", "summary": "A SQL injection vulnerability exists in itsourcecode Hospital Management System 1.0 that allows remote attackers to manipulate database queries through the patient.php file. This could let attackers access, modify, or delete sensitive patient records. Small clinics using this open-source hospital management software should take immediate action.", "score": 45, "impact_score": 30, "sectors": ["Healthcare and Public Health"], "source": "NVD (Medium)", "remediation": ["Immediately restrict network access to the Hospital Management System to trusted internal networks only", "Implement web application firewall rules to filter SQL injection attempts on patient.php", "Contact your IT provider to review and patch the editid parameter input validation", "Consider migrating to a supported, commercially maintained patient management system"], "origin": {"product": "Hospital Management System", "vendor": "itsourcecode", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "This vulnerability affects healthcare patient management systems with a published exploit, but itsourcecode Hospital Management System has limited deployment in Texas rural clinics compared to commercial alternatives.", "patch_available": false, "reference_url": "https://github.com/ltranquility/submit/issues/23", "source_date": "2026-07-04T18:16:28.550", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-58375", "cve": "CVE-2026-58375", "summary": "JimuReport software versions through 2.5.0 have a security flaw that allows anyone on the internet to access and download sensitive reports without logging in. Attackers can steal report data including database query results and potentially embedded passwords or credentials. This affects organizations using JimuReport for business intelligence or reporting functions.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Check if your organization uses JimuReport software and identify all instances immediately", "Block external access to /jmreport/auto/export endpoint at your firewall or web application firewall", "Contact your software vendor or IT provider to upgrade JimuReport beyond version 2.5.0 when a patch becomes available", "Audit any reports for embedded credentials and rotate those passwords immediately"], "origin": {"product": "JimuReport", "vendor": "JeecgBoot", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this vulnerability allows unauthenticated data theft, JimuReport is a specialized Chinese reporting tool with limited deployment in Texas small/rural organizations, reducing widespread impact.", "patch_available": false, "reference_url": "https://github.com/jeecgboot/jimureport/issues/4694", "source_date": "2026-06-30T17:16:25.743", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-53492", "cve": "CVE-2026-53492", "summary": "A vulnerability in containerd (container runtime software) allows users with pod creation permissions to bypass security controls when restoring containers from checkpoints. Attackers could inject unauthorized device access and host mounts into containers. This primarily affects organizations running Kubernetes or container-based infrastructure with CDI enabled.", "score": 45, "impact_score": 40, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (Critical)", "remediation": ["Update containerd immediately to patched versions 2.3.2, 2.2.5, or 2.1.9", "Audit which users have pod creation permissions in your Kubernetes clusters and restrict to minimum necessary", "If CDI is not required for your operations, consider disabling it until patches are applied", "Review container checkpoint restore policies and restrict who can perform restore operations"], "origin": {"product": "containerd", "vendor": "containerd", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Moderate threat to Texas infrastructure as containerd is used in modern cloud and container deployments, but exploitation requires specific conditions (CDI enabled, pod creation permissions, matching host CDI specs) limiting widespread impact on typical small Texas organizations.", "patch_available": true, "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc", "source_date": "2026-07-01T19:16:54.510", "first_seen": "2026-07-02T20:02:53.211356", "seen_at": "2026-07-02T20:02:53.211356"}, {"title": "CVE-2026-7874", "cve": "CVE-2026-7874", "summary": "IBM Langflow OSS versions 1.0.0 through 1.10.0 has a weakness in how it encrypts stored credentials, making it possible for attackers to decrypt and steal all saved passwords and sensitive information. This affects organizations using this AI workflow automation tool to manage integrations and services. If exploited, attackers could gain access to connected systems using the stolen credentials.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Upgrade IBM Langflow OSS to version 1.10.1 or later immediately", "Rotate all credentials and API keys stored in affected Langflow instances", "Review access logs for any unauthorized credential access or suspicious activity", "Implement network segmentation to limit exposure of systems running Langflow"], "origin": {"product": "Langflow OSS", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While credential disclosure is serious, IBM Langflow OSS is a specialized AI workflow tool with limited deployment in small Texas rural organizations, reducing widespread impact to critical infrastructure.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278447", "source_date": "2026-06-30T20:17:31.900", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-14619", "cve": "CVE-2026-14619", "summary": "A security flaw in itsourcecode Hospital Management System 1.0 allows attackers to remotely access or manipulate database information through the medicine tracking page. This could expose patient records, medication data, and other sensitive healthcare information. The exploit code is publicly available, making attacks more likely.", "score": 45, "impact_score": 30, "sectors": ["Healthcare and Public Health"], "source": "NVD (Medium)", "remediation": ["Immediately check if your facility uses itsourcecode Hospital Management System and identify affected installations", "Block or restrict external access to medicine.php until a patch is available", "Implement web application firewall rules to filter SQL injection attempts", "Contact your software vendor or IT support about upgrading to a secure alternative"], "origin": {"product": "Hospital Management System 1.0", "vendor": "itsourcecode", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "While this affects healthcare systems which are important, this specific open-source hospital management system has limited deployment in Texas rural clinics and hospitals, though the public exploit increases risk.", "patch_available": false, "reference_url": "https://github.com/ltranquility/cve_submit/issues/22", "source_date": "2026-07-04T08:16:21.647", "first_seen": "2026-07-05T11:02:52.978653", "seen_at": "2026-07-05T11:02:52.978653"}, {"title": "CVE-2026-13795", "cve": "CVE-2026-13795", "summary": "A security flaw in Google Chrome for iOS allows attackers to bypass navigation restrictions using malicious web pages. This could trick users into visiting dangerous websites or expose them to phishing attacks. Staff using iPhones or iPads with Chrome should update immediately.", "score": 45, "impact_score": 40, "sectors": ["Government Facilities", "Healthcare and Public Health", "Emergency Services", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome on all iOS devices to version 150.0.7871.47 or later immediately", "Remind staff to only click links from trusted sources", "Consider using managed device policies to enforce automatic browser updates", "Review any suspicious website visits in recent browser history"], "origin": {"product": "Chrome for iOS", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While Chrome is widely used across Texas organizations, this iOS-specific vulnerability has limited impact on operational technology systems and no confirmed active exploitation yet.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:16:54.280", "first_seen": "2026-07-01T20:02:52.970072", "seen_at": "2026-07-01T20:02:52.970072"}, {"title": "CVE-2025-36372", "cve": "CVE-2025-36372", "summary": "IBM Db2 database software versions 11.5.0-11.5.9 and 12.1.0-12.1.4 have a vulnerability that could allow authenticated users to access sensitive information from monitoring and event tables. This affects organizations using Db2 databases on Linux, UNIX, or Windows systems. An attacker with valid database credentials could view data they should not have access to.", "score": 45, "impact_score": 35, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses IBM Db2 database versions 11.5.0-11.5.9 or 12.1.0-12.1.4 and identify affected systems", "Apply IBM security patches from the referenced support page immediately", "Review database user accounts and remove unnecessary access privileges", "Monitor database audit logs for unusual queries against monitoring and event tables"], "origin": {"product": "Db2", "vendor": "IBM", "first_reported": "2025", "exploited_by": []}, "score_reason": "Medium severity information disclosure requiring authentication limits immediate risk, but Db2 databases may store sensitive operational data for utilities, healthcare facilities, and local governments across Texas.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277417", "source_date": "2026-06-30T20:17:25.323", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-11594", "cve": "CVE-2026-11594", "summary": "IBM WebSphere Application Server versions 8.5 and 9.0 have a cross-site scripting (XSS) vulnerability in the administrative console. An attacker could potentially inject malicious scripts that execute when administrators access the console, potentially stealing credentials or performing unauthorized actions. This affects organizations running WebSphere for web applications or backend services.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Apply the latest IBM security patches from the referenced support page immediately", "Restrict administrative console access to trusted internal networks only", "Enable multi-factor authentication for all WebSphere admin accounts", "Monitor admin console access logs for suspicious activity"], "origin": {"product": "WebSphere Application Server", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "WebSphere is used by some Texas government agencies and healthcare organizations for enterprise applications, but the vulnerability requires admin console access and is not confirmed to be actively exploited.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277546", "source_date": "2026-06-30T21:16:30.383", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-59099", "cve": "CVE-2026-59099", "summary": "Apereo CAS single sign-on software versions 7.3.0 through 8.0.0-RC5 has a security flaw where attackers can decrypt login session data without needing credentials. This affects organizations using CAS for web authentication, potentially exposing user sessions and sensitive login information to unauthorized access.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Education", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Upgrade Apereo CAS to version 8.0.0-RC6 or later immediately", "If upgrade is not possible, restrict network access to CAS login pages to trusted networks only", "Monitor authentication logs for unusual token collection or brute-force activity", "Contact your IT provider to verify if your organization uses Apereo CAS for authentication"], "origin": {"product": "CAS (Central Authentication Service)", "vendor": "Apereo", "first_reported": "2026-06-18", "exploited_by": []}, "score_reason": "Moderate threat to Texas entities using Apereo CAS for authentication; primarily affects government and education sectors but requires specific deployment of this open-source SSO product which has limited adoption in small/rural organizations.", "patch_available": true, "reference_url": "https://apereo.github.io/2026/06/18/vuln/", "source_date": "2026-07-02T20:17:08.240", "first_seen": "2026-07-02T21:34:34.775050", "seen_at": "2026-07-02T21:34:34.775050"}, {"title": "CVE-2026-56700", "cve": "CVE-2026-56700", "summary": "Grav CMS, a website content management system, has critical security flaws that allow attackers to execute malicious code on affected servers. These vulnerabilities affect how the system handles data and processes commands, potentially giving attackers full control of the web server. Organizations using Grav CMS for their websites should update to version 2.0.0-beta.2 or later immediately.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Critical)", "remediation": ["Update Grav CMS to version 2.0.0-beta.2 or later immediately", "Restrict admin panel access to trusted IP addresses and require strong authentication", "Review server logs for suspicious activity or unauthorized plugin/theme installations", "If unable to update, consider temporarily taking the Grav site offline until patched"], "origin": {"product": "Grav CMS", "vendor": "Grav", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While these are critical code execution vulnerabilities, Grav CMS is a niche content management system with limited deployment in Texas critical infrastructure compared to mainstream platforms like WordPress.", "patch_available": true, "reference_url": "https://github.com/getgrav/grav/security/advisories/GHSA-vj3m-2g9h-vm4p", "source_date": "2026-06-30T23:17:32.287", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-59092", "cve": "CVE-2026-59092", "summary": "JuiceFS, a distributed file system sometimes used for data storage, has a flaw that lets attackers bypass authentication and access sensitive debugging endpoints. This could expose database credentials and allow attackers to read/write filesystem data or cause system outages. Organizations using JuiceFS for storage infrastructure should update immediately.", "score": 45, "impact_score": 35, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (High)", "remediation": ["Update JuiceFS to a version after commit a46979c or version 1.3.2+ when available", "Restrict network access to JuiceFS debug and metrics endpoints using firewall rules", "Rotate any database credentials that may have been exposed through the metadata engine connection strings", "Monitor logs for unauthorized access attempts to /debug/pprof/ endpoints"], "origin": {"product": "JuiceFS", "vendor": "JuiceData", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "JuiceFS is specialized distributed storage software with limited deployment in small Texas organizations, but credential exposure and denial of service capabilities pose moderate risk to any affected systems.", "patch_available": true, "reference_url": "https://github.com/juicedata/juicefs/commit/a46979cdd4082217081ee99b931ddc53d038e47a", "source_date": "2026-07-02T20:17:07.270", "first_seen": "2026-07-02T21:34:34.775050", "seen_at": "2026-07-02T21:34:34.775050"}, {"title": "CVE-2026-11979", "cve": "CVE-2026-11979", "summary": "A security flaw in libxml2, a widely-used software library for processing XML data, could allow attackers to crash systems or potentially run malicious code when the xmlcatalog utility is used in interactive shell mode. This affects many Linux-based systems including servers and network equipment. The risk is lower because exploitation requires direct access to run the vulnerable utility in a specific mode.", "score": 45, "impact_score": 35, "sectors": ["Water and Wastewater Systems", "Energy", "Government Facilities", "Healthcare and Public Health", "Communications", "Information Technology"], "source": "NVD (High)", "remediation": ["Update libxml2 to the latest version containing commit c2e233fc when available from your Linux distribution", "Restrict access to xmlcatalog utility to only authorized administrators who need it", "Avoid using xmlcatalog in --shell mode on production systems", "Monitor vendor security advisories for your Linux distribution for patched packages"], "origin": {"product": "libxml2", "vendor": "libxml2 project", "first_reported": "2026-06-29", "exploited_by": []}, "score_reason": "While libxml2 is widely deployed across Linux systems in Texas infrastructure, exploitation requires interactive shell access to xmlcatalog which significantly limits real-world attack scenarios.", "patch_available": true, "reference_url": "https://cert.pl/en/posts/2026/06/CVE-2026-11979", "source_date": "2026-06-29T14:16:40.593", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-53489", "cve": "CVE-2026-53489", "summary": "A security flaw in containerd, a common container runtime used in cloud and server environments, allows attackers to read arbitrary files from the host system through manipulated checkpoint images. This could expose sensitive configuration files, credentials, or other protected data on affected servers. Organizations running containerized applications should update to patched versions.", "score": 45, "impact_score": 40, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update containerd to version 2.3.2, 2.2.5, or 2.1.9 depending on your version branch", "Review any container checkpoint images from untrusted sources before restoring", "Limit kubectl logs access to trusted administrators only", "Contact your IT or cloud service provider to confirm they have applied the patch"], "origin": {"product": "containerd", "vendor": "containerd", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "While containerd is widely used in containerized environments, most small Texas municipalities and rural utilities have limited container deployments, reducing direct impact; however, any cloud-hosted services using containers could be affected.", "patch_available": true, "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388", "source_date": "2026-07-01T19:16:54.383", "first_seen": "2026-07-02T21:34:34.775050", "seen_at": "2026-07-02T21:34:34.775050"}, {"title": "CVE-2026-28322", "cve": "CVE-2026-28322", "summary": "SolarWinds Database Performance Analyzer has a stored cross-site scripting (XSS) vulnerability that could allow attackers to inject malicious scripts into the application. If exploited, this could lead to unauthorized actions or data theft when administrators view affected pages. This affects organizations using SolarWinds DPA for database monitoring.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update SolarWinds Database Performance Analyzer to version 2026.2 or later as referenced in vendor release notes", "Review DPA user accounts and remove unnecessary administrative access", "Enable Content Security Policy headers if supported", "Monitor for suspicious script activity in DPA interface logs"], "origin": {"product": "Database Performance Analyzer", "vendor": "SolarWinds", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Medium-severity XSS vulnerability in database monitoring software used by some Texas public entities; requires user interaction and authenticated access, limiting immediate threat to critical infrastructure.", "patch_available": true, "reference_url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2026-2_release_notes.htm", "source_date": "2026-06-30T23:17:26.993", "first_seen": "2026-07-01T15:34:34.687056", "seen_at": "2026-07-01T15:34:34.687056"}, {"title": "CVE-2026-11906", "cve": "CVE-2026-11906", "summary": "IBM Db2 database software versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 has a vulnerability that allows users with database access to crash the system by sending specially crafted queries. This could disrupt critical applications that rely on Db2 databases for storing and managing information.", "score": 45, "impact_score": 35, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses IBM Db2 database versions 11.5.0-11.5.9 or 12.1.0-12.1.4 and identify affected systems", "Apply IBM security patches referenced in the vendor advisory at the provided URL", "Restrict database access to only essential authenticated users", "Monitor database logs for unusual query patterns or repeated crashes"], "origin": {"product": "Db2", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Medium severity denial-of-service requiring authentication limits widespread impact, but Db2 databases may support billing, SCADA historians, or records systems in Texas utilities and government facilities.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277423", "source_date": "2026-06-30T20:17:28.273", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-13772", "cve": "CVE-2026-13772", "summary": "IBM WebSphere Extreme Scale, a data caching product used in enterprise applications, has a critical vulnerability that allows authenticated attackers to run malicious code on servers by exploiting how the system processes database-like queries. This could let attackers take control of affected systems. Organizations using IBM WebSphere products for web applications or data caching should check if they're affected.", "score": 45, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (High)", "remediation": ["Check with your IT provider or vendor if IBM WebSphere Extreme Scale is used in any of your systems or third-party applications", "Apply IBM's security patch by upgrading to a fixed version as referenced in IBM's support page", "Restrict network access to WebSphere administration interfaces to trusted internal networks only", "Review application logs for unusual query activity or unauthorized access attempts"], "origin": {"product": "WebSphere Extreme Scale", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this is a serious remote code execution vulnerability in IBM enterprise software, WebSphere Extreme Scale is primarily deployed in large enterprise environments and is uncommon in small Texas municipalities, rural utilities, and local government systems.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278593", "source_date": "2026-06-30T20:17:29.080", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-45488", "cve": "CVE-2026-45488", "summary": "A vulnerability in Microsoft Edge browser allows attackers to spoof or misrepresent critical information in the user interface, potentially tricking users into visiting malicious websites or entering credentials on fake pages. This affects organizations using Microsoft Edge as their web browser. Users could be deceived by fake security indicators or misleading website information.", "score": 45, "impact_score": 50, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge to the latest version through automatic updates or manual download from Microsoft", "Train staff to verify website URLs carefully before entering credentials", "Enable browser security features and consider using additional anti-phishing protections", "Monitor for suspicious login attempts or credential compromise"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium-severity spoofing vulnerability in widely-used browser affects multiple sectors but requires user interaction and network access to exploit, with no confirmed active exploitation.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45488", "source_date": "2026-07-03T21:17:00.183", "first_seen": "2026-07-05T06:34:34.571906", "seen_at": "2026-07-05T06:34:34.571906"}, {"title": "CVE-2026-45499", "cve": "CVE-2026-45499", "summary": "A security flaw in Microsoft Azure OpenAI service could allow an attacker who already has some access to gain higher-level privileges through the network. This affects organizations using Azure's AI services for applications or data processing. While this is a cloud service vulnerability, Microsoft is responsible for patching it on their end.", "score": 45, "impact_score": 40, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Review your organization's use of Azure OpenAI services and document any implementations", "Monitor Microsoft Security Response Center for patches and apply any tenant-level configuration updates", "Implement network segmentation to limit exposure of systems connected to Azure services", "Enable enhanced logging for Azure resources to detect suspicious privilege escalation attempts"], "origin": {"product": "Azure OpenAI", "vendor": "Microsoft", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Moderate threat to Texas infrastructure as Azure OpenAI adoption is growing but not yet widespread in small rural organizations; requires prior authorization limiting attack scope.", "patch_available": false, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45499", "source_date": "2026-07-02T23:16:51.003", "first_seen": "2026-07-03T00:34:34.717858", "seen_at": "2026-07-03T00:34:34.717858"}, {"title": "CVE-2026-13251", "cve": "CVE-2026-13251", "summary": "The Perfmatters WordPress plugin has a security flaw that lets attackers read sensitive files from your website server without logging in. This affects versions up to 2.6.4 but only works if specific features are enabled (Local Google Fonts, pretty permalinks, and RSS feeds). Attackers could potentially access configuration files containing passwords or other sensitive data.", "score": 42, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update Perfmatters plugin to version 2.6.5 or later immediately", "If update is not possible, disable the Local Google Fonts feature in plugin settings", "Review server logs for suspicious requests targeting the 's' parameter", "Audit any exposed configuration files and rotate credentials if compromise is suspected"], "origin": {"product": "Perfmatters WordPress Plugin", "vendor": "Jeremias Jensen (developer)", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Moderate threat to Texas organizations using WordPress for public websites; exploitation requires multiple non-default settings to be enabled, limiting real-world impact.", "patch_available": true, "reference_url": "https://perfmatters.io/docs/changelog/", "source_date": "2026-07-02T10:16:27.893", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "CVE-2026-58296", "cve": "CVE-2026-58296", "summary": "A vulnerability in Microsoft Edge for Android allows attackers to access private personal information over a network without authorization. This could expose sensitive data if staff use Edge browser on Android devices to access work systems. While primarily affecting mobile browsers, it poses a risk to organizations where employees use personal or work Android devices.", "score": 42, "impact_score": 38, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services", "Energy"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge for Android to the latest version from the Google Play Store immediately", "Advise all staff using Android devices for work to check their Edge browser version and update", "Review mobile device management policies to ensure automatic app updates are enabled", "Consider restricting access to sensitive systems from unmanaged mobile devices"], "origin": {"product": "Edge for Android", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "This affects Microsoft Edge on Android devices which may be used by staff in Texas public organizations, but is limited to mobile browser exposure rather than critical operational systems.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58296", "source_date": "2026-07-03T21:17:04.547", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-11397", "cve": "CVE-2026-11397", "summary": "The WP Import Export Lite plugin for WordPress has a security flaw that allows attackers with admin access to make the website send requests to internal systems, potentially exposing sensitive cloud configuration data or accessing internal network resources. This affects all versions through 3.9.30 and requires an authenticated administrator account to exploit.", "score": 42, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update WP Import Export Lite plugin to version 3.9.31 or later when available", "If no patch exists, deactivate and remove the WP Import Export Lite plugin until fixed", "Restrict WordPress admin accounts to trusted personnel only and enable multi-factor authentication", "Review WordPress user accounts and remove any unnecessary administrator privileges"], "origin": {"product": "WP Import Export Lite", "vendor": "WebToffee", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Requires administrator-level authentication which limits exploitation, but many Texas small government, school, and utility websites use WordPress and could expose internal network resources or cloud credentials if compromised.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/tags/3.9.30/includes/classes/import/downloader/download.php#L31", "source_date": "2026-07-03T06:16:20.653", "first_seen": "2026-07-03T06:34:34.663202", "seen_at": "2026-07-03T06:34:34.663202"}, {"title": "CVE-2026-58454", "cve": "CVE-2026-58454", "summary": "JAIOTlink C492A-W6 Wi-Fi IP cameras have a security flaw that lets attackers who gain login access run malicious code on the device. The attack persists even after the camera reboots, giving attackers ongoing control. These cameras may be used for security monitoring at facilities, schools, or government buildings.", "score": 42, "impact_score": 35, "sectors": ["Government Facilities", "Water and Wastewater Systems", "Healthcare and Public Health", "Emergency Services"], "source": "NVD (High)", "remediation": ["Inventory all JAIOTlink C492A-W6 cameras on your network and isolate them on a separate VLAN", "Change default credentials immediately and use strong unique passwords", "Disable remote/internet access to camera management interfaces", "Monitor vendor website for firmware updates and apply when available"], "origin": {"product": "C492A-W6 Wi-Fi IP Camera", "vendor": "JAIOTlink", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "While remote code execution on IP cameras is serious, this requires authentication first, affects a specific camera model with limited deployment, and does not directly impact lifeline sector operations.", "patch_available": false, "reference_url": "https://github.com/rwprimitives/jaiotlink-c492a-wifi-camera/blob/main/writeups/03-anyka-config-execution-trigger.md", "source_date": "2026-07-01T17:16:40.693", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-57977", "cve": "CVE-2026-57977", "summary": "A security flaw in Microsoft Edge browser allows attackers to trick users by displaying fake content on websites. This could lead to users unknowingly giving up sensitive information or clicking malicious links. Organizations using Edge for daily operations should update the browser promptly.", "score": 42, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge to the latest version through Windows Update or the Edge settings menu", "Enable automatic browser updates to ensure future patches are applied promptly", "Train staff to verify website authenticity before entering credentials or sensitive information", "Consider using browser security policies to restrict access to untrusted sites"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely used across Texas organizations for web access, but this spoofing vulnerability requires user interaction and is not confirmed to be actively exploited, limiting immediate risk.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57977", "source_date": "2026-07-03T21:17:01.193", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-56361", "cve": "CVE-2026-56361", "summary": "ImageMagick, a widely-used image processing software, has a memory handling flaw that could allow attackers to crash systems or potentially access unauthorized data by sending specially crafted image files. This affects any system that automatically processes images, such as websites, document management systems, or applications that resize or convert images.", "score": 42, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update ImageMagick to version 7.1.2-19 or later immediately on all servers and workstations", "Audit systems to identify where ImageMagick is installed, including web servers, content management systems, and document processing applications", "Implement input validation to restrict image uploads to trusted file types and sources", "Consider disabling morphology processing features if not required for your operations"], "origin": {"product": "ImageMagick", "vendor": "ImageMagick", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While ImageMagick is commonly deployed on web servers and document systems across Texas organizations, the vulnerability requires specific conditions to exploit and primarily causes crashes rather than remote code execution.", "patch_available": true, "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx", "source_date": "2026-06-30T23:17:31.140", "first_seen": "2026-07-02T20:02:53.211356", "seen_at": "2026-07-02T20:02:53.211356"}, {"title": "CVE-2026-58297", "cve": "CVE-2026-58297", "summary": "A vulnerability in Microsoft Edge for Android allows attackers to steal private personal information over a network without authorization. This could expose sensitive data if employees use Edge on Android devices for work purposes. The issue affects mobile browsing and could lead to identity theft or unauthorized access to personal accounts.", "score": 42, "impact_score": 38, "sectors": ["Government Facilities", "Healthcare and Public Health", "Emergency Services", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge for Android to the latest version from the Google Play Store immediately", "Advise all staff using personal or work Android devices for business to check for Edge updates", "Consider restricting use of mobile browsers for accessing sensitive organizational systems until patched", "Review what sensitive information may have been accessed via mobile devices"], "origin": {"product": "Edge for Android", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "While information disclosure is concerning, this affects only the Android mobile browser version of Edge, limiting exposure in operational technology environments typical of Texas critical infrastructure.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58297", "source_date": "2026-07-03T21:17:04.663", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-11398", "cve": "CVE-2026-11398", "summary": "The LatePoint appointment booking plugin for WordPress has a security flaw that lets attackers change customer personal information (names, phone numbers, notes) without logging in. Attackers only need a customer's email address to modify their records. This affects organizations using WordPress websites with this booking plugin enabled for guest appointments.", "score": 42, "impact_score": 35, "sectors": ["Healthcare and Public Health", "Government Facilities", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update the LatePoint plugin to version 5.6.2 or later immediately", "If updates are unavailable, disable guest booking functionality by requiring customer authentication", "Review customer records for unauthorized modifications to contact information", "Consider temporarily disabling the plugin until patched if guest bookings cannot be disabled"], "origin": {"product": "LatePoint Calendar Booking Plugin for WordPress", "vendor": "LatePoint", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "This vulnerability affects WordPress websites using a specific booking plugin, which may be used by Texas clinics, municipal offices, and utilities for appointment scheduling, but requires specific configuration and has no confirmed active exploitation.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.3.2/lib/controllers/steps_controller.php#L22", "source_date": "2026-07-03T09:16:36.073", "first_seen": "2026-07-04T00:34:34.705390", "seen_at": "2026-07-04T00:34:34.705390"}, {"title": "CVE-2026-45489", "cve": "CVE-2026-45489", "summary": "A spoofing vulnerability in Microsoft Edge browser could allow attackers to trick users into thinking they are on a legitimate website when they are not. This could lead to credential theft or malware installation if employees click malicious links. All organizations using Microsoft Edge as their web browser should apply updates promptly.", "score": 42, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge to the latest version through Windows Update or edge://settings/help", "Enable automatic browser updates to ensure timely patching", "Train staff to verify website URLs before entering credentials", "Consider implementing web filtering to block known malicious domains"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Microsoft Edge is widely used across Texas public sector organizations, but spoofing vulnerabilities typically require user interaction and have moderate severity, reducing immediate critical infrastructure risk.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45489", "source_date": "2026-07-03T21:17:00.307", "first_seen": "2026-07-05T06:34:34.571906", "seen_at": "2026-07-05T06:34:34.571906"}, {"title": "CVE-2026-5821", "cve": "CVE-2026-5821", "summary": "The Image Optimizer plugin for WordPress through version 1.7.4 allows users with Author accounts to delete arbitrary files on the server by manipulating backup file paths. This could let attackers remove critical website files, causing your site to crash or become vulnerable to further attacks.", "score": 42, "impact_score": 38, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (High)", "remediation": ["Update the Image Optimizer plugin to version 1.7.5 or later immediately if available", "Review and limit user accounts with Author or higher privileges to only trusted personnel", "Audit WordPress user roles and remove unnecessary elevated access", "Monitor for unexpected file deletions or website errors indicating compromise"], "origin": {"product": "Image Optimizer Plugin for WordPress", "vendor": "Starter Templates (developer)", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "WordPress is widely used by Texas local governments, schools, and small utilities for public websites, but exploitation requires authenticated Author-level access, limiting attack surface.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/image-optimization/tags/1.7.3/classes/image/image-backup.php#L117", "source_date": "2026-07-02T06:16:14.220", "first_seen": "2026-07-02T06:34:34.623151", "seen_at": "2026-07-02T06:34:34.623151"}, {"title": "CVE-2026-9756", "cve": "CVE-2026-9756", "summary": "A security flaw in the GenerateBlocks WordPress plugin allows attackers with contributor-level accounts to inject malicious code into website pages. When administrators or visitors click affected headline links, harmful scripts can run in their browsers, potentially stealing login credentials or compromising the website. This affects WordPress sites using GenerateBlocks version 2.2.1 and earlier.", "score": 42, "impact_score": 35, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update GenerateBlocks plugin to version 2.2.2 or later when available", "Audit contributor-level user accounts and remove unnecessary access privileges", "Review user profile descriptions for suspicious JavaScript code or unusual content", "Consider temporarily disabling the GenerateBlocks Headline Block dynamic link feature until patched"], "origin": {"product": "GenerateBlocks WordPress Plugin", "vendor": "GenerateBlocks", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity stored XSS requiring authenticated contributor access limits immediate risk, but WordPress is widely used by Texas municipalities, school districts, and small utilities for public-facing websites.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/generateblocks/tags/2.2.0/includes/blocks/class-headline.php#L809", "source_date": "2026-07-03T09:16:37.640", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-58291", "cve": "CVE-2026-58291", "summary": "A vulnerability in Microsoft Edge (Chromium-based) browser could allow an attacker to steal sensitive information over a network by exploiting how the browser handles resources. This affects any organization using Edge as their web browser. While rated medium severity, it could expose confidential data if staff browse malicious websites.", "score": 42, "impact_score": 45, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge to the latest version through Settings > About Microsoft Edge or via WSUS/group policy", "Enable automatic updates for Edge browser across all managed workstations", "Remind staff to avoid clicking suspicious links or visiting untrusted websites", "Consider using browser isolation for sensitive operations until patched"], "origin": {"product": "Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium-severity information disclosure vulnerability in widely-used browser affects multiple sectors but requires user interaction and has no confirmed active exploitation.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58291", "source_date": "2026-07-03T21:17:03.890", "first_seen": "2026-07-05T09:34:34.661301", "seen_at": "2026-07-05T09:34:34.661301"}, {"title": "CVE-2026-10129", "cve": "CVE-2026-10129", "summary": "IBM Langflow OSS versions 1.0.0 through 1.9.3 has a security flaw that lets attackers bypass protections and access internal systems they shouldn't reach. An attacker with basic account access can trick the system into connecting to private network resources, potentially exposing sensitive credentials, tokens, and internal data. This affects organizations using this AI workflow automation tool.", "score": 42, "impact_score": 35, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (High)", "remediation": ["Upgrade IBM Langflow OSS to version 1.9.4 or later immediately", "Disable or restrict the follow_redirects parameter in API Request components until patched", "Implement network segmentation to limit internal service access from Langflow servers", "Review logs for suspicious redirect patterns or unexpected internal service access"], "origin": {"product": "Langflow OSS", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While SSRF vulnerabilities are serious, IBM Langflow OSS is a specialized AI workflow tool with limited deployment in small Texas municipalities and rural critical infrastructure; impact is moderate for organizations that have adopted it.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277561", "source_date": "2026-06-30T20:17:26.747", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-34096", "cve": "CVE-2026-34096", "summary": "A security flaw in Guardian language-system software allows an authenticated attacker to inject malicious code through a web URL parameter. If a logged-in user clicks a crafted link, attackers could hijack their browser session and potentially access sensitive information or perform unauthorized actions.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Water and Wastewater Systems", "Healthcare and Public Health"], "source": "NVD (Medium)", "remediation": ["Contact the Guardian language-system vendor to determine if a patched version is available", "Implement web application firewall rules to filter malicious script tags in URL parameters", "Train staff not to click suspicious links, especially while logged into administrative systems", "Review access logs for unusual activity targeting designer.php"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Medium severity cross-site scripting vulnerability requiring authentication and user interaction, with no confirmed active exploitation and limited deployment visibility in Texas critical infrastructure.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:32.447", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2025-71356", "cve": "CVE-2025-71356", "summary": "Picklescan, a security tool used to detect malicious code in Python pickle files, has a vulnerability that allows attackers to hide harmful code that won't be detected. If your organization uses machine learning or AI tools that process pickle files, malicious files could execute unauthorized code on your systems when opened.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update picklescan to version 0.0.28 or later immediately", "Avoid loading pickle files from untrusted or unknown sources", "Review any machine learning or AI systems that process pickle files for exposure", "Consider alternative serialization formats like JSON for data exchange where possible"], "origin": {"product": "picklescan", "vendor": "picklescan", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "This affects a specialized security scanning library used primarily in machine learning environments, which have limited deployment in small Texas municipal organizations, though some SCADA or AI-enabled systems could be at risk.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f4x7-rfwp-v3xw", "source_date": "2026-07-04T02:16:22.063", "first_seen": "2026-07-05T15:34:34.592699", "seen_at": "2026-07-05T15:34:34.592699"}, {"title": "CVE-2026-56264", "cve": "CVE-2026-56264", "summary": "Crawl4AI, an open-source web crawling tool, has a critical vulnerability that allows attackers to run malicious code through its Docker API. This could let attackers access internal systems and data on any server running vulnerable versions. Organizations using this AI crawling tool for automation or data collection should update immediately.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health"], "source": "NVD (High)", "remediation": ["Update Crawl4AI to version 0.8.7 or later immediately", "If update is not possible, disable or firewall the /execute_js endpoint from external access", "Review network logs for suspicious JavaScript execution requests to the Docker API", "Consider isolating any Crawl4AI containers in a segmented network with no access to internal services"], "origin": {"product": "Crawl4AI", "vendor": "unclecode", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This affects a specialized AI crawling tool that is unlikely to be widely deployed in small Texas organizations, but could impact those using automated web scraping or AI data collection services.", "patch_available": true, "reference_url": "https://github.com/unclecode/crawl4ai", "source_date": "2026-06-30T23:17:29.363", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-59096", "cve": "CVE-2026-59096", "summary": "A vulnerability in Dapr Sentry's security component allows attackers to manipulate authentication tokens by poisoning cached configuration documents. If exploited, attackers could forge credentials that systems would accept as valid, potentially gaining unauthorized access. This affects organizations using Dapr microservices platform with default OIDC settings.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Configure the jwt-issuer or oidc-allowed-hosts settings in Dapr Sentry to prevent host header manipulation", "Update Dapr to the patched version referenced in the security pull request", "Review logs for suspicious requests containing unexpected X-Forwarded-Host headers", "Disable OIDC server functionality if not actively required"], "origin": {"product": "Dapr Sentry", "vendor": "Dapr", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Dapr is a specialized cloud-native microservices platform with limited deployment in small Texas municipalities and rural utilities, reducing widespread impact despite the serious nature of authentication bypass.", "patch_available": true, "reference_url": "https://github.com/dapr/dapr/pull/10027", "source_date": "2026-07-02T20:17:07.847", "first_seen": "2026-07-02T21:34:34.775050", "seen_at": "2026-07-02T21:34:34.775050"}, {"title": "CVE-2026-34098", "cve": "CVE-2026-34098", "summary": "A vulnerability in the Guardian language-system software allows an authenticated attacker to inject malicious scripts through a web URL parameter. If a user clicks a crafted malicious link, attackers could steal login credentials or perform actions on behalf of that user. This is a medium-severity issue requiring user interaction to exploit.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses Guardian language-system software and identify affected installations", "Contact the vendor for patches or updated versions that address input sanitization in media.php", "Implement web application firewall rules to filter malicious script injection attempts", "Train staff not to click suspicious links, especially from unknown sources"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Medium-severity cross-site scripting requiring authentication and user interaction, with no confirmed active exploitation and unclear deployment in Texas critical infrastructure.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:32.700", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-56350", "cve": "CVE-2026-56350", "summary": "n8n workflow automation software before version 2.8.0 has a security flaw that lets authenticated users bypass Single Sign-On (SSO) protections. This could allow attackers to create local passwords and skip your organization's multi-factor authentication requirements, potentially gaining unauthorized access to automated workflows.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update n8n to version 2.8.0 or later immediately", "Audit user accounts for any unauthorized local credentials created outside SSO", "Review API access logs for suspicious SSO configuration changes", "Enforce network segmentation to limit access to n8n administrative interfaces"], "origin": {"product": "n8n", "vendor": "n8n", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While n8n is used for workflow automation, it requires existing authenticated access to exploit and has limited deployment in small Texas municipalities; the bypass of SSO/MFA controls poses moderate risk to organizations using this specific tool.", "patch_available": true, "reference_url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-vjf3-2gpj-233v", "source_date": "2026-06-30T23:17:30.867", "first_seen": "2026-07-01T15:34:34.687056", "seen_at": "2026-07-01T15:34:34.687056"}, {"title": "CVE-2026-3602", "cve": "CVE-2026-3602", "summary": "IBM App Connect Enterprise and Integration Bus products have a SQL injection vulnerability that could allow attackers to trick users into unknowingly creating files on systems. This affects organizations using IBM integration software for connecting business applications and data flows.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses IBM App Connect Enterprise versions 12.0.1.0-12.0.12.26 or 13.0.1.0-13.0.7.2 and apply IBM patches from the referenced support page", "Train staff to recognize social engineering attempts and suspicious requests", "Restrict access to IBM integration tools to authorized personnel only", "Monitor integration systems for unexpected file creation activity"], "origin": {"product": "App Connect Enterprise, Integration Bus for z/OS", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Medium severity vulnerability in specialized IBM enterprise integration software that requires social engineering to exploit, limiting widespread impact on typical Texas small organizations.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278350", "source_date": "2026-06-30T20:17:29.490", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-11900", "cve": "CVE-2026-11900", "summary": "A WordPress plugin called Ad Inserter has a security flaw that allows users with contributor-level access to view private, draft, and password-protected posts they shouldn't be able to see. This affects websites using this advertising management plugin, potentially exposing confidential content. Organizations using WordPress with this plugin should update immediately.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update Ad Inserter plugin to version 2.8.17 or later immediately", "Audit WordPress user accounts and remove unnecessary contributor-level access", "Review WordPress posts for any unauthorized access or data exposure", "Consider using a web application firewall to add additional protection layer"], "origin": {"product": "Ad Inserter \u2013 Ad Manager & AdSense Ads WordPress Plugin", "vendor": "Ad Inserter", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity vulnerability requiring authenticated access limits widespread exploitation; affects WordPress sites which some Texas local governments and utilities may use for public-facing websites, but does not directly impact operational systems.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/ad-inserter/tags/2.8.13/ad-inserter.php#L10569", "source_date": "2026-07-03T09:16:36.613", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2025-71342", "cve": "CVE-2025-71342", "summary": "A security flaw in picklescan (a tool used to scan Python pickle files for malware) fails to detect certain malicious code hidden in data files. Attackers could hide harmful code in machine learning models that executes when loaded, potentially compromising systems that use PyTorch or similar AI tools. This primarily affects organizations using Python-based machine learning or data science applications.", "score": 35, "impact_score": 30, "sectors": ["Information Technology", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update picklescan to version 0.0.30 or later immediately", "Audit any machine learning models or pickle files from untrusted sources before loading", "Restrict systems that process pickle files to isolated network segments", "Review Python-based applications for pickle file usage and implement additional validation"], "origin": {"product": "picklescan", "vendor": "picklescan", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "While this vulnerability enables remote code execution, it specifically affects Python pickle scanning tools used in machine learning environments, which have limited deployment in small Texas rural infrastructure organizations.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m869-42cg-3xwr", "source_date": "2026-07-04T02:16:21.387", "first_seen": "2026-07-05T00:34:34.603428", "seen_at": "2026-07-05T00:34:34.603428"}, {"title": "CVE-2026-44041", "cve": "CVE-2026-44041", "summary": "UltraVNC remote desktop software versions through 1.8.2.2 has a programming flaw that could allow an attacker to crash the software or potentially read small amounts of sensitive data from memory. This affects organizations using UltraVNC for remote computer access and support. The vulnerability requires unusual conditions to exploit and impact is considered limited.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Inventory all systems running UltraVNC and identify versions 1.8.2.2 or earlier", "Monitor the UltraVNC GitHub repository for security patches and update when available", "Restrict UltraVNC access to trusted internal networks only using firewall rules", "Consider switching to more actively maintained remote access solutions if patches are delayed"], "origin": {"product": "UltraVNC", "vendor": "UltraVNC", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "UltraVNC is used by some small organizations for remote support, but exploitation requires abnormal conditions, impact is limited to crashes or minor information disclosure, and there is no confirmed active exploitation.", "patch_available": false, "reference_url": "https://github.com/ultravnc/UltraVNC", "source_date": "2026-07-01T05:16:21.033", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "CVE-2026-57997", "cve": "CVE-2026-57997", "summary": "A security flaw in Strapi's users-permissions plugin allows attackers who have obtained the secret key to create unauthorized login tokens using non-standard encryption methods. This could let attackers bypass normal authentication and gain unauthorized access to Strapi-powered websites and applications. Organizations using Strapi for their public websites or internal portals should review their configurations.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Explicitly configure the JWT algorithm setting in Strapi to only allow HS256 by setting plugin::users-permissions.jwt.algorithm", "Rotate your jwtSecret immediately if you suspect it may have been compromised", "Update Strapi to the latest version when a patch becomes available", "Audit authentication logs for unusual token activity or unauthorized access attempts"], "origin": {"product": "Strapi Users-Permissions Plugin", "vendor": "Strapi", "first_reported": "2026-06-29", "exploited_by": []}, "score_reason": "Medium severity vulnerability requiring prior knowledge of secret key limits widespread exploitation; affects web applications that some Texas local governments and utilities may use but is not widely deployed in critical operational systems.", "patch_available": false, "reference_url": "https://github.com/strapi/strapi", "source_date": "2026-06-29T22:16:49.350", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-49119", "cve": "CVE-2026-49119", "summary": "Gradio, a web application framework often used for AI/ML demos and internal tools, has a security flaw that lets attackers read any file on the server without logging in. If your organization runs Gradio-based applications, attackers could access sensitive configuration files, credentials, or other private data stored on that system.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Gradio to version 6.16.0 or later immediately", "Audit any Gradio applications for sensitive file exposure", "Restrict network access to Gradio applications using firewalls or VPNs", "Review server logs for suspicious file access attempts"], "origin": {"product": "Gradio", "vendor": "Gradio", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Gradio is a specialized AI/ML framework with limited deployment in typical Texas rural infrastructure; no confirmed active exploitation and does not directly impact lifeline sectors.", "patch_available": true, "reference_url": "https://github.com/gradio-app/gradio/commit/97d541f3d5fd05b2587a69ecc94b68fe5d2d7004", "source_date": "2026-07-01T19:16:52.463", "first_seen": "2026-07-01T20:02:52.970072", "seen_at": "2026-07-01T20:02:52.970072"}, {"title": "CVE-2026-13583", "cve": "CVE-2026-13583", "summary": "A security flaw in Edimax EW-7478APC wireless access point devices allows remote attackers to crash or take control of the device by sending specially crafted requests. This affects network equipment that may be used in small offices or facilities. The vendor has not responded to fix this issue.", "score": 35, "impact_score": 25, "sectors": ["Communications", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Inventory your network for any Edimax EW-7478APC devices running firmware version 1.04", "Isolate affected devices behind firewalls and block external access to the device management interface", "Consider replacing with supported enterprise-grade access points from vendors with active security response", "Monitor network logs for unusual POST requests to /goform/formUSBFolder"], "origin": {"product": "EW-7478APC", "vendor": "Edimax", "first_reported": "2026-06-29", "exploited_by": []}, "score_reason": "While this affects network equipment that could be present in small Texas organizations, Edimax devices have limited deployment in critical infrastructure compared to enterprise-grade equipment, and no active exploitation campaigns are confirmed.", "patch_available": false, "reference_url": "https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formUSBFolder-34b53a41781f80d5b1f8ebce442de53f", "source_date": "2026-06-29T16:16:38.767", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-58457", "cve": "CVE-2026-58457", "summary": "A vulnerability in the Shenzhen Aitemi M300 Wi-Fi Repeater allows attackers on the same network to take complete control of the device without needing a password. This cheap consumer-grade repeater may be used in small offices, clinics, or facilities to extend Wi-Fi coverage, and could be exploited to pivot into your network or disrupt connectivity.", "score": 35, "impact_score": 25, "sectors": ["Communications", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Inventory your network for Aitemi M300 or MT02 Wi-Fi repeaters and disconnect or isolate any found immediately.", "Replace affected devices with enterprise-grade networking equipment from reputable vendors with security update support.", "Segment IoT and network extension devices on separate VLANs away from critical operational systems.", "Monitor network traffic for unusual activity originating from wireless extender devices."], "origin": {"product": "M300 Wi-Fi Repeater (MT02)", "vendor": "Shenzhen Aitemi", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "While this is a critical vulnerability allowing root access, it affects a niche consumer Wi-Fi repeater requiring network-adjacent access, limiting widespread impact on Texas critical infrastructure.", "patch_available": false, "reference_url": "https://github.com/IEATASICS/m300-repeater-bugs#", "source_date": "2026-07-01T20:17:11.427", "first_seen": "2026-07-01T21:34:34.848332", "seen_at": "2026-07-01T21:34:34.848332"}, {"title": "CVE-2026-56780", "cve": "CVE-2026-56780", "summary": "Modoboa, an open-source email hosting platform, has a security flaw that allows domain administrators to change any user's password, including superadmin accounts. This could let attackers with domain admin access take complete control of the email system. Organizations using Modoboa for email services should update immediately.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Modoboa to version 2.9.0 or later immediately", "Review domain administrator accounts and remove unnecessary privileges", "Check audit logs for any unauthorized password changes", "Implement multi-factor authentication for all administrative accounts"], "origin": {"product": "Modoboa", "vendor": "Modoboa", "first_reported": "2026-06-29", "exploited_by": []}, "score_reason": "While this is a serious privilege escalation vulnerability, Modoboa is a specialized open-source email platform with limited deployment in Texas critical infrastructure; it does not affect lifeline sectors and requires existing domain admin access to exploit.", "patch_available": true, "reference_url": "https://github.com/modoboa/modoboa/commit/a1878c4920a6e47c3217c6ff1ed4a8753c202661", "source_date": "2026-06-29T18:16:38.550", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-12920", "cve": "CVE-2026-12920", "summary": "A WordPress plugin used for displaying cookie consent banners has a security flaw that allows attackers with administrator access to extract sensitive information from website databases through SQL injection. This affects the Cookie Banner for GDPR/CCPA plugin versions 4.3.5 and earlier. While admin-level access is required, compromised admin accounts could lead to exposure of user data and website credentials.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update the WPLP Cookie Consent plugin to version 4.3.6 or later immediately", "Audit WordPress admin accounts and remove unnecessary administrator privileges", "Review database logs for unusual queries or unauthorized data access", "Implement web application firewall rules to detect SQL injection attempts"], "origin": {"product": "Cookie Banner for GDPR / CCPA \u2013 WPLP Cookie Consent", "vendor": "FLAVOR", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Requires authenticated administrator access which limits exploitability, but many Texas municipal websites, school districts, and small utility public portals use WordPress with compliance plugins, creating moderate risk for data exposure.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/4.3.5/admin/data-req/class-wpl-data-req-table.php#L322", "source_date": "2026-07-03T02:16:23.343", "first_seen": "2026-07-03T03:34:34.672127", "seen_at": "2026-07-03T03:34:34.672127"}, {"title": "CVE-2026-56365", "cve": "CVE-2026-56365", "summary": "ImageMagick software has a memory leak flaw when processing certain image files (MNG format). An attacker could send specially crafted images to crash systems by exhausting memory, causing service outages. This affects any system using ImageMagick for image processing, including web servers and document management systems.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update ImageMagick to version 7.1.2-19 or later immediately", "Review and restrict what image formats your systems accept, blocking MNG if not needed", "Monitor systems running ImageMagick for unusual memory consumption", "Consider isolating image processing services from critical operational systems"], "origin": {"product": "ImageMagick", "vendor": "ImageMagick", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While ImageMagick is widely used for image processing, this denial-of-service vulnerability requires specific conditions to exploit and has limited direct impact on lifeline sector operations in Texas.", "patch_available": true, "reference_url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj", "source_date": "2026-06-30T23:17:31.527", "first_seen": "2026-07-02T21:34:34.775050", "seen_at": "2026-07-02T21:34:34.775050"}, {"title": "CVE-2019-19576", "cve": "CVE-2019-19576", "summary": "A vulnerability in a PHP file upload component used in some Joomla extensions allows attackers to bypass security filters and upload malicious files that could execute code on web servers. This affects websites using the K2 extension or other products built with the class.upload.php library. Successful exploitation could give attackers control of affected web servers.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update class.upload.php to version 1.0.3 or 2.0.4 or later immediately", "Audit your Joomla installations for the K2 extension and update to the latest patched version", "Review web server logs for suspicious .phar file uploads", "Consider implementing web application firewall rules to block .phar file uploads"], "origin": {"product": "class.upload.php", "vendor": "verot.net", "first_reported": "2019-12-04", "exploited_by": []}, "score_reason": "While this affects web applications that small Texas governments and utilities might use, the vulnerability is from 2019, requires specific vulnerable software, and has limited deployment compared to enterprise systems.", "patch_available": true, "reference_url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html", "source_date": "2019-12-04T18:15:16.353", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-11712", "cve": "CVE-2026-11712", "summary": "IBM WebSphere Application Server has a cross-site scripting (XSS) vulnerability in its administrative console help system. An attacker could potentially inject malicious scripts that execute when administrators access the help feature. This primarily affects organizations using WebSphere versions 8.5 and 9.0 for web application hosting.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Apply IBM's security patch from the referenced support page immediately", "Restrict administrative console access to trusted internal networks only", "Enable content security policy headers to mitigate XSS attacks", "Monitor administrative console access logs for suspicious activity"], "origin": {"product": "WebSphere Application Server", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "XSS in an administrative console requires authenticated access and user interaction, limiting widespread exploitation risk, though some Texas government and healthcare organizations may use WebSphere for internal applications.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278590", "source_date": "2026-06-30T20:17:27.897", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-14130", "cve": "CVE-2026-14130", "summary": "A security flaw in Google Chrome's address bar (Omnibox) allows attackers to create fake websites that appear legitimate, potentially tricking users into entering sensitive information. This affects Chrome browsers that haven't been updated to version 150.0.7871.47 or later. While rated low severity, this could enable phishing attacks against staff at any organization using Chrome.", "score": 35, "impact_score": 40, "sectors": ["Communications", "Emergency Services", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all workstations immediately", "Enable automatic Chrome updates through group policy or device management", "Train staff to verify website authenticity before entering credentials, even when the address bar looks correct", "Consider using browser security extensions that warn about suspicious sites"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is widely deployed across Texas organizations but this is a low-severity UI spoofing issue with no confirmed active exploitation, limiting immediate threat to critical infrastructure.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:24.600", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "Gardyn IoT Hub", "cve": "ICSA-26-183-03", "summary": "The Gardyn IoT Hub, used for automated indoor farming systems, has critical vulnerabilities including hard-coded credentials that could allow attackers to remotely access and control connected devices without authentication. These flaws affect both device firmware and cloud API versions prior to 2.12.2026. While primarily impacting consumer smart garden systems, any agricultural operations using these devices for food production should take immediate action.", "score": 35, "impact_score": 25, "sectors": ["Food and Agriculture"], "source": "CISA ICS Advisory", "remediation": ["Update Cloud API to version 2.12.2026 or later immediately", "Contact Gardyn for firmware updates for Home and Studio devices", "Isolate Gardyn IoT Hub devices on a separate network segment from critical systems", "Monitor network traffic for unauthorized access attempts to Gardyn devices"], "origin": {"product": "Gardyn IoT Hub", "vendor": "Gardyn", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "While rated critical (CVSS 10) and affecting Food and Agriculture sector, Gardyn IoT Hubs are consumer-grade indoor farming devices with limited deployment in Texas critical infrastructure operations compared to industrial agricultural systems.", "patch_available": true, "reference_url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03", "source_date": "Thu, 02 Jul 26 12:00:00 +0000", "first_seen": "2026-07-02T17:02:53.033598", "seen_at": "2026-07-02T17:02:53.033598"}, {"title": "CVE-2026-13562", "cve": "CVE-2026-13562", "summary": "A security flaw in Edimax EW-7478APC wireless access points (version 1.04) allows remote attackers to cause a buffer overflow by sending specially crafted web requests. This could let attackers crash the device or potentially take control of it. The vendor has not responded to fix requests, and exploit code is publicly available.", "score": 35, "impact_score": 25, "sectors": ["Communications", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Identify any Edimax EW-7478APC devices on your network and consider replacing with supported equipment", "Restrict administrative access to the device's web interface to trusted internal networks only", "Place affected devices behind a firewall and block external access to port 80/443", "Monitor network traffic for unusual activity targeting these devices until replacement"], "origin": {"product": "EW-7478APC", "vendor": "Edimax", "first_reported": "2026-06-29", "exploited_by": ["Public exploit available"]}, "score_reason": "While this affects a communications device and exploit code is public, Edimax access points have limited deployment in Texas critical infrastructure compared to enterprise-grade equipment, reducing overall threat level.", "patch_available": false, "reference_url": "https://lavender-bicycle-a5a.notion.site/EDIMAX-EW-7478APC-formiNICSiteSurvey-34b53a41781f8053af98c2127c476d66?pvs=73", "source_date": "2026-06-29T12:16:28.233", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-14120", "cve": "CVE-2026-14120", "summary": "A vulnerability in Google Chrome's DevTools allows attackers who have already compromised the browser to potentially escape security restrictions using a malicious webpage. This requires multiple steps to exploit and is rated low severity by Google. Users should update Chrome to version 150.0.7871.47 or later.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Emergency Services", "Water and Wastewater Systems", "Energy"], "source": "NVD (Critical)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all workstations", "Enable automatic Chrome updates through enterprise policy or device management", "Remind staff to restart Chrome when update notifications appear", "Consider restricting DevTools access for non-technical users via Chrome policies"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While Chrome is widely used across Texas organizations, this vulnerability requires prior compromise of the browser renderer and is rated low severity, limiting immediate threat to critical infrastructure.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:23.730", "first_seen": "2026-07-02T14:02:53.142152", "seen_at": "2026-07-02T14:02:53.142152"}, {"title": "CVE-2025-71367", "cve": "CVE-2025-71367", "summary": "A security flaw in picklescan (a Python library used to scan pickle files for malicious content) allows attackers to bypass its security checks and execute malicious code. If your organization uses Python applications that process pickle files and relies on picklescan for protection, attackers could slip past the scanner and run harmful code on your systems.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (High)", "remediation": ["Update picklescan to version 0.0.34 or later immediately if your organization uses this library", "Review any Python applications that process pickle files from external sources", "Contact your software vendors to confirm they have updated their picklescan dependencies", "Avoid processing pickle files from untrusted sources until patches are applied"], "origin": {"product": "picklescan", "vendor": "picklescan", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "This vulnerability affects a specialized Python security library with limited deployment in typical small Texas organizations; most rural utilities and local governments do not directly use picklescan in their operations.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-46h3-79wf-xr6c", "source_date": "2026-07-04T02:16:22.833", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2025-71364", "cve": "CVE-2025-71364", "summary": "A security flaw in picklescan (a Python tool that scans for malicious pickle files) allows attackers to bypass detection and run harmful code on systems. If your organization uses Python-based data science or machine learning tools that rely on pickle files, malicious files could execute unauthorized commands. This primarily affects IT systems running data processing or AI/ML workloads.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health"], "source": "NVD (High)", "remediation": ["Update picklescan to version 0.0.30 or later immediately", "Avoid loading pickle files from untrusted or unknown sources", "Review any Python-based data processing systems for picklescan usage", "Consider alternative serialization formats like JSON for untrusted data"], "origin": {"product": "picklescan", "vendor": "mmaitre314", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "This vulnerability affects a specialized Python security scanning tool with limited deployment in typical small Texas municipal operations, though organizations using ML/AI data tools could be at risk.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-q77w-mwjj-7mqx", "source_date": "2026-07-04T02:16:22.583", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-8489", "cve": "CVE-2026-8489", "summary": "A vulnerability in the Ultimate Member WordPress plugin allows users with basic accounts to inject malicious code into web pages. When other users view affected pages, the malicious code runs in their browser, potentially stealing login credentials or performing unauthorized actions. This affects WordPress sites using the plugin for user registration and membership features.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update Ultimate Member plugin to version 2.11.5 or later immediately", "Review user accounts for suspicious subscriber-level registrations", "Audit recent changes to user profile 'about me' fields for malicious scripts", "Consider temporarily disabling public registration if update cannot be applied quickly"], "origin": {"product": "Ultimate Member WordPress Plugin", "vendor": "Ultimate Member", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "While many small Texas organizations use WordPress for public websites, this requires authenticated access to exploit and is a medium-severity stored XSS rather than remote code execution, limiting immediate critical infrastructure impact.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.11.2/includes/core/class-fields.php#L4577", "source_date": "2026-07-03T06:16:22.670", "first_seen": "2026-07-03T06:34:34.663202", "seen_at": "2026-07-03T06:34:34.663202"}, {"title": "CVE-2026-58593", "cve": "CVE-2026-58593", "summary": "A vulnerability in NodeBB forum software allows remote attackers to forge posts and private messages that appear to come from any local user, including administrators. This requires the ActivityPub/federation feature to be enabled. An attacker could impersonate trusted accounts to spread misinformation or conduct social engineering attacks.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (High)", "remediation": ["Disable ActivityPub/federation features in NodeBB if not actively needed", "Update NodeBB to the latest patched version when available", "Audit recent posts and private messages for signs of impersonation or unauthorized content", "Implement network-level restrictions on inbound federation requests to trusted sources only"], "origin": {"product": "NodeBB", "vendor": "NodeBB", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "NodeBB is specialized forum software with limited deployment in Texas critical infrastructure; exploitation requires federation features to be enabled, reducing widespread impact on lifeline sectors.", "patch_available": false, "reference_url": "https://github.com/NodeBB/NodeBB/blob/v4.13.2/src/activitypub/mocks.js", "source_date": "2026-07-01T20:17:11.750", "first_seen": "2026-07-01T21:34:34.848332", "seen_at": "2026-07-01T21:34:34.848332"}, {"title": "CVE-2026-12729", "cve": "CVE-2026-12729", "summary": "A WordPress documentation plugin (weDocs) has a security flaw allowing any logged-in user, even with minimal permissions, to manipulate website content, change site settings, and disable other plugins. This could let attackers deface public-facing documentation pages or disrupt websites that use this plugin for knowledge bases or help documentation.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update the weDocs plugin to version 2.3.1 or later immediately if installed on any organizational WordPress site", "Audit WordPress user accounts and remove unnecessary subscriber-level accounts", "Review WordPress site for unauthorized content changes or deactivated plugins", "Consider using a web application firewall to block malicious AJAX requests"], "origin": {"product": "weDocs AI Powered Knowledge Base plugin for WordPress", "vendor": "weDevs", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity WordPress plugin vulnerability affecting authenticated users only; limited deployment in critical infrastructure but could impact municipal websites, clinic patient portals, or utility documentation systems.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/wedocs/tags/2.3.0/includes/Admin/Migrate.php#L183", "source_date": "2026-07-03T02:16:22.740", "first_seen": "2026-07-03T03:34:34.672127", "seen_at": "2026-07-03T03:34:34.672127"}, {"title": "CVE-2026-14606", "cve": "CVE-2026-14606", "summary": "A security flaw in RT-Thread real-time operating system (versions up to 5.0.2) allows attackers with local access to cause a buffer overflow in the CAN bus communication handler. This affects embedded devices and industrial controllers using this specific firmware component. The exploit code is publicly available, but requires physical or local access to the device.", "score": 35, "impact_score": 25, "sectors": ["Critical Manufacturing", "Water and Wastewater Systems", "Energy", "Transportation"], "source": "NVD (High)", "remediation": ["Inventory any embedded devices or controllers running RT-Thread firmware and identify affected versions", "Restrict physical and local network access to industrial control systems and embedded devices", "Monitor RT-Thread project for updated firmware releases and apply patches when available", "Implement network segmentation to isolate CAN bus and industrial control networks from general IT networks"], "origin": {"product": "RT-Thread RTOS (SWM341 CAN Handler)", "vendor": "RT-Thread", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "While this affects embedded industrial systems that may be used in Texas infrastructure, the local-access-only requirement significantly limits remote exploitation risk, and RT-Thread with SWM341 chips has limited deployment in typical Texas municipal systems.", "patch_available": false, "reference_url": "https://github.com/RT-Thread/rt-thread/", "source_date": "2026-07-03T20:16:52.237", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-12085", "cve": "CVE-2026-12085", "summary": "IBM UrbanCode Deploy and DevOps Deploy software has a vulnerability that could expose sensitive configuration data and secrets to logged-in users through API responses. This information disclosure could help attackers plan further attacks against affected systems. Organizations using these IBM deployment tools should apply available patches promptly.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health", "Energy", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses IBM UrbanCode Deploy or DevOps Deploy and identify installed versions", "Apply IBM security updates from the referenced support page immediately", "Review API access logs for any suspicious data access by authenticated users", "Rotate any secrets or credentials that may have been exposed through the vulnerable API"], "origin": {"product": "UrbanCode Deploy / DevOps Deploy", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Medium severity information disclosure requiring authentication limits immediate risk, but IBM deployment tools may be used by larger Texas municipal IT departments and utilities for software management.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277577", "source_date": "2026-06-30T20:17:28.547", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "PTC Windchill and FlexPLM Improper Input Validation Vulnerability", "cve": "CVE-2026-12569", "summary": "PTC Windchill and FlexPLM software has a critical security flaw that allows attackers to remotely execute malicious code without needing login credentials. This product lifecycle management software is primarily used in manufacturing and engineering environments. Organizations using these systems should take immediate action as this vulnerability is being actively exploited.", "score": 35, "impact_score": 30, "sectors": ["Critical Manufacturing", "Information Technology"], "source": "CISA KEV", "remediation": ["Contact PTC immediately to obtain and apply the latest security patches for Windchill and FlexPLM", "Isolate affected systems from internet access until patches are applied", "Review network logs for unusual requests or unauthorized access attempts to these systems", "If no patch is available, discontinue use or implement strict network segmentation"], "origin": {"product": "Windchill and FlexPLM", "vendor": "PTC", "first_reported": "2026-06-25", "exploited_by": []}, "score_reason": "While this is a serious actively-exploited vulnerability, PTC Windchill and FlexPLM are specialized product lifecycle management tools not commonly deployed in small Texas municipalities, rural utilities, or the four lifeline sectors.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2026-06-25", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-9002", "cve": "CVE-2026-9002", "summary": "IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 have a vulnerability that could allow an attacker on the same network to crash the application server by sending specially crafted messages. This denial of service attack requires the attacker to already have access to your internal network. Organizations using this IBM middleware for caching or data grid services could experience application outages.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses IBM WebSphere Extreme Scale versions 8.6.1.0-8.6.1.6 and consult IBM support page for patches", "Apply vendor patches when available from IBM support node 7278346", "Implement network segmentation to limit which systems can communicate with WebSphere servers", "Monitor application servers for unexpected crashes or memory errors"], "origin": {"product": "WebSphere Extreme Scale", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This is a network-adjacent denial of service vulnerability requiring local network access, affecting specialized IBM middleware not commonly deployed in small Texas municipalities, with no confirmed active exploitation.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278346", "source_date": "2026-06-30T20:17:32.040", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-9106", "cve": "CVE-2026-9106", "summary": "A security flaw in GitHub Enterprise Server allows malicious OAuth applications to secretly gain access to manage your organization's automated runners without showing this permission during authorization. If staff click approve on what looks like a harmless app request, attackers could control your CI/CD automation systems. This affects self-hosted GitHub Enterprise installations prior to version 3.22.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update GitHub Enterprise Server to patched versions (3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, or 3.16.20) immediately", "Review and audit all existing OAuth application authorizations in your GitHub organization", "Train staff to be cautious when authorizing third-party applications and verify requested permissions", "Enable logging and monitoring for OAuth application activity and runner management changes"], "origin": {"product": "GitHub Enterprise Server", "vendor": "GitHub", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this affects organizations using self-hosted GitHub Enterprise Server for code management, deployment in small Texas rural utilities and local governments is limited, and no active exploitation has been reported.", "patch_available": true, "reference_url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.20", "source_date": "2026-06-30T21:16:30.803", "first_seen": "2026-07-02T17:02:53.033598", "seen_at": "2026-07-02T17:02:53.033598"}, {"title": "CVE-2026-9836", "cve": "CVE-2026-9836", "summary": "IBM InfoSphere Information Server has a security flaw that could allow unauthorized access to sensitive information. This data integration platform is used by some larger organizations for managing and processing data. Organizations using this IBM software should apply updates to prevent potential data exposure.", "score": 35, "impact_score": 30, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health"], "source": "NVD (High)", "remediation": ["Check if your organization uses IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6", "Visit IBM's support page and apply the latest security patches immediately", "Review system logs for any unusual data access patterns", "Restrict network access to InfoSphere servers to authorized personnel only"], "origin": {"product": "InfoSphere Information Server", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Information disclosure vulnerability in enterprise data management software has moderate impact; not widely deployed in small Texas rural organizations and does not affect lifeline sectors directly.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278188", "source_date": "2026-06-30T20:17:32.183", "first_seen": "2026-07-02T20:02:53.211356", "seen_at": "2026-07-02T20:02:53.211356"}, {"title": "CVE-2026-55945", "cve": "CVE-2026-55945", "summary": "A security flaw in Microsoft Edge browser could allow someone with local access to your computer to view sensitive information they shouldn't see. This affects the Chromium-based version of Edge that most organizations use. The risk requires an attacker to already have some access to your system.", "score": 35, "impact_score": 40, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy", "Emergency Services", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge to the latest version through Windows Update or Edge's built-in update feature", "Enable automatic browser updates in your organization's Group Policy settings", "Restrict local user access to only authorized personnel who need it", "Monitor Microsoft Security Response Center for patch announcements"], "origin": {"product": "Microsoft Edge (Chromium-based)", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity local information disclosure in a widely-used browser affects many Texas organizations, but requires local access and authorized user status, limiting real-world exploit scenarios.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55945", "source_date": "2026-07-03T21:17:00.550", "first_seen": "2026-07-05T06:34:34.571906", "seen_at": "2026-07-05T06:34:34.571906"}, {"title": "CVE-2026-56233", "cve": "CVE-2026-56233", "summary": "Capgo, a mobile app update platform, has a security flaw before version 12.128.2 that lets attackers with build access bypass restrictions and gain administrator-level control of the server. This could allow malicious actors to compromise app update systems and potentially push harmful updates to mobile applications.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (High)", "remediation": ["Update Capgo to version 12.128.2 or later immediately", "Audit build user accounts and remove unnecessary build permissions", "Review server logs for suspicious upload activity or path traversal attempts", "Contact your mobile app development vendor to confirm they have patched if using managed services"], "origin": {"product": "Capgo", "vendor": "Cap-go", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this is a serious privilege escalation vulnerability, Capgo is a specialized mobile app development tool with limited deployment in Texas critical infrastructure; requires authenticated access to exploit.", "patch_available": true, "reference_url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-qprp-873h-mx6f", "source_date": "2026-06-30T23:17:28.980", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-9132", "cve": "CVE-2026-9132", "summary": "A security flaw in GitHub Enterprise Server allows logged-in users to read private source code they shouldn't have access to. An attacker with any valid account on the system could view confidential code from other repositories. Organizations using on-premise GitHub Enterprise Server should update immediately to protect proprietary code and sensitive information.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Information Technology", "Healthcare and Public Health"], "source": "NVD (Medium)", "remediation": ["Update GitHub Enterprise Server to patched versions: 3.17.17, 3.18.11, 3.19.8, or 3.20.4 immediately", "Audit repository access logs for any unauthorized cross-repository access attempts", "Review which users have accounts and remove any unnecessary access", "Consider temporarily disabling Copilot features until patching is complete"], "origin": {"product": "GitHub Enterprise Server", "vendor": "GitHub", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this affects code repositories that may contain sensitive government or healthcare data, GitHub Enterprise Server has limited deployment in small Texas municipalities and is not a lifeline sector system with no confirmed active exploitation.", "patch_available": true, "reference_url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.17-features", "source_date": "2026-06-30T21:16:30.960", "first_seen": "2026-07-02T17:02:53.033598", "seen_at": "2026-07-02T17:02:53.033598"}, {"title": "CVE-2026-13751", "cve": "CVE-2026-13751", "summary": "A security flaw in Snowflake CLI (a cloud data platform tool) before version 3.19 could allow attackers to trick the software into making unauthorized network requests or executing malicious SQL commands. This requires an attacker to get a user to process specially crafted content. Organizations using Snowflake for data analytics or reporting should update immediately.", "score": 35, "impact_score": 30, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (Critical)", "remediation": ["Update Snowflake CLI to version 3.19 or later immediately", "Enable the new option to disable remote URL retrieval in Snowflake CLI settings", "Review and restrict which users have access to execute SQL commands via Snowflake CLI", "Train staff to only process SQL files from trusted, verified sources"], "origin": {"product": "Snowflake CLI", "vendor": "Snowflake", "first_reported": "2026-06-29", "exploited_by": []}, "score_reason": "While Snowflake is used by some Texas organizations for cloud data analytics, this vulnerability requires user interaction with malicious content and is limited to IT environments rather than operational technology controlling critical infrastructure.", "patch_available": true, "reference_url": "https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory", "source_date": "2026-06-29T17:16:30.050", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-4804", "cve": "CVE-2026-4804", "summary": "The Zakra theme for WordPress has a security flaw that allows users with contributor-level access to inject malicious code into website pages. This affects websites using Zakra theme version 4.2.0 or earlier, potentially allowing attackers to steal information or redirect visitors to malicious sites.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update the Zakra WordPress theme to version 4.2.1 or later immediately", "Audit contributor and author user accounts and remove unnecessary access", "Review website pages for any suspicious injected scripts or unexpected content", "Consider implementing a web application firewall to detect XSS attempts"], "origin": {"product": "Zakra WordPress Theme", "vendor": "ThemeGrill", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity affecting WordPress sites with a specific theme; requires authenticated contributor access which limits exploitation scope, but could impact public-facing government and utility websites across Texas communities.", "patch_available": true, "reference_url": "https://themes.trac.wordpress.org/changeset?reponame=&new=330192%40zakra%2F4.2.1&old=297420%40zakra%2F4.2.0#file39", "source_date": "2026-07-03T09:16:37.520", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-34105", "cve": "CVE-2026-34105", "summary": "Guardian language-system software has a security flaw where attackers who have login access can steal database information through the translate_text.php page. This could expose sensitive data stored in the system including usernames, passwords, and other confidential records.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Check if your organization uses Guardian language-system software and identify affected installations", "Contact the vendor for a patched version or apply any available security updates", "Restrict network access to the translate_text.php page and review database user permissions", "Monitor database logs for unusual query patterns indicating exploitation attempts"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "While SQL injection is serious, this requires authentication to exploit and Guardian language-system is not widely deployed in Texas critical infrastructure; no confirmed active exploitation reported.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:33.537", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-10089", "cve": "CVE-2026-10089", "summary": "A vulnerability in the Insert Pages plugin for WordPress allows attackers with author-level access to inject malicious scripts into web pages. When visitors view affected pages, the malicious code runs in their browsers, potentially stealing information or redirecting users. This affects WordPress sites using the Insert Pages plugin version 3.11.4 and earlier.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update the Insert Pages WordPress plugin to version 3.11.5 or later when available", "Audit user accounts with author-level access or higher and remove unnecessary privileges", "Review WordPress sites for suspicious custom field key names containing script tags", "Consider disabling the Insert Pages plugin until a patch is released if not essential"], "origin": {"product": "Insert Pages WordPress Plugin", "vendor": "Insert Pages", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Medium severity WordPress plugin vulnerability requiring authenticated author-level access limits widespread exploitation, but many small Texas municipalities and districts use WordPress for public-facing websites.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/insert-pages/tags/3.11.3/insert-pages.php#L1771", "source_date": "2026-07-02T06:16:12.680", "first_seen": "2026-07-02T06:34:34.623151", "seen_at": "2026-07-02T06:34:34.623151"}, {"title": "CVE-2026-34102", "cve": "CVE-2026-34102", "summary": "The Guardian language-system software has a security flaw that allows attackers who have login access to steal database information through a technique called SQL injection. This could expose sensitive data stored in the system including user credentials and operational information. Organizations using this software should apply fixes immediately.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Contact the Guardian language-system vendor immediately for a patched version or security guidance", "Restrict network access to job_info_get.php to only trusted internal users", "Monitor database logs for unusual query patterns or error messages indicating exploitation attempts", "Implement web application firewall rules to block SQL injection patterns in the id parameter"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "This affects a niche language-system product with limited deployment in Texas critical infrastructure, requires authentication to exploit, and there is no evidence of active exploitation against Texas organizations.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:33.180", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-14614", "cve": "CVE-2026-14614", "summary": "A security flaw in Keycloak identity management software allows administrators with limited permissions to manipulate hidden client scopes they shouldn't access. This could let attackers inject unauthorized permissions into security tokens, potentially gaining elevated access to connected applications. Organizations using Keycloak for single sign-on or identity management should review their configurations.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses Keycloak with Fine-Grained Admin Permissions v2 enabled", "Review and audit all delegated administrator accounts and their assigned permissions", "Apply vendor patches when available from Red Hat or Keycloak project", "Consider temporarily disabling FGAP v2 if not essential until patched"], "origin": {"product": "Keycloak", "vendor": "Red Hat", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity vulnerability in identity management software that requires existing admin access to exploit, with no confirmed active exploitation and limited deployment in small Texas organizations.", "patch_available": false, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-14614", "source_date": "2026-07-03T16:16:55.650", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-34101", "cve": "CVE-2026-34101", "summary": "Guardian language-system software has a security flaw where attackers who have login access can steal database contents through a SQL injection vulnerability in the text_file.php page. This could expose sensitive records, user credentials, and other confidential information stored in the system's database.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Check if your organization uses Guardian language-system software and identify all installations", "Contact the vendor for a patched version or apply any available security updates immediately", "If no patch exists, restrict access to text_file.php or implement web application firewall rules to block SQL injection attempts", "Review database logs for unusual queries and consider changing database credentials as a precaution"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Moderate risk as it requires authentication to exploit and Guardian language-system is not widely deployed in Texas critical infrastructure, though any organization using it faces database compromise risk.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:33.067", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-14624", "cve": "CVE-2026-14624", "summary": "A vulnerability in the OMEC Project AMF (Access and Mobility Management Function) software allows remote attackers to crash the system through a denial of service attack. This affects versions up to 2.0.2 and 2.1.1 of the open-source 5G core network component. The exploit code is publicly available, making attacks more likely.", "score": 35, "impact_score": 25, "sectors": ["Communications"], "source": "NVD (Medium)", "remediation": ["Apply the vendor patch (commit 34bc6724acc97dba1f8691e586da95b042cb612d) immediately if running OMEC AMF", "Update to patched versions when officially released", "Monitor network traffic for unusual NGSetupRequest messages targeting the AMF component", "Contact your 5G infrastructure vendor to confirm patch status if using managed services"], "origin": {"product": "AMF (Access and Mobility Management Function)", "vendor": "OMEC Project", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "While this affects Communications sector infrastructure (5G core networks), OMEC AMF is specialized open-source 5G software unlikely to be widely deployed in small Texas rural organizations, though larger telecom providers could be affected.", "patch_available": true, "reference_url": "https://github.com/omec-project/amf/", "source_date": "2026-07-04T11:16:47.613", "first_seen": "2026-07-05T17:02:53.096642", "seen_at": "2026-07-05T17:02:53.096642"}, {"title": "CVE-2026-9180", "cve": "CVE-2026-9180", "summary": "The MotoPress Appointment Booking plugin for WordPress has a security flaw that lets attackers access and modify booking information without logging in. Attackers can change customer names, emails, and phone numbers on pending appointments, and can also view existing booking details. This affects organizations using WordPress websites with this appointment scheduling plugin.", "score": 35, "impact_score": 25, "sectors": ["Healthcare and Public Health", "Government Facilities"], "source": "NVD (Medium)", "remediation": ["Update MotoPress Appointment Booking plugin to version 2.4.5 or later immediately", "Review recent booking records for any unauthorized changes to customer information", "Temporarily disable the plugin if an update is not yet available", "Consider adding web application firewall rules to block unauthorized REST API access"], "origin": {"product": "Appointment Booking", "vendor": "MotoPress", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "This is a medium-severity WordPress plugin vulnerability affecting appointment booking systems, which could impact clinics and government offices using this plugin for scheduling, but does not affect core lifeline infrastructure systems.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/motopress-appointment-lite/tags/2.4.3/includes/rest/controllers/motopress/appointment/v1/BookingsRestController.php#L30", "source_date": "2026-07-03T06:16:22.973", "first_seen": "2026-07-03T06:34:34.663202", "seen_at": "2026-07-03T06:34:34.663202"}, {"title": "CVE-2026-14642", "cve": "CVE-2026-14642", "summary": "A SQL injection vulnerability exists in SourceCodester Class and Exam Timetabling System version 1.0, allowing remote attackers to manipulate database queries through the edit_class2.php file. This could let attackers access, modify, or delete sensitive student and scheduling data. The exploit code is publicly available, increasing the risk of attacks.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Information Technology"], "source": "NVD (High)", "remediation": ["Immediately restrict access to the affected application from the public internet using firewall rules", "Contact SourceCodester for an updated version or patch", "Implement web application firewall rules to filter SQL injection attempts", "Review database logs for signs of unauthorized access or exploitation"], "origin": {"product": "Class and Exam Timetabling System", "vendor": "SourceCodester", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "While this affects school scheduling software that Texas school districts might use, SourceCodester products have limited deployment in Texas critical infrastructure and this does not impact lifeline sectors.", "patch_available": false, "reference_url": "https://github.com/sunjingyuan123/ccvvee/issues/1", "source_date": "2026-07-04T19:16:53.483", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-13449", "cve": "CVE-2026-13449", "summary": "IBM Business Automation Manager Open Editions versions 9.0.0 through 9.4.2 has a security flaw that could let attackers read sensitive files or crash systems by sending specially crafted XML data. This affects organizations using IBM's business process automation software for workflow management and decision-making applications.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (High)", "remediation": ["Check if your organization uses IBM Business Automation Manager Open Editions versions 9.0.0 through 9.4.2 and contact your IT vendor if uncertain", "Apply the security update from IBM's support page (reference URL provided) as soon as possible", "Restrict network access to the affected application to trusted users only", "Monitor system logs for unusual XML processing activity or memory consumption spikes"], "origin": {"product": "Business Automation Manager Open Editions", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This vulnerability affects specialized IBM enterprise software that is less commonly deployed in small Texas municipalities and rural utilities, limiting widespread impact to critical infrastructure.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278532", "source_date": "2026-06-30T20:17:28.820", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-48307", "cve": "CVE-2026-48307", "summary": "Adobe ColdFusion web application software has a security flaw that allows attackers to inject malicious code into web pages. If a staff member clicks a malicious link while logged in, attackers could potentially take actions as that user or steal sensitive information. This requires user interaction to exploit.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (High)", "remediation": ["Update Adobe ColdFusion to versions newer than 2025.9 or 2023.20 as soon as patches are available", "Train staff to avoid clicking suspicious links in emails or messages", "Implement web application firewalls to help filter malicious requests", "Review ColdFusion server logs for suspicious activity"], "origin": {"product": "ColdFusion", "vendor": "Adobe", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "ColdFusion is used by some Texas government and healthcare organizations for web applications, but exploitation requires user interaction and no active exploitation is currently reported.", "patch_available": true, "reference_url": "https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html", "source_date": "2026-06-30T16:16:54.987", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-56399", "cve": "CVE-2026-56399", "summary": "Open WebUI, a web-based interface tool, has a security flaw that allows logged-in attackers to bypass protections and access internal network services. This could let attackers reach systems that should be private and potentially run unauthorized commands. Organizations using Open WebUI for AI or chatbot interfaces should update immediately.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update Open WebUI to version 0.6.27 or later immediately", "Review network logs for unusual outbound requests from Open WebUI servers", "Restrict Open WebUI server access to internal networks only using firewall rules", "Audit user accounts with Open WebUI access and remove unnecessary privileges"], "origin": {"product": "Open WebUI", "vendor": "Open WebUI", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Open WebUI is a specialized AI interface tool with limited deployment in Texas critical infrastructure; the vulnerability requires authentication which reduces risk, and there is no confirmed active exploitation.", "patch_available": true, "reference_url": "https://github.com/open-webui/open-webui/commit/02238d3113e966c353fce18f1b65117380896774", "source_date": "2026-06-30T23:17:31.897", "first_seen": "2026-07-01T15:34:34.687056", "seen_at": "2026-07-01T15:34:34.687056"}, {"title": "CVE-2026-9725", "cve": "CVE-2026-9725", "summary": "A WordPress plugin used for web-to-print product design has a critical security flaw that allows unauthenticated attackers to delete any files on the server. This could let attackers take complete control of affected websites. Small organizations using WooCommerce with this printing plugin should update or remove it immediately.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Update the Printcart Web to Print Product Designer plugin to version 2.5.3 or later immediately", "If update is unavailable, deactivate and remove the plugin until patched", "Review server logs for suspicious file deletion activity or unauthorized access", "Implement web application firewall rules to block path traversal attempts"], "origin": {"product": "Printcart Web to Print Product Designer for WooCommerce", "vendor": "Suspended/Unknown", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "While this is a critical vulnerability allowing remote code execution, it affects a niche WordPress e-commerce plugin not widely deployed in Texas critical infrastructure sectors like water utilities or energy providers.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/printcart-integration/tags/2.4.8/includes/class.nbdesigner.php#L214", "source_date": "2026-07-03T06:16:23.263", "first_seen": "2026-07-03T06:34:34.663202", "seen_at": "2026-07-03T06:34:34.663202"}, {"title": "CVE-2026-13568", "cve": "CVE-2026-13568", "summary": "A security flaw in SourceCodester Inventory Management System allows attackers to remotely manipulate user roles during registration, potentially gaining unauthorized administrative access. The exploit code is publicly available, making attacks more likely. Organizations using this inventory software should take immediate action.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Immediately disable or restrict access to /api/users_handler.php if not essential", "Implement network-level access controls to limit who can reach the registration endpoint", "Monitor user accounts for unauthorized role changes or new admin accounts", "Contact vendor for patches or consider migrating to a more secure inventory system"], "origin": {"product": "Inventory Management System 1.0", "vendor": "SourceCodester", "first_reported": "2026-06-29", "exploited_by": ["Unknown public exploit"]}, "score_reason": "While the exploit is public and allows remote access control bypass, SourceCodester Inventory Management System has limited deployment in Texas critical infrastructure, primarily affecting smaller organizations that may use open-source inventory tools.", "patch_available": false, "reference_url": "https://vuldb.com/cve/CVE-2026-13568", "source_date": "2026-06-29T14:16:47.313", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-14156", "cve": "CVE-2026-14156", "summary": "A security flaw in Google Chrome's StorageAccessAPI could allow attackers to bypass browser security protections if they've already compromised part of your browser. This requires visiting a malicious webpage and is rated low severity by Google. Update Chrome to version 150.0.7871.47 or later on all computers.", "score": 35, "impact_score": 40, "sectors": ["Communications", "Critical Manufacturing", "Emergency Services", "Energy", "Financial Services", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all workstations", "Enable automatic Chrome updates through group policy or device management", "Train staff to close suspicious browser tabs and report unusual browser behavior", "Consider using browser isolation for staff accessing sensitive systems"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While Chrome is widely used across Texas organizations, this vulnerability requires prior renderer compromise, is rated low severity, and has no confirmed active exploitation, limiting immediate threat.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:26.907", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "CVE-2026-14131", "cve": "CVE-2026-14131", "summary": "A vulnerability in Google Chrome allows attackers who have already compromised your browser to display fake or misleading screens that could trick users into taking harmful actions. This requires the attacker to first compromise the browser through another method, making it a secondary concern. Update Chrome on all computers to version 150.0.7871.47 or later.", "score": 35, "impact_score": 40, "sectors": ["Government Facilities", "Healthcare and Public Health", "Education", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all workstations", "Enable automatic Chrome updates through group policy or management tools", "Train staff to verify website URLs and be cautious of unexpected login prompts or permission requests", "Consider using browser isolation for sensitive administrative tasks"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Low severity UI spoofing issue in Chrome requiring prior renderer compromise limits immediate threat, but Chrome is universally deployed across Texas public sector organizations for daily operations.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:24.680", "first_seen": "2026-07-01T17:02:53.130325", "seen_at": "2026-07-01T17:02:53.130325"}, {"title": "CVE-2026-14613", "cve": "CVE-2026-14613", "summary": "A security flaw in Keycloak's administrative interface allows restricted administrators to view information about groups they shouldn't have access to when Fine-Grained Admin Permissions are enabled. This could expose sensitive internal group names and configuration details to unauthorized admin users. The vulnerability affects organizations using Keycloak for identity and access management.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses Keycloak with Fine-Grained Admin Permissions (FGAP v2) enabled", "Monitor Red Hat security advisories for patches and apply updates when available", "Review administrator access levels and limit the number of users with administrative privileges", "Audit group configurations to ensure sensitive information is not stored in group attributes"], "origin": {"product": "Keycloak", "vendor": "Red Hat", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity information disclosure affecting Keycloak identity management systems, limited to organizations using the newer Fine-Grained Admin Permissions feature with restricted administrator accounts.", "patch_available": false, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-14613", "source_date": "2026-07-03T16:16:55.527", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2026-14648", "cve": "CVE-2026-14648", "summary": "A SQL injection vulnerability exists in the code-projects Online Voting System software that could allow attackers to bypass login authentication remotely. This affects the login page where administrator credentials are entered, potentially giving unauthorized access to voting system data. Public exploit code is available, making this easy for attackers to use.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities"], "source": "NVD (High)", "remediation": ["Immediately audit whether any online voting or election systems use code-projects software and take offline if found", "Implement web application firewall rules to block SQL injection attempts on authentication pages", "Contact your election system vendor to confirm they do not use this vulnerable component", "Review all administrative access logs for suspicious login attempts"], "origin": {"product": "Online Voting System", "vendor": "code-projects", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "While this affects government election-related software, code-projects Online Voting System is an educational/demo application with limited deployment in actual Texas government infrastructure, though the public exploit availability increases risk.", "patch_available": false, "reference_url": "https://code-projects.org/", "source_date": "2026-07-04T20:16:54.780", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-10513", "cve": "CVE-2026-10513", "summary": "A security flaw in the Webmention WordPress plugin (versions 5.8.0 and earlier) allows attackers to inject malicious code through comment metadata without needing to log in. When an administrator or moderator views the affected comment in the edit screen, the malicious script runs in their browser, potentially compromising the website.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (High)", "remediation": ["Update the Webmention plugin to version 5.8.1 or later if available, or deactivate and remove the plugin until patched.", "Review WordPress admin accounts for any suspicious activity or unauthorized changes.", "Limit the number of users with administrator or moderator privileges to reduce exposure.", "Consider using a web application firewall to filter malicious requests targeting WordPress plugins."], "origin": {"product": "Webmention WordPress Plugin", "vendor": "Webmention", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This WordPress plugin vulnerability affects a niche plugin not widely deployed in critical infrastructure, requires administrator interaction to trigger, and has no confirmed active exploitation, limiting immediate threat to Texas organizations.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/webmention/tags/5.7.0/includes/handler/class-mf2.php#L129", "source_date": "2026-06-30T19:16:26.473", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-10585", "cve": "CVE-2026-10585", "summary": "A security flaw in GitHub Enterprise Server allows an authenticated attacker to inject malicious code into Discussion titles, potentially stealing credentials or performing actions as other users viewing those discussions. This affects organizations running their own GitHub Enterprise Server for code management and collaboration. The vulnerability requires an authenticated user to exploit but could compromise administrative accounts.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update GitHub Enterprise Server immediately to patched versions: 3.20.4, 3.19.8, 3.18.11, 3.17.17, or 3.16.20", "Review Discussion posts for suspicious titles containing script tags or unusual characters", "Audit user accounts with access to create Discussions and limit permissions where appropriate", "Monitor for unusual account activity or unauthorized changes following potential exploitation"], "origin": {"product": "GitHub Enterprise Server", "vendor": "GitHub", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "GitHub Enterprise Server is used by some larger Texas organizations for internal code repositories, but most small and rural entities use cloud-hosted GitHub or other solutions, limiting direct exposure.", "patch_available": true, "reference_url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.20", "source_date": "2026-06-30T22:16:45.483", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "CVE-2025-71349", "cve": "CVE-2025-71349", "summary": "A security flaw in picklescan (a Python tool used to scan pickle files for malicious code) fails to detect certain dangerous functions, allowing attackers to hide malicious code in pickle files. If an organization uses picklescan to verify pickle files before loading them, attackers could bypass this protection and execute harmful code on systems. This primarily affects organizations using Python-based data processing or machine learning applications.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (High)", "remediation": ["Update picklescan to version 0.0.29 or later immediately if installed", "Audit systems using Python pickle files to identify where picklescan is deployed", "Avoid loading pickle files from untrusted or unknown sources", "Consider alternative serialization formats like JSON for data exchange where possible"], "origin": {"product": "picklescan", "vendor": "picklescan", "first_reported": "2025", "exploited_by": []}, "score_reason": "Limited direct impact on Texas critical infrastructure as picklescan is a specialized Python security tool not commonly deployed in small rural utilities, though organizations using Python-based SCADA or data analytics could be affected.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-5qwp-399c-mjwf", "source_date": "2026-06-30T23:16:51.010", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "VMware Multiple Products Privilege Escalation Vulnerability", "cve": "CVE-2020-3950", "summary": "VMware Fusion, Remote Console, and Horizon Client for Mac computers have a security flaw that lets attackers gain full administrator (root) access. This affects Mac workstations used by IT staff to manage virtual machines or connect to remote systems. While this primarily impacts administrative computers rather than operational infrastructure, compromised admin machines could be used to attack critical systems.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "CISA KEV", "remediation": ["Update VMware Fusion, VMRC for Mac, and Horizon Client for Mac to the latest patched versions immediately", "Inventory all Mac computers running VMware products and prioritize updates for IT staff machines with access to critical systems", "Limit administrative privileges on workstations and implement endpoint detection tools", "Review logs on affected systems for signs of unauthorized privilege escalation"], "origin": {"product": "Multiple Products (Fusion, VMRC for Mac, Horizon Client for Mac)", "vendor": "VMware", "first_reported": "2020-03-17", "exploited_by": []}, "score_reason": "This Mac-specific vulnerability affects IT administrative workstations rather than operational technology, limiting direct impact on Texas critical infrastructure, though compromised admin systems could enable further attacks.", "patch_available": true, "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "source_date": "2021-11-03", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-10560", "cve": "CVE-2026-10560", "summary": "IBM Langflow OSS versions 1.0.0 through 1.9.6 have a security flaw where attackers can access build data or disrupt operations without logging in. This could allow unauthorized viewing of sensitive information and interruption of automated workflows. Organizations using this AI development tool should update immediately.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health"], "source": "NVD (High)", "remediation": ["Update IBM Langflow OSS to version 1.9.7 or later immediately", "Restrict network access to Langflow endpoints using firewall rules", "Monitor logs for unauthorized access attempts to /api/v1/build_public_tmp/ endpoints", "Consider placing Langflow behind authentication proxy if update cannot be applied quickly"], "origin": {"product": "Langflow OSS", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This affects a specialized AI workflow tool not widely deployed in small Texas organizations, with moderate impact limited to information disclosure and service disruption rather than critical infrastructure control systems.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277996", "source_date": "2026-06-30T20:17:27.263", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-10648", "cve": "CVE-2026-10648", "summary": "A flaw in Zephyr RTOS (version 4.4.0) allows attackers with access to serial/UART connections to crash embedded devices by exhausting a small memory buffer pool. This causes a denial of service that could disable IoT sensors, controllers, or other embedded equipment running Zephyr. Organizations using Zephyr-based devices for monitoring or control systems should apply the fix.", "score": 35, "impact_score": 25, "sectors": ["Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Critical Manufacturing"], "source": "NVD (Medium)", "remediation": ["Identify any devices running Zephyr RTOS v4.4.0, particularly those with exposed serial/UART interfaces.", "Apply the vendor patch from the Zephyr project commit 6f363ec6f7fd6ae9ed7ca2ae66fd9c82dce31c59 or update to the next patched release.", "Restrict physical and network access to serial/UART/console interfaces on embedded devices.", "Monitor embedded devices for unexpected reboots or crashes that could indicate exploitation attempts."], "origin": {"product": "Zephyr RTOS", "vendor": "Zephyr Project", "first_reported": "2026-06-29", "exploited_by": []}, "score_reason": "Limited impact because exploitation requires physical or local serial access to Zephyr-based embedded devices, which have moderate but not widespread deployment in Texas critical infrastructure.", "patch_available": true, "reference_url": "https://github.com/zephyrproject-rtos/zephyr/commit/6f363ec6f7fd6ae9ed7ca2ae66fd9c82dce31c59", "source_date": "2026-06-29T23:16:42.180", "first_seen": "2026-07-01T14:02:53.178564", "seen_at": "2026-07-01T14:02:53.178564"}, {"title": "CVE-2026-14104", "cve": "CVE-2026-14104", "summary": "A vulnerability in Google Chrome's WebAppInstalls feature allows attackers to run malicious code within the browser's sandbox when users visit a crafted webpage. While the code execution is contained within Chrome's sandbox (limiting damage), this still poses a risk if combined with other exploits. Organizations using Chrome should update to version 150.0.7871.47 or later.", "score": 35, "impact_score": 40, "sectors": ["Communications", "Emergency Services", "Energy", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Transportation", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all workstations immediately", "Enable automatic Chrome updates via group policy or endpoint management tools", "Train staff to avoid clicking suspicious links or visiting untrusted websites", "Consider using browser isolation for staff accessing sensitive systems"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Chrome is widely deployed across Texas organizations but the vulnerability is sandbox-contained with low severity rating and no confirmed active exploitation, limiting immediate threat to critical infrastructure.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:22.300", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "CVE-2025-71347", "cve": "CVE-2025-71347", "summary": "A security flaw in picklescan (a Python tool used to scan for malicious code in data files) fails to detect certain hidden malicious code. Attackers can hide dangerous code in pickle files that runs when opened, potentially taking control of systems that process untrusted data files. This primarily affects organizations using Python-based machine learning or data processing applications.", "score": 35, "impact_score": 30, "sectors": ["Information Technology", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update picklescan to version 0.0.33 or later immediately", "Avoid processing pickle files from untrusted or unknown sources", "Review any Python applications that deserialize pickle data and implement additional input validation", "Consider using safer serialization formats like JSON for data exchange where possible"], "origin": {"product": "picklescan", "vendor": "mmaitre314", "first_reported": "2025-07-04", "exploited_by": []}, "score_reason": "This vulnerability affects a specialized Python security scanning library with limited deployment in typical Texas small government and utility environments, though organizations using ML/AI data pipelines could be at risk.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-cffc-mxrf-mhh4", "source_date": "2026-07-04T02:16:21.803", "first_seen": "2026-07-05T06:34:34.571906", "seen_at": "2026-07-05T06:34:34.571906"}, {"title": "CVE-2026-12349", "cve": "CVE-2026-12349", "summary": "A WordPress plugin called Premium Addons for KingComposer has a security flaw that allows anyone on the internet to add or delete website sidebars without logging in. This could cause parts of your website to stop displaying properly, affecting public communications. Small organizations using WordPress websites with this plugin should update or remove it immediately.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Check if your WordPress site uses the Premium Addons for KingComposer plugin and update to version 1.1.2 or later if available", "If no update exists, deactivate and remove the plugin immediately", "Review your website sidebars and widget areas to ensure they are displaying correctly", "Contact your website administrator or IT support to verify the fix is in place"], "origin": {"product": "Premium Addons for KingComposer WordPress Plugin", "vendor": "KingComposer", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This vulnerability affects WordPress websites which many small Texas organizations use for public communications, but it only impacts website display elements rather than critical operational systems, and there is no confirmed active exploitation.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-kingcomposer/trunk/core/class-sidebar.php#L100", "source_date": "2026-06-30T06:16:26.950", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-10564", "cve": "CVE-2026-10564", "summary": "IBM Langflow OSS versions 1.0.0 through 1.9.6 have a security flaw that allows attackers to trick the system into making unauthorized requests to internal networks and cloud services. An authenticated attacker could steal sensitive credentials and map out your internal systems. This affects organizations using this open-source AI workflow tool for automation or data processing.", "score": 35, "impact_score": 30, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Upgrade IBM Langflow OSS to version 1.9.7 or later immediately", "Block outbound requests to cloud metadata services (169.254.169.254) at the firewall level", "Review logs for unusual outbound connections from Langflow servers to internal IP ranges", "If upgrade is not possible, disable or remove the RSSReaderComponent and SearXNG components"], "origin": {"product": "Langflow OSS", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While this is a serious vulnerability affecting cloud-connected AI tools, IBM Langflow OSS has limited deployment in small Texas municipalities and rural utilities, and requires authentication to exploit.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277995", "source_date": "2026-06-30T20:17:27.387", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-34104", "cve": "CVE-2026-34104", "summary": "A security flaw in the Guardian language-system software allows attackers who have login access to steal database contents through a SQL injection attack in the designer.php page. This could expose sensitive information stored in the system's database including usernames, passwords, and other confidential data.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Contact the Guardian language-system vendor for a security patch or updated version", "Immediately restrict access to designer.php to only essential administrators", "Implement web application firewall rules to block SQL injection attempts on the name parameter", "Review database access logs for signs of unauthorized data extraction"], "origin": {"product": "language-system", "vendor": "Guardian", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "While SQL injection is a serious vulnerability, Guardian language-system is not widely deployed in Texas critical infrastructure, requires authentication to exploit, and there is no evidence of active exploitation in the wild.", "patch_available": false, "reference_url": "https://gist.github.com/cyberinforepo/d5b2771d82e1b31b8fc1c33052e08dad", "source_date": "2026-07-01T17:16:33.420", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-11595", "cve": "CVE-2026-11595", "summary": "IBM WebSphere Application Server versions 8.5 and 9.0 have a vulnerability that could allow attackers to access sensitive information through the administrative console's built-in help system. This affects organizations running IBM WebSphere for web applications and could expose configuration details or other sensitive data. While not immediately critical, exposed administrative interfaces could aid further attacks.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses IBM WebSphere Application Server versions 8.5 or 9.0", "Apply the security patch from IBM Support page referenced in the advisory", "Restrict network access to WebSphere administrative consoles to authorized personnel only", "Monitor administrative console access logs for suspicious activity"], "origin": {"product": "WebSphere Application Server", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Medium severity information disclosure with no confirmed active exploitation; WebSphere has limited deployment in small Texas municipalities but may exist in some government and healthcare environments.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278590", "source_date": "2026-06-30T20:17:27.630", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-56320", "cve": "CVE-2026-56320", "summary": "Capgo, a mobile app update platform, has a security flaw that lets authenticated attackers create unauthorized device records by bypassing organization access controls. This could allow malicious actors to inject devices into applications they shouldn't have access to. Organizations using Capgo for mobile app management should update immediately.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health"], "source": "NVD (High)", "remediation": ["Update Capgo to version 12.128.2 or later immediately", "Review device records for any unauthorized entries created with foreign organization IDs", "Audit access logs for the POST /private/create_device endpoint for suspicious activity", "Implement network-level access controls to limit who can reach Capgo administrative endpoints"], "origin": {"product": "Capgo", "vendor": "Cap-go", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This affects a specialized mobile app update platform with limited deployment in Texas critical infrastructure; the flaw requires authentication and targets app management rather than core operational systems.", "patch_available": true, "reference_url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-mhrc-qhq8-872f", "source_date": "2026-06-30T23:17:30.120", "first_seen": "2026-07-01T12:34:34.701880", "seen_at": "2026-07-01T12:34:34.701880"}, {"title": "CVE-2026-11708", "cve": "CVE-2026-11708", "summary": "IBM WebSphere Application Server versions 8.5 and 9.0 have a cross-site scripting (XSS) vulnerability in the administrative console's help system. An attacker could potentially inject malicious scripts that run when administrators access the help pages. This primarily affects IT staff managing WebSphere servers rather than end users.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Critical)", "remediation": ["Apply the latest IBM security patches from the referenced support page immediately", "Restrict administrative console access to trusted internal networks only", "Enable multi-factor authentication for all WebSphere admin accounts", "Monitor administrative console logs for suspicious activity"], "origin": {"product": "WebSphere Application Server", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While WebSphere is used by some Texas government and healthcare organizations, this XSS vulnerability requires access to the administrative console and is limited to the help system, reducing overall risk.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7278590", "source_date": "2026-06-30T20:17:27.767", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-14605", "cve": "CVE-2026-14605", "summary": "A security flaw in RT-Thread software (up to version 5.0.2) affects a component used in certain embedded industrial control systems with CAN bus communications. An attacker with local access could cause a buffer overflow, potentially crashing systems or gaining control. This affects specialized embedded devices that may be used in industrial automation settings.", "score": 35, "impact_score": 25, "sectors": ["Water and Wastewater Systems", "Energy", "Critical Manufacturing"], "source": "NVD (High)", "remediation": ["Inventory any embedded devices running RT-Thread firmware and identify affected versions", "Restrict physical and local access to industrial control devices using RT-Thread", "Monitor RT-Thread GitHub for patches and apply updates when version 5.0.3 or higher becomes available", "Isolate affected industrial devices on segmented networks away from business systems"], "origin": {"product": "RT-Thread RTOS (ls1c CAN Handler)", "vendor": "RT-Thread", "first_reported": "2026-07-03", "exploited_by": ["Public exploit code available"]}, "score_reason": "While RT-Thread is used in some industrial embedded systems, the vulnerability requires local access and affects a specialized CAN bus handler component with limited deployment in typical Texas small utility environments.", "patch_available": false, "reference_url": "https://github.com/RT-Thread/rt-thread/", "source_date": "2026-07-03T20:16:52.070", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-58523", "cve": "CVE-2026-58523", "summary": "A security flaw in Microsoft Edge browser for Android devices allows attackers to bypass security protections over a network. This could let unauthorized users access protected features or data when staff use Edge on Android phones or tablets. The vulnerability requires network access but does not appear to be actively exploited yet.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Emergency Services", "Water and Wastewater Systems", "Energy"], "source": "NVD (Medium)", "remediation": ["Update Microsoft Edge for Android to the latest version from Google Play Store on all organization-managed mobile devices", "Consider temporarily using alternative browsers on Android devices for sensitive work until patched", "Review which staff use Edge on Android for work purposes and prioritize their updates", "Enable automatic app updates on organization-managed Android devices"], "origin": {"product": "Microsoft Edge for Android", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium severity affecting only mobile Android browser with no confirmed exploitation; limited impact on critical infrastructure operations that primarily use desktop systems.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58523", "source_date": "2026-07-03T22:16:55.740", "first_seen": "2026-07-05T09:34:34.661301", "seen_at": "2026-07-05T09:34:34.661301"}, {"title": "CVE-2026-4629", "cve": "CVE-2026-4629", "summary": "A security flaw in Keycloak identity management software allows users who already have high-level permissions to escalate their access to full administrator control. This affects organizations using Keycloak for user authentication and login systems. The attack requires an insider with existing privileged access to exploit.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Review and audit all users with manage-clients permission in Keycloak deployments", "Update Keycloak to the latest patched version when available from Red Hat", "Monitor authentication logs for unusual role mapper changes or privilege escalations", "Implement principle of least privilege for all Keycloak administrative accounts"], "origin": {"product": "Keycloak", "vendor": "Red Hat", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Medium severity requiring existing high privileges limits widespread exploitation risk, but could impact Texas government and healthcare entities using Keycloak for identity management.", "patch_available": true, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4629", "source_date": "2026-06-30T13:18:59.350", "first_seen": "2026-07-01T05:49:18.001903", "seen_at": "2026-07-01T05:49:18.001903"}, {"title": "CVE-2026-14105", "cve": "CVE-2026-14105", "summary": "A security flaw in Google Chrome's Speech feature allows attackers to bypass protections that keep websites from accessing each other's data. An attacker could trick users into visiting a malicious webpage to potentially access information from other sites. This is rated low severity by Google and affects Chrome versions before 150.0.7871.47.", "score": 35, "impact_score": 40, "sectors": ["Communications", "Government Facilities", "Healthcare and Public Health", "Information Technology", "Water and Wastewater Systems", "Energy", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update Google Chrome to version 150.0.7871.47 or later on all workstations and devices", "Enable automatic Chrome updates through group policy or device management", "Train staff to avoid clicking suspicious links or visiting untrusted websites", "Consider using browser isolation for sensitive operations"], "origin": {"product": "Chrome", "vendor": "Google", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "While Chrome is widely used across all Texas sectors, this is a low-severity policy bypass with no confirmed active exploitation, limiting immediate threat to critical infrastructure.", "patch_available": true, "reference_url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html", "source_date": "2026-06-30T23:17:22.390", "first_seen": "2026-07-02T15:34:34.694842", "seen_at": "2026-07-02T15:34:34.694842"}, {"title": "CVE-2026-14607", "cve": "CVE-2026-14607", "summary": "A memory corruption vulnerability exists in RT-Thread real-time operating system versions up to 5.0.2 that could allow local attackers to crash or compromise embedded devices. RT-Thread is used in some industrial IoT devices and embedded systems. The exploit code is publicly available but requires local access to the affected device.", "score": 35, "impact_score": 25, "sectors": ["Water and Wastewater Systems", "Energy", "Critical Manufacturing"], "source": "NVD (Medium)", "remediation": ["Inventory any embedded devices or IoT systems using RT-Thread firmware and identify affected versions", "Monitor the RT-Thread GitHub repository for the accepted patch and apply firmware updates when available", "Restrict physical and network access to embedded devices running RT-Thread", "Implement network segmentation to isolate IoT and embedded systems from critical operational networks"], "origin": {"product": "RT-Thread RTOS", "vendor": "RT-Thread", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "While RT-Thread is used in some industrial embedded systems, the local-only attack requirement significantly limits risk, and deployment in Texas critical infrastructure is not widespread.", "patch_available": false, "reference_url": "https://github.com/RT-Thread/rt-thread/", "source_date": "2026-07-03T20:16:52.400", "first_seen": "2026-07-05T00:34:34.603428", "seen_at": "2026-07-05T00:34:34.603428"}, {"title": "CVE-2026-11778", "cve": "CVE-2026-11778", "summary": "A WordPress plugin called CURCY Multi Currency for WooCommerce has a security flaw that allows attackers without login credentials to execute malicious code on websites. This affects any Texas organization using WordPress with this e-commerce plugin, potentially allowing attackers to take control of the website or steal data.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update the CURCY Multi Currency for WooCommerce plugin to version 2.2.15 or later immediately", "If update is not available, temporarily disable the CURCY plugin until patched", "Review WordPress access logs for suspicious shortcode execution attempts", "Consider using a web application firewall to block malicious requests"], "origin": {"product": "CURCY Multi Currency for WooCommerce", "vendor": "VillaTheme", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "This affects WordPress websites using a specific WooCommerce plugin, which has limited deployment in Texas critical infrastructure since most utilities and government sites don't use e-commerce currency conversion tools.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/woo-multi-currency/trunk/frontend/cache.php#L108", "source_date": "2026-07-03T09:16:36.497", "first_seen": "2026-07-04T00:34:34.705390", "seen_at": "2026-07-04T00:34:34.705390"}, {"title": "CVE-2026-58449", "cve": "CVE-2026-58449", "summary": "A vulnerability in txtai (an AI search library) allows remote attackers to execute malicious code on servers if the API is exposed without authentication and with writable index settings. While not the default configuration, organizations using txtai for document search or AI applications could be at risk if improperly configured. A fix is available in the latest commit.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health"], "source": "NVD (Critical)", "remediation": ["Update txtai to the latest version containing commit 11b32da or newer immediately", "Configure TOKEN authentication for any txtai API endpoints exposed to networks", "Disable the reindex endpoint if not needed by setting the new reindex configuration flag to false", "Audit network exposure to ensure txtai APIs are not publicly accessible"], "origin": {"product": "txtai", "vendor": "neuml", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "Limited deployment in typical small Texas organizations, requires specific non-default configuration to exploit, and primarily affects specialized AI/search applications rather than core infrastructure systems.", "patch_available": true, "reference_url": "https://github.com/neuml/txtai/commit/11b32da720f03276199ebc5583c15fc5d1ccafd3", "source_date": "2026-06-30T22:16:58.397", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-40524", "cve": "CVE-2026-40524", "summary": "FrontAccounting, a free accounting software sometimes used by small organizations, has a security flaw that allows attackers with certain permissions to steal sensitive financial data from the database. An attacker could extract journal entries and other confidential accounting information. Organizations using FrontAccounting versions before 2.4.20 should update immediately.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update FrontAccounting to version 2.4.20 or later immediately", "Review user accounts with SA_GLANALYTIC permission and remove unnecessary access", "Check database logs for unusual query patterns that may indicate exploitation attempts", "Consider isolating accounting systems from public internet access"], "origin": {"product": "FrontAccounting ERP", "vendor": "FrontAccounting", "first_reported": "2026-06-29", "exploited_by": []}, "score_reason": "This affects a niche open-source accounting system that may be used by some small Texas municipalities or organizations, but requires authenticated access with specific permissions, limiting widespread exploitation risk.", "patch_available": true, "reference_url": "https://github.com/FrontAccountingERP/FA/commit/647a18196caad27f96ea852e993c9e30f815357f", "source_date": "2026-06-29T14:16:51.207", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2025-71360", "cve": "CVE-2025-71360", "summary": "A security flaw in picklescan (a tool used to scan Python pickle files for malicious code) fails to detect certain hidden malicious code. Attackers can embed harmful commands in pickle files that run automatically when opened, potentially compromising systems that use machine learning or data science tools. This primarily affects organizations using Python-based data processing or AI/ML applications.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update picklescan to version 0.0.29 or later immediately if your organization uses this tool", "Audit any Python-based applications that process pickle files from external sources", "Implement strict controls on accepting pickle files from untrusted sources", "Contact your IT vendor to confirm if any deployed systems use picklescan or process pickle files"], "origin": {"product": "picklescan", "vendor": "mmaitre314", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "Limited direct impact on Texas critical infrastructure as picklescan is a specialized Python security tool primarily used in data science and ML environments, which are not widely deployed in small rural Texas utilities or government facilities.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9xph-j2h6-g47v", "source_date": "2026-07-04T02:16:22.327", "first_seen": "2026-07-05T20:02:53.081206", "seen_at": "2026-07-05T20:02:53.081206"}, {"title": "CVE-2026-59093", "cve": "CVE-2026-59093", "summary": "Weaviate database software before version 1.38.0 has a security flaw that allows users with limited permissions to give themselves or others full administrator access. This means someone with basic role assignment rights could take complete control of the database without authorization. Organizations using Weaviate for data management should update immediately.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (High)", "remediation": ["Update Weaviate to version 1.38.0 or later immediately", "Audit existing role assignments to identify any unauthorized privilege escalation", "Review and restrict which users have assign_and_revoke permissions", "Monitor database access logs for suspicious administrative activity"], "origin": {"product": "Weaviate", "vendor": "Weaviate", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Weaviate is a specialized vector database not commonly deployed in small Texas municipalities or rural utilities, limiting direct impact to critical infrastructure, though any organization using it for AI/data applications faces serious privilege escalation risk.", "patch_available": true, "reference_url": "https://github.com/weaviate/weaviate/commit/2c75f6fb217631f7751c4b2a7d37a488cef13edb", "source_date": "2026-07-02T20:17:07.410", "first_seen": "2026-07-02T21:34:34.775050", "seen_at": "2026-07-02T21:34:34.775050"}, {"title": "CVE-2019-19634", "cve": "CVE-2019-19634", "summary": "A vulnerability in the class.upload.php file upload component allows attackers to bypass security filters and upload malicious .pht files that can execute code on web servers. This affects websites using Joomla! with the K2 extension and other PHP applications using the verot.net class.upload library. If exploited, attackers could take control of affected web servers.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (Critical)", "remediation": ["Update class.upload.php to version 2.0.5 or later immediately", "Audit your Joomla installations for the K2 extension and update or remove if present", "Configure web servers to block execution of .pht files", "Review web server logs for suspicious file upload attempts"], "origin": {"product": "class.upload.php", "vendor": "verot.net", "first_reported": "2019-12-17", "exploited_by": []}, "score_reason": "This is an older 2019 vulnerability affecting a specific Joomla extension with limited deployment in Texas critical infrastructure, though some municipal and utility websites may use affected components.", "patch_available": true, "reference_url": "https://github.com/jra89/CVE-2019-19634", "source_date": "2019-12-17T18:15:14.870", "first_seen": "2026-07-01T02:35:18.825890", "seen_at": "2026-07-01T03:34:34.551196"}, {"title": "CVE-2026-57516", "cve": "CVE-2026-57516", "summary": "Ray, a distributed computing framework sometimes used for AI/ML workloads, has a critical vulnerability that allows attackers to run malicious code on systems by tricking them into processing a specially crafted data file. If your organization uses Ray for data processing or machine learning tasks, an attacker could take full control of affected worker systems.", "score": 35, "impact_score": 30, "sectors": ["Information Technology", "Healthcare and Public Health", "Energy", "Water and Wastewater Systems"], "source": "NVD (High)", "remediation": ["Update Ray to version 2.56.0 or later immediately", "Audit any systems using Ray to identify exposure to untrusted data sources", "Restrict network access to Ray clusters and avoid processing tar archives from untrusted sources", "Monitor Ray worker systems for unusual activity or unauthorized processes"], "origin": {"product": "Ray", "vendor": "Ray Project", "first_reported": "2026-07-01", "exploited_by": []}, "score_reason": "Ray is a specialized AI/ML framework with limited deployment in small Texas municipalities and rural utilities, though healthcare facilities or research-oriented organizations using machine learning could be affected.", "patch_available": true, "reference_url": "https://github.com/ray-project/ray/pull/63469", "source_date": "2026-07-01T17:16:37.390", "first_seen": "2026-07-01T18:34:34.516259", "seen_at": "2026-07-01T18:34:34.516259"}, {"title": "CVE-2026-10546", "cve": "CVE-2026-10546", "summary": "IBM Langflow OSS versions 1.0.0 through 1.9.3 have a security flaw that could allow attackers to trick the system into making unauthorized internal network requests. This vulnerability uses a timing trick combined with DNS manipulation to bypass security checks. Organizations using this AI workflow tool should update immediately.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health"], "source": "NVD (High)", "remediation": ["Update IBM Langflow OSS to version 1.9.4 or later immediately", "Review network logs for unusual outbound requests from Langflow servers", "Implement network segmentation to limit internal access from AI workflow tools", "Consider blocking or monitoring DNS rebinding attempts at the network level"], "origin": {"product": "Langflow OSS", "vendor": "IBM", "first_reported": "2026-06-30", "exploited_by": []}, "score_reason": "This affects a specialized AI development tool that has limited deployment in small Texas organizations, though any government or healthcare entities using Langflow for automation projects could be at risk.", "patch_available": true, "reference_url": "https://www.ibm.com/support/pages/node/7277560", "source_date": "2026-06-30T20:17:27.140", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2026-14623", "cve": "CVE-2026-14623", "summary": "A vulnerability in OMEC Project AMF (Access and Mobility Management Function) software versions up to 2.1.1 could allow remote attackers to cause system crashes or service disruptions. This affects 5G mobile network core infrastructure components. The exploit code has been publicly released, increasing the risk of attacks.", "score": 35, "impact_score": 25, "sectors": ["Communications"], "source": "NVD (Medium)", "remediation": ["Apply the vendor patch (commit 34bc6724acc97dba1f8691e586da95b042cb612d) immediately if running OMEC AMF software", "Contact your mobile network or communications service provider to verify they have patched their systems", "Monitor network infrastructure for unusual traffic or service disruptions", "Review and restrict remote access to network management functions"], "origin": {"product": "AMF (Access and Mobility Management Function)", "vendor": "OMEC Project", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "While this affects Communications sector infrastructure (a Texas lifeline sector), OMEC AMF is specialized 5G core network software with limited deployment in small Texas communities; however, public exploit availability increases concern.", "patch_available": true, "reference_url": "https://github.com/omec-project/amf/", "source_date": "2026-07-04T10:16:27.623", "first_seen": "2026-07-05T11:02:52.978653", "seen_at": "2026-07-05T11:02:52.978653"}, {"title": "CVE-2025-71372", "cve": "CVE-2025-71372", "summary": "Picklescan, a security tool used to detect malicious Python pickle files, has a vulnerability that allows attackers to bypass its safety checks. This could enable supply-chain attacks where malicious code hidden in shared machine learning model files executes when loaded. Organizations using Python-based data processing or AI/ML applications may be affected.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Water and Wastewater Systems", "Energy", "Healthcare and Public Health", "Government Facilities"], "source": "NVD (High)", "remediation": ["Update Picklescan to version 0.0.33 or later immediately if used in your environment", "Review any Python-based applications that load pickle files from external sources", "Implement allowlisting for trusted model file sources only", "Contact IT vendors to confirm their AI/ML tools are not affected by this vulnerability"], "origin": {"product": "Picklescan", "vendor": "mmaitre314", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "While this is a serious supply-chain vulnerability, Picklescan is a specialized security tool primarily used in machine learning environments, which limits its deployment across typical small Texas municipal organizations.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-rrxm-2pvv-m66x", "source_date": "2026-07-04T02:16:23.097", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-14732", "cve": "CVE-2026-14732", "summary": "A SQL injection vulnerability exists in SourceCodester Class and Exam Timetabling System 1.0 that allows attackers to remotely manipulate database queries through the edit_exam.php file. This could let attackers access, modify, or delete sensitive scheduling and student data. The exploit code is publicly available, increasing the risk of attacks.", "score": 35, "impact_score": 25, "sectors": ["Government Facilities", "Information Technology"], "source": "NVD (High)", "remediation": ["Immediately take the Class and Exam Timetabling System offline or restrict access to trusted internal networks only", "Contact SourceCodester for an updated version or apply input validation patches if available", "Review database logs for signs of unauthorized access or SQL injection attempts", "Consider migrating to a more secure, actively maintained scheduling solution"], "origin": {"product": "Class and Exam Timetabling System", "vendor": "SourceCodester", "first_reported": "2026-07-05", "exploited_by": []}, "score_reason": "This vulnerability affects a niche academic scheduling application not widely deployed in Texas critical infrastructure, though school districts using this specific software face moderate risk due to public exploit availability.", "patch_available": false, "reference_url": "https://github.com/cyberdrinclj/pcve/issues/1", "source_date": "2026-07-05T09:16:28.290", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-9626", "cve": "CVE-2026-9626", "summary": "A vulnerability in the JSON API User plugin for WordPress allows attackers with basic subscriber accounts to inject malicious scripts into website comments. These scripts can steal login credentials or redirect visitors to harmful sites. Any organization using WordPress with this plugin should update immediately.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update the JSON API User plugin to version 4.1.1 or later immediately", "If update is not available, deactivate and remove the JSON API User plugin until patched", "Review existing comments for suspicious scripts or unexpected HTML content", "Restrict subscriber-level account creation and audit existing user accounts"], "origin": {"product": "JSON API User", "vendor": "Developer Starter", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "WordPress is widely used by small Texas municipalities and utilities for public-facing websites, but this requires authenticated access and is a medium-severity cross-site scripting issue rather than a critical infrastructure control system vulnerability.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/json-api-user/tags/4.1.0/controllers/User.php#L1007", "source_date": "2026-07-03T06:16:23.123", "first_seen": "2026-07-03T20:02:53.037249", "seen_at": "2026-07-03T20:02:53.037249"}, {"title": "CVE-2026-14629", "cve": "CVE-2026-14629", "summary": "A vulnerability in RT-Thread real-time operating system (versions up to 5.2.2) allows attackers to cause a divide-by-zero error through the system call handler, potentially crashing affected embedded devices. RT-Thread is used in some industrial IoT devices and embedded systems. A fix has been proposed but not yet officially released.", "score": 35, "impact_score": 25, "sectors": ["Water and Wastewater Systems", "Energy", "Critical Manufacturing"], "source": "NVD (Medium)", "remediation": ["Inventory any embedded devices or IoT systems running RT-Thread and identify affected versions", "Monitor the RT-Thread GitHub repository for the accepted patch and apply once released", "Isolate affected embedded devices on segmented networks away from internet exposure", "Contact device vendors to request firmware updates addressing this vulnerability"], "origin": {"product": "RT-Thread RTOS", "vendor": "RT-Thread", "first_reported": "2026-07-04", "exploited_by": []}, "score_reason": "RT-Thread is a specialized embedded RTOS with limited deployment in Texas critical infrastructure; the divide-by-zero vulnerability causes denial of service but not code execution, and no active exploitation against Texas organizations has been reported.", "patch_available": false, "reference_url": "https://github.com/RT-Thread/rt-thread/", "source_date": "2026-07-04T14:16:29.203", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-58299", "cve": "CVE-2026-58299", "summary": "A security flaw in Microsoft Edge browser for Android devices could allow attackers to run malicious code remotely. This affects anyone using Edge on Android phones or tablets to access work systems. While primarily a mobile browser issue, it could impact staff accessing organizational resources remotely.", "score": 35, "impact_score": 30, "sectors": ["Government Facilities", "Healthcare and Public Health", "Emergency Services", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update Microsoft Edge for Android to the latest version through Google Play Store immediately", "Consider temporarily restricting access to sensitive organizational systems from mobile browsers until patched", "Enable automatic app updates on all organization-managed Android devices", "Review mobile device management policies to ensure browsers stay current"], "origin": {"product": "Edge for Android", "vendor": "Microsoft", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Mobile browser vulnerability with network-based code execution is concerning but limited to Android Edge users, which represents a smaller attack surface for most Texas critical infrastructure organizations that primarily use desktop systems.", "patch_available": true, "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58299", "source_date": "2026-07-03T21:17:04.907", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}, {"title": "CVE-2025-71350", "cve": "CVE-2025-71350", "summary": "A security flaw in picklescan (a tool used to scan Python pickle files for malware) allows attackers to hide malicious code that won't be detected. If your organization uses machine learning or AI tools that load pickle files, malicious files could execute harmful commands on your systems without being caught by the scanner.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update picklescan to version 0.0.28 or later immediately if installed", "Audit any systems using Python pickle files or machine learning models for suspicious activity", "Only load pickle files from trusted and verified sources", "Consider implementing additional file scanning tools as a secondary defense layer"], "origin": {"product": "picklescan", "vendor": "picklescan", "first_reported": "2025", "exploited_by": []}, "score_reason": "This vulnerability affects a specialized Python security tool primarily used in machine learning environments, which limits its direct impact on most small Texas organizations, though some healthcare and utility SCADA systems using ML could be affected.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f745-w6jp-hpxx", "source_date": "2026-06-30T23:16:51.163", "first_seen": "2026-07-01T05:45:40.117771", "seen_at": "2026-07-01T05:45:40.117771"}, {"title": "CVE-2025-71375", "cve": "CVE-2025-71375", "summary": "A security flaw in picklescan (a tool that scans Python pickle files for malicious code) fails to detect certain dangerous functions, allowing attackers to hide malicious code that runs when files are opened. This affects organizations using Python-based data science, machine learning, or automation tools that process pickle files. While primarily a software development concern, it could impact systems using AI/ML applications or automated data processing.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Healthcare and Public Health", "Water and Wastewater Systems", "Energy"], "source": "NVD (High)", "remediation": ["Update picklescan to version 0.0.34 or later immediately", "Review any systems using Python pickle file processing for potential compromise", "Avoid loading pickle files from untrusted or unknown sources", "Consider alternative serialization formats like JSON for data exchange"], "origin": {"product": "picklescan", "vendor": "picklescan", "first_reported": "2025", "exploited_by": []}, "score_reason": "This vulnerability affects a specialized Python security scanning tool with limited deployment in typical Texas rural infrastructure, though organizations using machine learning or data automation tools could be at risk.", "patch_available": true, "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-955r-x9j8-7rhh", "source_date": "2026-07-04T02:16:23.347", "first_seen": "2026-07-05T21:34:34.730890", "seen_at": "2026-07-05T21:34:34.730890"}, {"title": "CVE-2026-59094", "cve": "CVE-2026-59094", "summary": "Pathway document store software has a flaw where attackers can send specially crafted requests to public web endpoints that cause the system to freeze up by consuming excessive CPU resources. This denial-of-service attack requires no login and can make affected systems unresponsive with just a few malicious requests. Organizations using Pathway for document management or AI-powered search should update immediately.", "score": 35, "impact_score": 25, "sectors": ["Information Technology", "Government Facilities", "Healthcare and Public Health"], "source": "NVD (High)", "remediation": ["Update Pathway to a version newer than 0.31.1 that includes commit d09722e", "If immediate update is not possible, restrict network access to the /v1/retrieve, /v1/inputs, and /v2/answer endpoints using firewall rules", "Implement rate limiting on affected endpoints to reduce denial-of-service impact", "Monitor CPU usage for anomalies that may indicate exploitation attempts"], "origin": {"product": "Pathway Document Store", "vendor": "Pathway", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "This affects a specialized document store product not widely deployed in Texas rural infrastructure; while the unauthenticated DoS is concerning, Pathway is primarily used in AI/ML contexts rather than core lifeline operations.", "patch_available": true, "reference_url": "https://github.com/pathwaycom/pathway/commit/d09722eef03fd94bba701836eb4c7fbfa3d3b88e", "source_date": "2026-07-02T20:17:07.540", "first_seen": "2026-07-02T21:34:34.775050", "seen_at": "2026-07-02T21:34:34.775050"}, {"title": "CVE-2026-12731", "cve": "CVE-2026-12731", "summary": "A WordPress plugin called weDocs (used for documentation and knowledge bases) has a security flaw that lets attackers with contributor-level website access inject malicious code into web pages. When visitors view affected pages, harmful scripts can run in their browsers, potentially stealing information or compromising accounts. This affects organizations using WordPress websites with this plugin installed.", "score": 32, "impact_score": 28, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update the weDocs plugin to version 2.3.1 or higher immediately if installed on your WordPress site", "Review user accounts with contributor-level access or higher and remove unnecessary privileges", "Audit recent page edits for suspicious script content in documentation sections", "Consider using a web application firewall to block cross-site scripting attempts"], "origin": {"product": "weDocs AI Powered Knowledge Base Plugin for WordPress", "vendor": "weDocs", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium-severity WordPress plugin vulnerability requiring authenticated access limits immediate risk, but Texas local governments, schools, and small utilities commonly use WordPress for public websites.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/wedocs/tags/2.3.0/assets/build/blocks/Sidebar/render.php#L154", "source_date": "2026-07-03T02:16:23.100", "first_seen": "2026-07-03T03:34:34.672127", "seen_at": "2026-07-03T03:34:34.672127"}, {"title": "CVE-2026-13752", "cve": "CVE-2026-13752", "summary": "A security flaw in Snowflake CLI software (versions before 3.19) could allow attackers to run unauthorized database commands if they trick users into entering malicious values or compromise automated systems that feed data into the tool. This primarily affects organizations using Snowflake cloud data warehouse services for analytics or data management. The attack requires user interaction or compromised automation, and damage is limited to what the user's account can access.", "score": 28, "impact_score": 25, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Information Technology"], "source": "NVD (High)", "remediation": ["Upgrade Snowflake CLI to version 3.19 or later immediately if your organization uses this tool", "Review any automated scripts or workflows that pass external data to Snowflake CLI commands", "Train staff to avoid entering untrusted values into command-line tools", "Audit Snowflake user permissions to ensure least-privilege access"], "origin": {"product": "Snowflake CLI", "vendor": "Snowflake", "first_reported": "2026-06-29", "exploited_by": []}, "score_reason": "Snowflake CLI is a specialized cloud data tool with limited deployment in small Texas municipalities and utilities; exploitation requires social engineering or compromised automation, reducing immediate threat to critical infrastructure operations.", "patch_available": true, "reference_url": "https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory", "source_date": "2026-06-29T17:16:30.160", "first_seen": "2026-07-01T04:37:31.724134", "seen_at": "2026-07-01T04:37:31.724134"}, {"title": "CVE-2026-13704", "cve": "CVE-2026-13704", "summary": "A vulnerability in the GiveWP donation plugin for WordPress allows attackers with worker-level access to inject malicious scripts into donation pages. When visitors view affected pages, the hidden scripts can steal information or redirect users. This affects organizations using WordPress with this fundraising plugin for accepting donations.", "score": 28, "impact_score": 22, "sectors": ["Government Facilities", "Healthcare and Public Health", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update GiveWP plugin to version 4.16.2 or later immediately", "Audit existing donation forms for any suspicious embedded scripts or images", "Restrict Give Worker role access to only essential trusted staff", "Consider implementing a web application firewall to detect XSS attempts"], "origin": {"product": "GiveWP Donation Plugin and Fundraising Platform", "vendor": "GiveWP", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Low-severity stored XSS requiring authenticated access with specific plugin permissions; affects WordPress donation sites but not critical operational systems in Texas lifeline sectors.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/give/tags/4.14.6/includes/admin/forms/class-metabox-form-data.php#L1180", "source_date": "2026-07-02T06:16:13.620", "first_seen": "2026-07-02T06:34:34.623151", "seen_at": "2026-07-02T06:34:34.623151"}, {"title": "CVE-2026-9230", "cve": "CVE-2026-9230", "summary": "A WordPress plugin used for quizzes and surveys has a security flaw allowing logged-in users with basic access to modify quizzes they don't own, steal quiz results, and redirect notification emails to attackers. This could affect school districts or local governments using this plugin for public surveys, forms, or educational assessments.", "score": 28, "impact_score": 22, "sectors": ["Government Facilities", "Healthcare and Public Health"], "source": "NVD (Medium)", "remediation": ["Update Quiz and Survey Master plugin to version 11.1.5 or later immediately", "Audit recent quiz modifications and email routing changes for unauthorized activity", "Restrict contributor-level WordPress access to only trusted personnel", "Consider temporarily disabling the plugin if update is not yet available"], "origin": {"product": "Quiz and Survey Master (QSM)", "vendor": "ExpressTech", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "This affects a common WordPress plugin but requires authenticated access, is not in lifeline sectors, has no confirmed active exploitation, and impact is limited to data manipulation rather than system compromise.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.3.5/blocks/block.php#L257", "source_date": "2026-07-03T08:16:25.483", "first_seen": "2026-07-03T21:34:34.640390", "seen_at": "2026-07-03T21:34:34.640390"}, {"title": "CVE-2026-11600", "cve": "CVE-2026-11600", "summary": "A WordPress plugin used with Elementor website builder has a security flaw that lets authenticated users with Author-level access view private or draft page content they shouldn't be able to see. This could expose unpublished internal documents, draft announcements, or sensitive information on affected WordPress websites. The vulnerability requires an attacker to already have an account with content creation privileges on your website.", "score": 28, "impact_score": 22, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems", "Emergency Services"], "source": "NVD (Medium)", "remediation": ["Update the Envo's Templates & Widgets for Elementor plugin to version 1.4.27 or higher immediately", "Audit all user accounts with Author-level or higher access and remove unnecessary privileges", "Review WordPress activity logs for unusual access to private or draft content", "Consider temporarily deactivating the plugin if updates cannot be applied quickly"], "origin": {"product": "Envo's Templates & Widgets for Elementor and WooCommerce", "vendor": "Developer Starter Templates (developerstarterguru)", "first_reported": "2026-07-02", "exploited_by": []}, "score_reason": "Limited threat as it requires authenticated access with Author privileges, affects only WordPress sites using this specific plugin, and enables data disclosure rather than system compromise.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/tags/1.4.25/modules/off-canvas/widgets/off-canvas.php#L631", "source_date": "2026-07-02T06:16:13.160", "first_seen": "2026-07-02T06:34:34.623151", "seen_at": "2026-07-02T06:34:34.623151"}, {"title": "CVE-2026-8351", "cve": "CVE-2026-8351", "summary": "A WordPress plugin called RTMKit has a security flaw that allows attackers with contributor-level website access to inject malicious code into web pages. When visitors view affected pages, the hidden code can steal login credentials or redirect users to harmful sites. This affects organizations using WordPress websites with this specific plugin installed.", "score": 28, "impact_score": 22, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update the RTMKit plugin to version 2.0.8 or higher immediately if installed", "Audit WordPress user accounts and remove unnecessary contributor-level access", "Review website pages for suspicious scripts or unauthorized content changes", "Consider using a web application firewall to block cross-site scripting attacks"], "origin": {"product": "RTMKit Plugin for WordPress", "vendor": "RomeTheme", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Low-to-moderate risk as it requires authenticated access and targets a specific WordPress plugin with limited deployment; not directly impacting operational technology or lifeline sector core systems.", "patch_available": true, "reference_url": "https://plugins.trac.wordpress.org/browser/rometheme-for-elementor/tags/2.0.4/Inc/Elements/AdvancedHeading.php#L133", "source_date": "2026-07-03T08:16:25.107", "first_seen": "2026-07-03T20:02:53.037249", "seen_at": "2026-07-03T20:02:53.037249"}, {"title": "CVE-2026-8892", "cve": "CVE-2026-8892", "summary": "A WordPress plugin used for local business directories has a security flaw that allows users with contributor access to inject malicious code into business address fields. When visitors view affected pages, the hidden code can steal login credentials or redirect users to harmful sites. This affects small organizations using WordPress sites with this business directory plugin.", "score": 28, "impact_score": 22, "sectors": ["Government Facilities", "Healthcare and Public Health", "Water and Wastewater Systems"], "source": "NVD (Medium)", "remediation": ["Update CM Business Directory plugin to version 1.5.8 or later when available", "Audit contributor-level user accounts and remove unnecessary access", "Review existing business directory entries for suspicious code in address fields", "Consider temporarily disabling the plugin until patched if business directory is not essential"], "origin": {"product": "CM Business Directory", "vendor": "CreativeMindsSolutions", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium-severity WordPress plugin vulnerability requiring authenticated access, affecting a niche business directory plugin with limited deployment in Texas critical infrastructure sectors.", "patch_available": false, "reference_url": "https://plugins.trac.wordpress.org/browser/cm-business-directory/trunk/backend/cm-business-directory-backend.php#L366", "source_date": "2026-07-03T06:16:22.820", "first_seen": "2026-07-03T06:34:34.663202", "seen_at": "2026-07-03T06:34:34.663202"}, {"title": "CVE-2026-14615", "cve": "CVE-2026-14615", "summary": "A security flaw in Keycloak's Fine-Grained Admin Permissions feature allows administrators with limited access to view information about user groups they shouldn't be able to see, including group names and custom attributes. This affects organizations using Keycloak for identity management who have enabled the FGAP v2 feature. The vulnerability is an information disclosure issue rather than a system takeover risk.", "score": 28, "impact_score": 22, "sectors": ["Government Facilities", "Healthcare and Public Health", "Information Technology"], "source": "NVD (Medium)", "remediation": ["Check if your organization uses Keycloak with Fine-Grained Admin Permissions v2 enabled", "Monitor Red Hat security advisories for an updated Keycloak version and apply when available", "Review admin permission assignments to ensure least-privilege access", "Consider temporarily disabling FGAP v2 if strict group isolation is critical"], "origin": {"product": "Keycloak", "vendor": "Red Hat", "first_reported": "2026-07-03", "exploited_by": []}, "score_reason": "Medium-severity information disclosure in Keycloak identity management affects organizations using this specific feature, but requires existing admin access and does not impact lifeline sectors directly.", "patch_available": false, "reference_url": "https://access.redhat.com/security/cve/CVE-2026-14615", "source_date": "2026-07-03T16:16:55.773", "first_seen": "2026-07-04T21:34:34.969509", "seen_at": "2026-07-04T21:34:34.969509"}]