July 2026 Security Update: Record CVEs and Critical Vulnerabilities

July 2026 Security Update: Record CVEs and Critical Vulnerabilities

First seen 15 Jul 2026, 01:41 UTC SherlockforensicsThezdiwww.zerodayinitiative.commsrc.microsoft.com 90% similarity 74.0

Article Content

Browse articles
ThreatCluster

In July 2026, Adobe and Microsoft released significant security updates addressing numerous vulnerabilities. Adobe issued 12 bulletins for 88 unique CVEs, with a focus on ColdFusion and Commerce patches, including a CVSS 9.9 vulnerability. Microsoft reported a staggering 621 new CVEs, marking a record for the company, with 63 rated Critical. Among these, two CVEs are under active exploit, and one is publicly known. The updates cover a wide range of products, including Windows, Office, and Azure. Security professionals are advised to prioritize patching immediately due to the high volume of vulnerabilities. The updates reflect a growing trend of increasing vulnerability disclosures and patching urgency in the cybersecurity landscape.

Key Points: • Adobe released 12 bulletins addressing 88 CVEs, prioritizing ColdFusion and Commerce patches. • Microsoft disclosed a record 621 CVEs, with 63 rated Critical and two under active exploit. • Security professionals must act quickly to patch vulnerabilities across multiple platforms.

ThreatCluster AI

Timeline

2026-06-30
CVE-2026-10140 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-30
CVE-2026-57995 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-06-30
CVE-2026-48286 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
CVE-2026-6070 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-02
CVE-2026-56164 added to CISA KEV
CVE-2026-56164, a critical vulnerability, was added to the CISA Known Exploited Vulnerabilities list due to active exploitation.
Sherlockforensics
2026-07-02
CVE-2026-57100 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-02
CVE-2026-58467 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-05
First public PoC for CVE-2026-54998
A proof of concept for CVE-2026-54998 was made public, indicating potential for exploitation.
Sherlockforensics
2026-07-14
Adobe July 2026 security updates released
Adobe issued 12 bulletins addressing 88 unique CVEs, focusing on ColdFusion and Commerce patches with a CVSS 9.9 vulnerability.
Zero Day Initiative
2026-07-14
Microsoft July 2026 security updates released
Microsoft reported 621 new CVEs for July, the highest in its history, including 63 rated Critical and two under active exploit.
Thezdi

Community

Browse all →