SecuPortal 脆弱性ダイジェスト

生成日時: 2026-07-02 18:47:42 — 対象期間: 2026-06-26 〜 2026-07-02 (7日分)
23
新規 CISA KEV
118
主要ソフト新バージョン

全体サマリ

  • 今週(2026-06-26〜07-02)は CISA KEV へ23件の新規CVEが追加されたが、いずれも Ivanti / Cisco / Splunk / Oracle PeopleSoft / Ubiquiti 等の非OSS・エンタープライズ機器で、自社の主要運用製品(is_major_product=true)には該当なし。
  • 一方、ソフトウェア更新情報側では Apache ActiveMQ・MongoDB・Next.js・macOS の4製品ラインで「主要製品 かつ KEV該当CVEを含む」ケースが確認されたため、これらを ★★★ として扱う。
  • 件数: ★★★ 4件(製品ライン単位) / ★★ 35件(KEV新規CVE 23件+主要製品の高CVSS案件12件) / ★ 31件(その他主要製品ライン)

  • ★★★ 要対応 CVE


    Apache ActiveMQ 5.19 / 6.2系(KEV登録CVEを含む更新)

  • 緊急度: 🔴緊急
  • なぜ要対応か: is_major_product=true。当該バージョン系列の既知CVE13件のうち1件がCISA KEV(実悪用確認済み)に登録されている。ただし本フィードの集計データでは「どのCVE番号が KEV該当か」までは特定できず、top_cvesに挙がるCVE-2026-40466 / CVE-2026-49157 / CVE-2026-45505(いずれもCVSS8.8, HIGH)が候補。公式セキュリティアドバイザリでKEV対象CVE番号を確認する必要がある。
  • 推奨アクション: パッチ即時適用(5.19.8 / 6.2.7へ更新。バージョン更新で候補CVEすべてに対応可能)
  • PoC検証環境案: Docker Composeで apache/activemq-classic または apache/activemq-artemis の対象旧バージョンを起動し、OpenWire/JMXポートを検証用ネットワークのみに限定して公開。外部到達性なしのブリッジネットワークで動作確認。

  • MongoDB(4.4〜8.3系、KEV登録CVEを含む更新)

  • 緊急度: 🔴緊急
  • なぜ要対応か: is_major_product=true。20件のCVEのうち1件がKEV登録。top_cvesではCVE-2026-4148(CVSS8.8, HIGH)が最上位だが、これがKEV対象かは公式情報での確認が必要(可能性がある、との位置づけ)。
  • 推奨アクション: パッチ即時適用(利用中の各メジャー系列の最新パッチへ更新)。あわせて公式アドバイザリでKEV対象CVE番号を特定し、優先順位を再確認。
  • PoC検証環境案: Docker Composeで mongo:<影響バージョン> を単体起動し、認証設定を本番相当に再現した上で、公式GHSA/アドバイザリに記載の再現手順のみを検証用ネットワーク内で実施。

  • Next.js 16系(CVE-2025-55182 候補・KEV登録)

  • 緊急度: 🔴緊急
  • なぜ要対応か: is_major_product=true。CVSS 10.0(CRITICAL)のCVE-2025-55182が該当バージョン系列のtop_cvesに含まれ、当該系列はKEV該当CVEを1件含む。自社が明示的に運用対象としているフレームワークであり優先度が高い。
  • 推奨アクション: パッチ即時適用(16.2.10へ更新)
  • PoC検証環境案: Docker Composeでnode.jsコンテナ上に該当Next.jsバージョンの最小構成アプリを構築し、影響範囲とされるmiddleware/edge機能を隔離ネットワーク内で公式アドバイザリの再現条件のみに沿って確認。

  • macOS 26系(KEV登録CVE多数含む更新)

  • 緊急度: 🔴緊急
  • なぜ要対応か: is_major_product=true フラグあり。累計1381件のCVEのうちKEV登録が13件と突出して多く、top_cvesにはCVSS10.0(CRITICAL)のCVE-2026-13782を含む。ただしmacOSは主にエンドポイント(業務PC)向けであり、サーバ用途中心の他製品とは運用文脈が異なる可能性がある点に留意。
  • 推奨アクション: パッチ計画適用(MDM経由での検証後の一斉配布を推奨。実悪用済みKEV案件が多いため計画は迅速に)
  • PoC検証環境案: Dockerでの再現は不可(クライアントOSのため)。隔離済みの検証用Mac端末またはApple仮想化フレームワーク上のmacOS VMを社内ネットワークから切り離した状態で用意し、MDM配布前のパッチ適用確認・EDRテレメトリの検証に利用。

  • ★★ 参考 CVE


    KEV新規追加(自社利用製品に非該当、業界動向として)

  • CVE-2022-0492 — Linux Kernel: cgroups release_agent権限昇格。既知の古い脆弱性で、自社Linuxサーバでも理論上該当し得るため要棚卸し
  • CVE-2025-48595 — Android Framework: モバイル端末向け、サーバ環境とは無関係
  • CVE-2025-67038 — Lantronix EDS5000: シリアルデバイスサーバ、自社利用なし
  • CVE-2026-10520 — Ivanti Sentry: エンタープライズMDM、自社未使用
  • CVE-2026-11645 — Google Chromium V8: 従業員端末のブラウザ更新観点のみ参考
  • CVE-2026-12569 — PTC Windchill/FlexPLM: PLM製品、自社未使用
  • CVE-2026-20230 — Cisco Unified Communications Manager: 自社未使用
  • CVE-2026-20245 / CVE-2026-20262 — Cisco Catalyst SD-WAN Manager: 自社未使用
  • CVE-2026-20253 — Splunk Enterprise: 自社未使用(SIEM製品)
  • CVE-2026-28318 — SolarWinds Serv-U: 自社未使用のファイル転送製品
  • CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 — Ubiquiti UniFi OS: ネットワーク機器。自社拠点で同機器を使用していないか念のため要確認
  • CVE-2026-35273 — Oracle PeopleSoft PeopleTools: ランサムウェア悪用実績あり(Known)だが自社未使用のERP製品
  • CVE-2026-42271 — BerriAI LiteLLM: LLMゲートウェイ。社内でAI基盤として利用があれば要確認
  • CVE-2026-45247 — Mirasvit Full Page Cache Warmer(Magento拡張): 自社ECがMagentoでなければ非該当
  • CVE-2026-45659 — Microsoft SharePoint Server: 自社利用有無を要確認
  • CVE-2026-48558 — SimpleHelp: リモート管理ツール、自社未使用
  • CVE-2026-48907 — Widget Factory Joomla Content Editor: 自社CMSがJoomlaでなければ非該当
  • CVE-2026-50751 — Check Point Security Gateway: ランサムウェア悪用実績あり(Known)だが自社未使用のVPN機器
  • CVE-2026-54420 — LiteSpeed cPanelプラグイン: 共用ホスティング環境、自社未使用の可能性
  • CVE-2026-7473 — Arista EOS: ネットワークOS、自社未使用の可能性

  • 主要製品の高CVSS案件(is_remote情報が本フィードになく★★★昇格には至らないが、CVSS高値のため確認推奨)

  • CVE-2026-33557 — Apache Kafka: CVSS9.1、詳細な攻撃条件は公式アドバイザリ要確認
  • CVE-2026-28780 / CVE-2026-29167 — Apache HTTP Server 2.4: CVSS9.8、2.4.68への更新を推奨
  • CVE-2026-27590 — Caddy: CVSS9.8、自社利用有無を確認
  • CVE-2026-4277 — Django: CVSS9.8。自社が明示的に運用中の製品であり、is_remote等の詳細が本フィードで未提供のため形式上★★止まりだが、実質的には優先確認を推奨
  • CVE-2025-68121 — Go: CVSS10.0、ビルド/ツールチェーン環境への影響を確認
  • CVE-2025-67484 — MediaWiki: CVSS9.8、社内Wiki運用があれば確認
  • CVE-2026-21636 — Node.js: CVSS10.0、実行環境バージョンの棚卸しを推奨
  • CVE-2026-31789 — OpenSSL: CVSS9.8、広範な依存関係があるため棚卸し推奨
  • CVE-2025-12106 — OpenVPN: CVSS9.1、VPN基盤で利用していれば確認
  • CVE-2026-40976 — Spring Boot: CVSS9.1、Javaサービスで利用していれば確認
  • CVE-2025-66614 / CVE-2026-29145 — Tomcat: CVSS9.1、Javaアプリ実行基盤で利用していれば確認
  • CVE-2026-39858 / CVE-2026-35051 — Traefik: CVSS10.0、リバースプロキシとして利用していれば優先確認

  • 主要ソフトウェア更新(is_major_product=true のみ抜粋)


    製品新バージョンリリース日CVE件数CriticalHighKEV
    alpine-linux3.24.12026-06-130000
    amazon-linux2023.12.20260611.02026-06-220000
    angular22.0.42026-06-264000
    apache-activemq6.2.72026-06-2513071 ⚠要確認
    apache-kafka4.3.12026-06-233100 ⚠要確認
    apache2.4.682026-06-0813370 ⚠要確認
    caddy2.11.42026-06-028420 ⚠要確認
    django6.0.62026-06-0322270 ⚠要確認
    dotnet10.0.92026-06-095050
    drupal11.3.132026-06-237000
    eclipse-jetty12.1.102026-06-024030
    elasticsearch9.4.32026-06-253000
    gitlab19.1.12026-06-231630490
    go1.26.42026-06-02263130 ⚠要確認
    haproxy3.4.12026-06-251010
    hashicorp-vault2.0.32026-06-174030
    jenkins2.5712026-06-3016050
    laravel13.18.02026-06-300000
    macos26.5.22026-06-2913816472813 ⚠要確認
    mediawiki1.46.02026-06-3021110 ⚠要確認
    mongodb8.3.42026-06-1520031 ⚠要確認
    mssqlserver17.0.4055.5 CU62026-06-170000
    mysql9.7.12026-06-031000
    nextcloud34.0.12026-06-250000
    nextjs16.2.102026-07-01221101 ⚠要確認
    nginx1.31.22026-06-170000
    nodejs26.4.02026-06-2516370 ⚠要確認
    nuxt4.4.82026-06-080000
    opensearch3.7.02026-06-091010
    openssl4.0.12026-06-09191100 ⚠要確認
    openvpn2.7.52026-07-013110 ⚠要確認
    php8.5.72026-06-043020
    postfix3.11.42026-06-180000
    python3.14.62026-06-105010
    rabbitmq4.3.22026-06-110000
    redis8.6.42026-06-044040
    ruby3.4.102026-06-300000
    rust1.96.12026-06-300000
    spring-boot4.1.02026-06-107140 ⚠要確認
    spring-framework7.0.82026-06-089030
    squid7.62026-06-073020
    symfony8.1.12026-06-272010
    tomcat11.0.232026-06-1713270 ⚠要確認
    traefik3.7.62026-06-3017260 ⚠要確認
    typo314.3.42026-06-164020
    virtualbox7.2.122026-06-30330190
    vue3.5.392026-06-250000

    ※各製品とも複数バージョン系列が存在する場合は最新系列のみを代表として掲載。


    その他情報

  • 全141件(KEV新規23件+主要ソフトウェア更新118件)中、23件が非主要製品(is_major_product=false)関連。
  • 今週のKEV新規追加はエンタープライズ機器・VPN/ゲートウェイ製品(Ivanti, Cisco, Check Point, Oracle PeopleSoft等)に偏っており、ランサムウェア実悪用(Known)とタグ付けされた案件が2件(Check Point, Oracle PeopleSoft)確認された点は業界動向として留意する価値がある可能性がある。一方、自社運用中の主要OSSスタック(Go, Node.js, Django, Traefik等)でも通常運用の一環としてCritical帯のパッチが継続的にリリースされており、定例パッチ適用サイクルの継続を推奨する。

  • 原本データ (JSON) — 表示するにはクリック
    {
      "range": {
        "from": "2026-06-26",
        "to": "2026-07-02",
        "days": 7
      },
      "summary": {
        "total_kev_new": 23,
        "total_software_update": 118,
        "by_date": {
          "2026-07-02": {
            "kev_new": 23,
            "software_update": 118
          }
        }
      },
      "kev_new": [
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2022-0492",
          "cve_id": "CVE-2022-0492",
          "vendor_project": "Linux",
          "product": "Kernel",
          "vulnerability_name": "Linux Kernel Improper Authentication Vulnerability",
          "date_added": "2026-06-02",
          "short_description": "Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-05",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": null,
          "epss_score": null
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2025-48595",
          "cve_id": "CVE-2025-48595",
          "vendor_project": "Android",
          "product": "Framework",
          "vulnerability_name": "Android Framework Integer Overflow Vulnerability",
          "date_added": "2026-06-02",
          "short_description": "Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-05",
          "known_ransomware": "Unknown",
          "cvss_score": 8.4,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "L",
          "is_remote": false,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
          "epss_score": 0.01714
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2025-67038",
          "cve_id": "CVE-2025-67038",
          "vendor_project": "Lantronix",
          "product": "EDS5000",
          "vulnerability_name": "Lantronix EDS5000 Code Injection Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.",
          "epss_score": 0.01131
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-10520",
          "cve_id": "CVE-2026-10520",
          "vendor_project": "Ivanti",
          "product": "Sentry",
          "vulnerability_name": "Ivanti Sentry OS Command Injection Vulnerability",
          "date_added": "2026-06-11",
          "short_description": "Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-14",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution",
          "epss_score": 0.98937
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-11645",
          "cve_id": "CVE-2026-11645",
          "vendor_project": "Google",
          "product": "Chromium V8",
          "vulnerability_name": "Google Chromium V8 Out-of-Bounds Read and Write Vulnerability",
          "date_added": "2026-06-09",
          "short_description": "Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-23",
          "known_ransomware": "Unknown",
          "cvss_score": 8.8,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
          "epss_score": 0.01654
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-12569",
          "cve_id": "CVE-2026-12569",
          "vendor_project": "PTC",
          "product": "Windchill and FlexPLM",
          "vulnerability_name": "PTC Windchill and FlexPLM Improper Input Validation Vulnerability",
          "date_added": "2026-06-25",
          "short_description": "PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-28",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.   *  This advisory also applies to all CPS versions\n  *  The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030",
          "epss_score": 0.01106
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20230",
          "cve_id": "CVE-2026-20230",
          "vendor_project": "Cisco",
          "product": "Unified Communications Manager",
          "vulnerability_name": "Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability",
          "date_added": "2026-06-25",
          "short_description": "Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-28",
          "known_ransomware": "Unknown",
          "cvss_score": 8.6,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device.\r\n\r This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could a",
          "epss_score": 0.41694
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20245",
          "cve_id": "CVE-2026-20245",
          "vendor_project": "Cisco",
          "product": "Catalyst SD-WAN Manager",
          "vulnerability_name": "Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability",
          "date_added": "2026-06-09",
          "short_description": "Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-23",
          "known_ransomware": "Unknown",
          "cvss_score": 7.8,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "L",
          "is_remote": false,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected syst",
          "epss_score": 0.09922
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20253",
          "cve_id": "CVE-2026-20253",
          "vendor_project": "Splunk",
          "product": "Enterprise",
          "vulnerability_name": "Splunk Enterprise Missing Authentication for Critical Function Vulnerability",
          "date_added": "2026-06-18",
          "short_description": "Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-21",
          "known_ransomware": "Unknown",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.",
          "epss_score": 0.88171
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20262",
          "cve_id": "CVE-2026-20262",
          "vendor_project": "Cisco",
          "product": "Catalyst SD-WAN Manager",
          "vulnerability_name": "Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability",
          "date_added": "2026-06-15",
          "short_description": "Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-29",
          "known_ransomware": "Unknown",
          "cvss_score": 6.5,
          "cvss_severity": "MEDIUM",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.\r\n\r\nThis vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful explo",
          "epss_score": 0.07683
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-28318",
          "cve_id": "CVE-2026-28318",
          "vendor_project": "SolarWinds",
          "product": "Serv-U",
          "vulnerability_name": "SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability",
          "date_added": "2026-06-05",
          "short_description": "SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-19",
          "known_ransomware": "Unknown",
          "cvss_score": 7.5,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update",
          "epss_score": 0.10659
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-34908",
          "cve_id": "CVE-2026-34908",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Improper Access Control Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.",
          "epss_score": 0.02452
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-34909",
          "cve_id": "CVE-2026-34909",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Path Traversal Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.",
          "epss_score": 0.02269
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-34910",
          "cve_id": "CVE-2026-34910",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Improper Input Validation Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.",
          "epss_score": 0.78555
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-35273",
          "cve_id": "CVE-2026-35273",
          "vendor_project": "Oracle",
          "product": " PeopleSoft Enterprise PeopleTools",
          "vulnerability_name": "Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability",
          "date_added": "2026-06-12",
          "short_description": "Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-15",
          "known_ransomware": "Known",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability i",
          "epss_score": 0.9233
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-42271",
          "cve_id": "CVE-2026-42271",
          "vendor_project": "BerriAI",
          "product": "LiteLLM",
          "vulnerability_name": "BerriAI LiteLLM Command Injection Vulnerability",
          "date_added": "2026-06-08",
          "short_description": "BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-22",
          "known_ransomware": "Unknown",
          "cvss_score": 8.8,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied com",
          "epss_score": 0.80188
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-45247",
          "cve_id": "CVE-2026-45247",
          "vendor_project": "Mirasvit",
          "product": "Mirasvit Full Page Cache Warmer",
          "vulnerability_name": "Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability",
          "date_added": "2026-06-03",
          "short_description": "Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-06",
          "known_ransomware": "Unknown",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.",
          "epss_score": 0.27546
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-45659",
          "cve_id": "CVE-2026-45659",
          "vendor_project": "Microsoft",
          "product": "SharePoint Server",
          "vulnerability_name": "Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability",
          "date_added": "2026-07-01",
          "short_description": "Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-07-04",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": null,
          "epss_score": null
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-48558",
          "cve_id": "CVE-2026-48558",
          "vendor_project": "SimpleHelp ",
          "product": "SimpleHelp",
          "vulnerability_name": "SimpleHelp Authentication Bypass Vulnerability",
          "date_added": "2026-06-29",
          "short_description": "SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-07-02",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may",
          "epss_score": 0.0116
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-48907",
          "cve_id": "CVE-2026-48907",
          "vendor_project": "Widget Factory",
          "product": "Joomla Content Editor ",
          "vulnerability_name": "Widget Factory Joomla Content Editor Improper Access Control Vulnerability",
          "date_added": "2026-06-16",
          "short_description": "Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. ",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-19",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.",
          "epss_score": 0.80425
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-50751",
          "cve_id": "CVE-2026-50751",
          "vendor_project": "Check Point",
          "product": "Security Gateway",
          "vulnerability_name": "Check Point Security Gateway Improper Authentication Vulnerability",
          "date_added": "2026-06-08",
          "short_description": "Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-11",
          "known_ransomware": "Known",
          "cvss_score": 9.3,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.",
          "epss_score": 0.71051
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-54420",
          "cve_id": "CVE-2026-54420",
          "vendor_project": "LiteSpeed",
          "product": "cPanel Plugin",
          "vulnerability_name": "LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability",
          "date_added": "2026-06-15",
          "short_description": "LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-18",
          "known_ransomware": "Unknown",
          "cvss_score": 8.5,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.",
          "epss_score": 0.01261
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-7473",
          "cve_id": "CVE-2026-7473",
          "vendor_project": "Arista",
          "product": "Extensible Operating System",
          "vulnerability_name": "Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability",
          "date_added": "2026-06-09",
          "short_description": "Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-23",
          "known_ransomware": "Unknown",
          "cvss_score": 5.8,
          "cvss_severity": "MEDIUM",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tun",
          "epss_score": 0.00836
        }
      ],
      "software_update": [
        {
          "digest_date": "2026-07-02",
          "key": "alpine-linux:3.22",
          "product": "alpine-linux",
          "category": "os",
          "cycle": "3.22",
          "latest": "3.22.5",
          "release_date": "2025-05-30",
          "latest_release_date": "2026-06-21",
          "eol_date": "2027-05-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "alpine-linux:3.23",
          "product": "alpine-linux",
          "category": "os",
          "cycle": "3.23",
          "latest": "3.23.5",
          "release_date": "2025-12-04",
          "latest_release_date": "2026-06-21",
          "eol_date": "2027-11-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "alpine-linux:3.24",
          "product": "alpine-linux",
          "category": "os",
          "cycle": "3.24",
          "latest": "3.24.1",
          "release_date": "2026-06-09",
          "latest_release_date": "2026-06-13",
          "eol_date": "2028-06-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "amazon-linux:2",
          "product": "amazon-linux",
          "category": "os",
          "cycle": "2",
          "latest": "2.0.20260615.0",
          "release_date": "2018-06-26",
          "latest_release_date": "2026-06-22",
          "eol_date": "2026-06-30",
          "support_date": "2026-06-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "amazon-linux:2018.03",
          "product": "amazon-linux",
          "category": "os",
          "cycle": "2018.03",
          "latest": "2018.03.0.20231218.0",
          "release_date": "2018-04-25",
          "latest_release_date": "2026-06-16",
          "eol_date": "2023-12-31",
          "support_date": "2020-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "amazon-linux:2023",
          "product": "amazon-linux",
          "category": "os",
          "cycle": "2023",
          "latest": "2023.12.20260611.0",
          "release_date": "2023-03-01",
          "latest_release_date": "2026-06-22",
          "eol_date": "2029-06-30",
          "support_date": "2027-06-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:19",
          "product": "angular",
          "category": "framework",
          "cycle": "19",
          "latest": "19.2.25",
          "release_date": "2024-11-19",
          "latest_release_date": "2026-06-02",
          "eol_date": "2026-05-19",
          "support_date": "2025-05-28",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:20",
          "product": "angular",
          "category": "framework",
          "cycle": "20",
          "latest": "20.3.25",
          "release_date": "2025-05-28",
          "latest_release_date": "2026-06-10",
          "eol_date": "2026-11-28",
          "support_date": "2025-11-19",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:21",
          "product": "angular",
          "category": "framework",
          "cycle": "21",
          "latest": "21.2.17",
          "release_date": "2025-11-19",
          "latest_release_date": "2026-06-10",
          "eol_date": "2027-05-19",
          "support_date": "2026-06-03",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:22",
          "product": "angular",
          "category": "framework",
          "cycle": "22",
          "latest": "22.0.4",
          "release_date": "2026-06-03",
          "latest_release_date": "2026-06-26",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache-activemq:5.19",
          "product": "apache-activemq",
          "category": "middleware",
          "cycle": "5.19",
          "latest": "5.19.8",
          "release_date": "2025-03-07",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 0,
            "high": 7,
            "medium": 6,
            "low": 0,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40466",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-49157",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-45505",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache-activemq:6.2",
          "product": "apache-activemq",
          "category": "middleware",
          "cycle": "6.2",
          "latest": "6.2.7",
          "release_date": "2025-11-09",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 0,
            "high": 7,
            "medium": 6,
            "low": 0,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40466",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-49157",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-45505",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache-kafka:4.3",
          "product": "apache-kafka",
          "category": "middleware",
          "cycle": "4.3",
          "latest": "4.3.1",
          "release_date": "2026-05-20",
          "latest_release_date": "2026-06-23",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 1,
            "high": 0,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-33557",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-33558",
                "severity": "MEDIUM",
                "score": 5.3
              },
              {
                "cve_id": "CVE-2026-41115",
                "severity": "MEDIUM",
                "score": 4.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache:2.4",
          "product": "apache",
          "category": "webserver",
          "cycle": "2.4",
          "latest": "2.4.68",
          "release_date": "2012-02-21",
          "latest_release_date": "2026-06-08",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 3,
            "high": 7,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-28780",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-29167",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-42535",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "caddy:2",
          "product": "caddy",
          "category": "webserver",
          "cycle": "2",
          "latest": "2.11.4",
          "release_date": "2020-05-04",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 8,
            "critical": 4,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-27590",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-27587",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-27586",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "django:5.2",
          "product": "django",
          "category": "framework",
          "cycle": "5.2",
          "latest": "5.2.15",
          "release_date": "2025-04-02",
          "latest_release_date": "2026-06-03",
          "eol_date": "2028-04-30",
          "support_date": "2025-12-03",
          "is_major_product": true,
          "cve_stats": {
            "total": 22,
            "critical": 2,
            "high": 7,
            "medium": 6,
            "low": 7,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4277",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-64459",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2025-14550",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "django:6.0",
          "product": "django",
          "category": "framework",
          "cycle": "6.0",
          "latest": "6.0.6",
          "release_date": "2025-12-03",
          "latest_release_date": "2026-06-03",
          "eol_date": "2027-04-30",
          "support_date": "2026-08-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 22,
            "critical": 2,
            "high": 7,
            "medium": 6,
            "low": 7,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4277",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-64459",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2025-14550",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "dotnet:10",
          "product": "dotnet",
          "category": "framework",
          "cycle": "10",
          "latest": "10.0.9",
          "release_date": "2025-11-11",
          "latest_release_date": "2026-06-09",
          "eol_date": "2028-11-14",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 5,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-26131",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2026-42899",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-21218",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "dotnet:8",
          "product": "dotnet",
          "category": "framework",
          "cycle": "8",
          "latest": "8.0.28",
          "release_date": "2023-11-14",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-11-10",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 5,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-26131",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2026-42899",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-21218",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "dotnet:9",
          "product": "dotnet",
          "category": "framework",
          "cycle": "9",
          "latest": "9.0.17",
          "release_date": "2024-11-12",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-11-10",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 5,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-26131",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2026-42899",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-21218",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:10.5",
          "product": "drupal",
          "category": "cms",
          "cycle": "10.5",
          "latest": "10.5.12",
          "release_date": "2025-06-18",
          "latest_release_date": "2026-06-17",
          "eol_date": "2026-06-17",
          "support_date": "2025-12-17",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:10.6",
          "product": "drupal",
          "category": "cms",
          "cycle": "10.6",
          "latest": "10.6.12",
          "release_date": "2025-12-17",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-12-16",
          "support_date": "2026-06-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:11.2",
          "product": "drupal",
          "category": "cms",
          "cycle": "11.2",
          "latest": "11.2.14",
          "release_date": "2025-06-18",
          "latest_release_date": "2026-06-17",
          "eol_date": "2026-06-17",
          "support_date": "2025-12-10",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:11.3",
          "product": "drupal",
          "category": "cms",
          "cycle": "11.3",
          "latest": "11.3.13",
          "release_date": "2025-12-17",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-12-16",
          "support_date": "2026-06-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "eclipse-jetty:12.0",
          "product": "eclipse-jetty",
          "category": "webserver",
          "cycle": "12.0",
          "latest": "12.0.36",
          "release_date": "2023-08-07",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 3,
            "medium": 0,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-1605",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-5795",
                "severity": "HIGH",
                "score": 7.4
              },
              {
                "cve_id": "CVE-2026-2332",
                "severity": "HIGH",
                "score": 7.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "eclipse-jetty:12.1",
          "product": "eclipse-jetty",
          "category": "webserver",
          "cycle": "12.1",
          "latest": "12.1.10",
          "release_date": "2025-08-18",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 3,
            "medium": 0,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-1605",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-5795",
                "severity": "HIGH",
                "score": 7.4
              },
              {
                "cve_id": "CVE-2026-2332",
                "severity": "HIGH",
                "score": 7.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "elasticsearch:8.19",
          "product": "elasticsearch",
          "category": "database",
          "cycle": "8.19",
          "latest": "8.19.18",
          "release_date": "2025-07-23",
          "latest_release_date": "2026-06-26",
          "eol_date": "2027-07-15",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 0,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-37731",
                "severity": "MEDIUM",
                "score": 6.8
              },
              {
                "cve_id": "CVE-2025-68384",
                "severity": "MEDIUM",
                "score": 6.5
              },
              {
                "cve_id": "CVE-2025-68390",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "elasticsearch:9.3",
          "product": "elasticsearch",
          "category": "database",
          "cycle": "9.3",
          "latest": "9.3.7",
          "release_date": "2026-02-03",
          "latest_release_date": "2026-06-25",
          "eol_date": "2026-05-26",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 0,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-37731",
                "severity": "MEDIUM",
                "score": 6.8
              },
              {
                "cve_id": "CVE-2025-68384",
                "severity": "MEDIUM",
                "score": 6.5
              },
              {
                "cve_id": "CVE-2025-68390",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "elasticsearch:9.4",
          "product": "elasticsearch",
          "category": "database",
          "cycle": "9.4",
          "latest": "9.4.3",
          "release_date": "2026-05-05",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 0,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-37731",
                "severity": "MEDIUM",
                "score": 6.8
              },
              {
                "cve_id": "CVE-2025-68384",
                "severity": "MEDIUM",
                "score": 6.5
              },
              {
                "cve_id": "CVE-2025-68390",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:18.10",
          "product": "gitlab",
          "category": "devops",
          "cycle": "18.10",
          "latest": "18.10.8",
          "release_date": "2026-03-19",
          "latest_release_date": "2026-06-10",
          "eol_date": "2026-06-18",
          "support_date": "2026-04-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:18.11",
          "product": "gitlab",
          "category": "devops",
          "cycle": "18.11",
          "latest": "18.11.6",
          "release_date": "2026-04-16",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-07-16",
          "support_date": "2026-05-21",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:18.8",
          "product": "gitlab",
          "category": "devops",
          "cycle": "18.8",
          "latest": "18.8.11",
          "release_date": "2026-01-15",
          "latest_release_date": "2026-06-29",
          "eol_date": "2026-04-16",
          "support_date": "2026-02-19",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:19.0",
          "product": "gitlab",
          "category": "devops",
          "cycle": "19.0",
          "latest": "19.0.3",
          "release_date": "2026-05-21",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-08-20",
          "support_date": "2026-06-18",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:19.1",
          "product": "gitlab",
          "category": "devops",
          "cycle": "19.1",
          "latest": "19.1.1",
          "release_date": "2026-06-18",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-09-17",
          "support_date": "2026-07-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "go:1.25",
          "product": "go",
          "category": "programming",
          "cycle": "1.25",
          "latest": "1.25.11",
          "release_date": "2025-08-12",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 26,
            "critical": 3,
            "high": 13,
            "medium": 8,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-68121",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-27143",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-66630",
                "severity": "CRITICAL",
                "score": 9.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "go:1.26",
          "product": "go",
          "category": "programming",
          "cycle": "1.26",
          "latest": "1.26.4",
          "release_date": "2026-02-11",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 26,
            "critical": 3,
            "high": 13,
            "medium": 8,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-68121",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-27143",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-66630",
                "severity": "CRITICAL",
                "score": 9.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:2.6",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "2.6",
          "latest": "2.6.30",
          "release_date": "2022-05-31",
          "latest_release_date": "2026-06-26",
          "eol_date": "2027-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:2.8",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "2.8",
          "latest": "2.8.25",
          "release_date": "2023-05-31",
          "latest_release_date": "2026-06-26",
          "eol_date": "2028-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.0",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.0",
          "latest": "3.0.24",
          "release_date": "2024-05-29",
          "latest_release_date": "2026-06-26",
          "eol_date": "2029-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.2",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.2",
          "latest": "3.2.20",
          "release_date": "2025-05-28",
          "latest_release_date": "2026-06-26",
          "eol_date": "2030-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.3",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.3",
          "latest": "3.3.11",
          "release_date": "2025-11-26",
          "latest_release_date": "2026-06-26",
          "eol_date": "2027-01-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.4",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.4",
          "latest": "3.4.1",
          "release_date": "2026-06-03",
          "latest_release_date": "2026-06-25",
          "eol_date": "2031-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "hashicorp-vault:2.0",
          "product": "hashicorp-vault",
          "category": "devops",
          "cycle": "2.0",
          "latest": "2.0.3",
          "release_date": "2026-04-13",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 3,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-3605",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-4525",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-5807",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "jenkins:2",
          "product": "jenkins",
          "category": "devops",
          "cycle": "2",
          "latest": "2.571",
          "release_date": "2016-04-20",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 0,
            "high": 5,
            "medium": 10,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-53435",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-33001",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-27099",
                "severity": "HIGH",
                "score": 8.0
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "jenkins:2.555",
          "product": "jenkins",
          "category": "devops",
          "cycle": "2.555",
          "latest": "2.555.3",
          "release_date": "2026-03-18",
          "latest_release_date": "2026-06-08",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 0,
            "high": 5,
            "medium": 10,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-53435",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-33001",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-27099",
                "severity": "HIGH",
                "score": 8.0
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "laravel:12",
          "product": "laravel",
          "category": "framework",
          "cycle": "12",
          "latest": "12.62.0",
          "release_date": "2025-02-24",
          "latest_release_date": "2026-06-09",
          "eol_date": "2027-02-24",
          "support_date": "2026-08-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "laravel:13",
          "product": "laravel",
          "category": "framework",
          "cycle": "13",
          "latest": "13.18.0",
          "release_date": "2026-03-17",
          "latest_release_date": "2026-06-30",
          "eol_date": "2028-03-17",
          "support_date": "2027-09-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "macos:26",
          "product": "macos",
          "category": "os",
          "cycle": "26",
          "latest": "26.5.2",
          "release_date": "2025-09-15",
          "latest_release_date": "2026-06-29",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1381,
            "critical": 64,
            "high": 728,
            "medium": 535,
            "low": 54,
            "kev": 13,
            "top_cves": [
              {
                "cve_id": "CVE-2026-13782",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-30793",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0905",
                "severity": "CRITICAL",
                "score": 9.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.43",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.43",
          "latest": "1.43.9",
          "release_date": "2024-12-21",
          "latest_release_date": "2026-06-29",
          "eol_date": "2027-12-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.44",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.44",
          "latest": "1.44.6",
          "release_date": "2025-07-02",
          "latest_release_date": "2026-06-29",
          "eol_date": "2026-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.45",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.45",
          "latest": "1.45.4",
          "release_date": "2025-12-04",
          "latest_release_date": "2026-06-29",
          "eol_date": "2026-12-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.46",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.46",
          "latest": "1.46.0",
          "release_date": "2026-06-30",
          "latest_release_date": "2026-06-30",
          "eol_date": "2027-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:4.4",
          "product": "mongodb",
          "category": "database",
          "cycle": "4.4",
          "latest": "4.4.31",
          "release_date": "2020-07-31",
          "latest_release_date": "2026-06-24",
          "eol_date": "2024-02-29",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:5.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "5.0",
          "latest": "5.0.34",
          "release_date": "2021-07-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2024-10-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:6.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "6.0",
          "latest": "6.0.29",
          "release_date": "2022-07-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2025-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:7.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "7.0",
          "latest": "7.0.37",
          "release_date": "2023-08-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2027-08-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:8.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "8.0",
          "latest": "8.0.26",
          "release_date": "2024-10-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2029-10-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:8.2",
          "product": "mongodb",
          "category": "database",
          "cycle": "8.2",
          "latest": "8.2.11",
          "release_date": "2025-09-30",
          "latest_release_date": "2026-06-16",
          "eol_date": "2026-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:8.3",
          "product": "mongodb",
          "category": "database",
          "cycle": "8.3",
          "latest": "8.3.4",
          "release_date": "2026-05-31",
          "latest_release_date": "2026-06-15",
          "eol_date": "2029-10-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mssqlserver:17.0",
          "product": "mssqlserver",
          "category": "database",
          "cycle": "17.0",
          "latest": "17.0.4055.5 CU6",
          "release_date": "2025-11-18",
          "latest_release_date": "2026-06-17",
          "eol_date": "2036-01-06",
          "support_date": "2031-01-06",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mysql:8.4",
          "product": "mysql",
          "category": "database",
          "cycle": "8.4",
          "latest": "8.4.10",
          "release_date": "2024-04-10",
          "latest_release_date": "2026-06-03",
          "eol_date": "2032-04-30",
          "support_date": "2029-04-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 0,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21964",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mysql:9.7",
          "product": "mysql",
          "category": "database",
          "cycle": "9.7",
          "latest": "9.7.1",
          "release_date": "2026-04-21",
          "latest_release_date": "2026-06-03",
          "eol_date": "2034-04-21",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 0,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21964",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextcloud:32",
          "product": "nextcloud",
          "category": "cms",
          "cycle": "32",
          "latest": "32.0.12",
          "release_date": "2025-09-27",
          "latest_release_date": "2026-06-25",
          "eol_date": "2026-09-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextcloud:33",
          "product": "nextcloud",
          "category": "cms",
          "cycle": "33",
          "latest": "33.0.6",
          "release_date": "2026-02-18",
          "latest_release_date": "2026-06-25",
          "eol_date": "2027-02-28",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextcloud:34",
          "product": "nextcloud",
          "category": "cms",
          "cycle": "34",
          "latest": "34.0.1",
          "release_date": "2026-06-09",
          "latest_release_date": "2026-06-25",
          "eol_date": "2027-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextjs:16",
          "product": "nextjs",
          "category": "framework",
          "cycle": "16",
          "latest": "16.2.10",
          "release_date": "2025-10-22",
          "latest_release_date": "2026-07-01",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 22,
            "critical": 1,
            "high": 10,
            "medium": 10,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2025-55182",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-44578",
                "severity": "HIGH",
                "score": 8.6
              },
              {
                "cve_id": "CVE-2026-44574",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nginx:1.30",
          "product": "nginx",
          "category": "webserver",
          "cycle": "1.30",
          "latest": "1.30.3",
          "release_date": "2026-04-14",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nginx:1.31",
          "product": "nginx",
          "category": "webserver",
          "cycle": "1.31",
          "latest": "1.31.2",
          "release_date": "2026-05-13",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nodejs:22",
          "product": "nodejs",
          "category": "programming",
          "cycle": "22",
          "latest": "22.23.1",
          "release_date": "2024-04-24",
          "latest_release_date": "2026-06-23",
          "eol_date": "2027-04-30",
          "support_date": "2025-10-21",
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 3,
            "high": 7,
            "medium": 4,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21636",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-48930",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-55130",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nodejs:24",
          "product": "nodejs",
          "category": "programming",
          "cycle": "24",
          "latest": "24.18.0",
          "release_date": "2025-05-06",
          "latest_release_date": "2026-06-23",
          "eol_date": "2028-04-30",
          "support_date": "2026-10-20",
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 3,
            "high": 7,
            "medium": 4,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21636",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-48930",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-55130",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nodejs:26",
          "product": "nodejs",
          "category": "programming",
          "cycle": "26",
          "latest": "26.4.0",
          "release_date": "2026-05-05",
          "latest_release_date": "2026-06-25",
          "eol_date": "2029-04-30",
          "support_date": "2027-10-27",
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 3,
            "high": 7,
            "medium": 4,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21636",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-48930",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-55130",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nuxt:3",
          "product": "nuxt",
          "category": "framework",
          "cycle": "3",
          "latest": "3.21.8",
          "release_date": "2022-11-16",
          "latest_release_date": "2026-06-08",
          "eol_date": "2026-07-31",
          "support_date": "2025-07-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nuxt:4",
          "product": "nuxt",
          "category": "framework",
          "cycle": "4",
          "latest": "4.4.8",
          "release_date": "2025-07-16",
          "latest_release_date": "2026-06-08",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "opensearch:3",
          "product": "opensearch",
          "category": "database",
          "cycle": "3",
          "latest": "3.7.0",
          "release_date": "2025-05-06",
          "latest_release_date": "2026-06-09",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-9624",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.0",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.0",
          "latest": "3.0.21",
          "release_date": "2021-09-07",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-09-07",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.4",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.4",
          "latest": "3.4.6",
          "release_date": "2024-10-22",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-10-22",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.5",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.5",
          "latest": "3.5.7",
          "release_date": "2025-04-08",
          "latest_release_date": "2026-06-09",
          "eol_date": "2030-04-08",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.6",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.6",
          "latest": "3.6.3",
          "release_date": "2025-10-01",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-11-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:4.0",
          "product": "openssl",
          "category": "crypto",
          "cycle": "4.0",
          "latest": "4.0.1",
          "release_date": "2026-04-14",
          "latest_release_date": "2026-06-09",
          "eol_date": "2027-05-14",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openvpn:2.7",
          "product": "openvpn",
          "category": "middleware",
          "cycle": "2.7",
          "latest": "2.7.5",
          "release_date": "2026-02-11",
          "latest_release_date": "2026-07-01",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 1,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-12106",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2025-13086",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-13751",
                "severity": "MEDIUM",
                "score": 5.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "php:8.4",
          "product": "php",
          "category": "programming",
          "cycle": "8.4",
          "latest": "8.4.22",
          "release_date": "2024-11-21",
          "latest_release_date": "2026-06-04",
          "eol_date": "2028-12-31",
          "support_date": "2026-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 2,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-14177",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14180",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14178",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "php:8.5",
          "product": "php",
          "category": "programming",
          "cycle": "8.5",
          "latest": "8.5.7",
          "release_date": "2025-11-20",
          "latest_release_date": "2026-06-04",
          "eol_date": "2029-12-31",
          "support_date": "2027-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 2,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-14177",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14180",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14178",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.10",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.10",
          "latest": "3.10.11",
          "release_date": "2025-02-16",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.11",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.11",
          "latest": "3.11.4",
          "release_date": "2026-03-06",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.8",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.8",
          "latest": "3.8.18",
          "release_date": "2023-04-17",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.9",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.9",
          "latest": "3.9.12",
          "release_date": "2024-03-06",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "python:3.13",
          "product": "python",
          "category": "programming",
          "cycle": "3.13",
          "latest": "3.13.14",
          "release_date": "2024-10-07",
          "latest_release_date": "2026-06-10",
          "eol_date": "2029-10-31",
          "support_date": "2026-10-01",
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 1,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-13836",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-13837",
                "severity": "MEDIUM",
                "score": 5.5
              },
              {
                "cve_id": "CVE-2025-12084",
                "severity": "MEDIUM",
                "score": 5.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "python:3.14",
          "product": "python",
          "category": "programming",
          "cycle": "3.14",
          "latest": "3.14.6",
          "release_date": "2025-10-07",
          "latest_release_date": "2026-06-10",
          "eol_date": "2030-10-31",
          "support_date": "2027-10-01",
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 1,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-13836",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-13837",
                "severity": "MEDIUM",
                "score": 5.5
              },
              {
                "cve_id": "CVE-2025-12084",
                "severity": "MEDIUM",
                "score": 5.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "rabbitmq:4.2",
          "product": "rabbitmq",
          "category": "middleware",
          "cycle": "4.2",
          "latest": "4.2.8",
          "release_date": "2025-10-27",
          "latest_release_date": "2026-06-13",
          "eol_date": "2026-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "rabbitmq:4.3",
          "product": "rabbitmq",
          "category": "middleware",
          "cycle": "4.3",
          "latest": "4.3.2",
          "release_date": "2026-04-23",
          "latest_release_date": "2026-06-11",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "redis:8.2",
          "product": "redis",
          "category": "database",
          "cycle": "8.2",
          "latest": "8.2.7",
          "release_date": "2025-08-04",
          "latest_release_date": "2026-06-04",
          "eol_date": "2026-05-25",
          "support_date": "2025-11-18",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 4,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-62507",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-25243",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-23479",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "redis:8.4",
          "product": "redis",
          "category": "database",
          "cycle": "8.4",
          "latest": "8.4.4",
          "release_date": "2025-11-18",
          "latest_release_date": "2026-06-04",
          "eol_date": "false",
          "support_date": "2026-02-11",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 4,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-62507",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-25243",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-23479",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "redis:8.6",
          "product": "redis",
          "category": "database",
          "cycle": "8.6",
          "latest": "8.6.4",
          "release_date": "2026-02-11",
          "latest_release_date": "2026-06-04",
          "eol_date": "false",
          "support_date": "2026-05-25",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 4,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-62507",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-25243",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-23479",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "ruby:3.4",
          "product": "ruby",
          "category": "programming",
          "cycle": "3.4",
          "latest": "3.4.10",
          "release_date": "2024-12-24",
          "latest_release_date": "2026-06-30",
          "eol_date": "2028-03-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "rust:1.96",
          "product": "rust",
          "category": "programming",
          "cycle": "1.96",
          "latest": "1.96.1",
          "release_date": "2026-05-28",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-boot:3.5",
          "product": "spring-boot",
          "category": "framework",
          "cycle": "3.5",
          "latest": "3.5.16",
          "release_date": "2025-05-31",
          "latest_release_date": "2026-06-25",
          "eol_date": "2026-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 1,
            "high": 4,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40976",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-22731",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-22733",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-boot:4.0",
          "product": "spring-boot",
          "category": "framework",
          "cycle": "4.0",
          "latest": "4.0.7",
          "release_date": "2025-11-30",
          "latest_release_date": "2026-06-10",
          "eol_date": "2026-12-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 1,
            "high": 4,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40976",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-22731",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-22733",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-boot:4.1",
          "product": "spring-boot",
          "category": "framework",
          "cycle": "4.1",
          "latest": "4.1.0",
          "release_date": "2026-06-30",
          "latest_release_date": "2026-06-10",
          "eol_date": "2027-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 1,
            "high": 4,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40976",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-22731",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-22733",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-framework:6.2",
          "product": "spring-framework",
          "category": "framework",
          "cycle": "6.2",
          "latest": "6.2.19",
          "release_date": "2024-11-30",
          "latest_release_date": "2026-06-08",
          "eol_date": "2026-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 9,
            "critical": 0,
            "high": 3,
            "medium": 5,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-41842",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41849",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41850",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-framework:7.0",
          "product": "spring-framework",
          "category": "framework",
          "cycle": "7.0",
          "latest": "7.0.8",
          "release_date": "2025-11-30",
          "latest_release_date": "2026-06-08",
          "eol_date": "2027-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 9,
            "critical": 0,
            "high": 3,
            "medium": 5,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-41842",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41849",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41850",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "squid:7",
          "product": "squid",
          "category": "webserver",
          "cycle": "7",
          "latest": "7.6",
          "release_date": "2025-07-10",
          "latest_release_date": "2026-06-07",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 2,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-32748",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-33526",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-33515",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:6.4",
          "product": "symfony",
          "category": "framework",
          "cycle": "6.4",
          "latest": "6.4.42",
          "release_date": "2023-11-29",
          "latest_release_date": "2026-06-27",
          "eol_date": "2027-11-30",
          "support_date": "2026-11-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:7.4",
          "product": "symfony",
          "category": "framework",
          "cycle": "7.4",
          "latest": "7.4.14",
          "release_date": "2025-11-27",
          "latest_release_date": "2026-06-27",
          "eol_date": "2029-11-30",
          "support_date": "2028-11-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:8.0",
          "product": "symfony",
          "category": "framework",
          "cycle": "8.0",
          "latest": "8.0.14",
          "release_date": "2025-11-27",
          "latest_release_date": "2026-06-27",
          "eol_date": "2026-07-31",
          "support_date": "2026-07-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:8.1",
          "product": "symfony",
          "category": "framework",
          "cycle": "8.1",
          "latest": "8.1.1",
          "release_date": "2026-05-29",
          "latest_release_date": "2026-06-27",
          "eol_date": "2027-01-31",
          "support_date": "2027-01-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "tomcat:10.1",
          "product": "tomcat",
          "category": "webserver",
          "cycle": "10.1",
          "latest": "10.1.56",
          "release_date": "2022-09-23",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 2,
            "high": 7,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-66614",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29145",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29129",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "tomcat:11.0",
          "product": "tomcat",
          "category": "webserver",
          "cycle": "11.0",
          "latest": "11.0.23",
          "release_date": "2024-10-03",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 2,
            "high": 7,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-66614",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29145",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29129",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "tomcat:9.0",
          "product": "tomcat",
          "category": "webserver",
          "cycle": "9.0",
          "latest": "9.0.119",
          "release_date": "2017-09-27",
          "latest_release_date": "2026-06-18",
          "eol_date": "2027-03-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 2,
            "high": 7,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-66614",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29145",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29129",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "traefik:2.11",
          "product": "traefik",
          "category": "webserver",
          "cycle": "2.11",
          "latest": "2.11.51",
          "release_date": "2024-02-12",
          "latest_release_date": "2026-06-30",
          "eol_date": "2026-02-01",
          "support_date": "2025-04-29",
          "is_major_product": true,
          "cve_stats": {
            "total": 17,
            "critical": 2,
            "high": 6,
            "medium": 7,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-39858",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-35051",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-33433",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "traefik:3.6",
          "product": "traefik",
          "category": "webserver",
          "cycle": "3.6",
          "latest": "3.6.22",
          "release_date": "2025-11-07",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": "2026-05-11",
          "is_major_product": true,
          "cve_stats": {
            "total": 17,
            "critical": 2,
            "high": 6,
            "medium": 7,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-39858",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-35051",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-33433",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "traefik:3.7",
          "product": "traefik",
          "category": "webserver",
          "cycle": "3.7",
          "latest": "3.7.6",
          "release_date": "2026-04-22",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 17,
            "critical": 2,
            "high": 6,
            "medium": 7,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-39858",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-35051",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-33433",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:10",
          "product": "typo3",
          "category": "cms",
          "cycle": "10",
          "latest": "10.4.58",
          "release_date": "2019-07-23",
          "latest_release_date": "2026-06-16",
          "eol_date": "2023-04-30",
          "support_date": "2021-10-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:11",
          "product": "typo3",
          "category": "cms",
          "cycle": "11",
          "latest": "11.5.52",
          "release_date": "2020-12-22",
          "latest_release_date": "2026-06-16",
          "eol_date": "2024-10-31",
          "support_date": "2023-03-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:12",
          "product": "typo3",
          "category": "cms",
          "cycle": "12",
          "latest": "12.4.47",
          "release_date": "2022-10-04",
          "latest_release_date": "2026-06-16",
          "eol_date": "2026-04-30",
          "support_date": "2024-10-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:13",
          "product": "typo3",
          "category": "cms",
          "cycle": "13",
          "latest": "13.4.32",
          "release_date": "2024-01-30",
          "latest_release_date": "2026-06-16",
          "eol_date": "2027-12-31",
          "support_date": "2026-06-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:14",
          "product": "typo3",
          "category": "cms",
          "cycle": "14",
          "latest": "14.3.4",
          "release_date": "2025-11-25",
          "latest_release_date": "2026-06-16",
          "eol_date": "2029-06-30",
          "support_date": "2027-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "virtualbox:7.2",
          "product": "virtualbox",
          "category": "virtualization",
          "cycle": "7.2",
          "latest": "7.2.12",
          "release_date": "2025-08-14",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 33,
            "critical": 0,
            "high": 19,
            "medium": 8,
            "low": 6,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21990",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-21988",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-21956",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "vue:3.5",
          "product": "vue",
          "category": "framework",
          "cycle": "3.5",
          "latest": "3.5.39",
          "release_date": "2024-09-03",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        }
      ]
    }