全体サマリ
今回のダイジェスト対象期間(2026-06-30〜2026-07-06)は、CISA KEVへの新規追加23件と、主要ソフトウェア47製品(118リリース)の更新情報から構成されている。KEV新規追加分はすべてis_major_product=false(Ivanti/Cisco/Splunk/Oracle PeopleSoft等のエンタープライズ機器が中心)で、自社の主要運用対象には該当しない可能性が高い。一方、主要ソフトウェア更新側の集計データ(cve_stats)を確認したところ、Next.js・Apache ActiveMQ・MongoDB・macOSの4製品でKEV該当CVEが含まれている可能性があり、要対応候補として扱う。
★★★ 要対応 CVE
CVE-2025-55182(推定) — Next.js (matched_product: nextjs)
KEV該当CVE-ID要確認 — Apache ActiveMQ (matched_product: apache-activemq)
apache/activemq-classic公式イメージのパッチ前バージョンをbrokerとして起動し、公式advisory記載の脆弱条件(OpenWireプロトコル等)を再現、パッチ後との差分を確認。KEV該当CVE-ID要確認 — MongoDB (matched_product: mongodb)
mongo公式イメージのパッチ前バージョンを起動し、認証・ネットワークバインド設定を公式advisory記載の脆弱条件に合わせて再現、パッチ適用後の差分を確認。Critical/KEV多数(月次累積パッチ) — macOS (matched_product: macos)
★★ 参考 CVE
KEV新規追加分(自社利用の可能性は低いが業界動向として)
主要製品の高CVSS案件(is_remote未確認のためKEV/ランサム実績なし=★★扱い)
主要ソフトウェア更新(is_major_product=true のみ抜粋)
| 製品 | 新バージョン | リリース日 | CVE件数 | Critical | High | KEV |
|---|---|---|---|---|---|---|
| Next.js | 16.2.10 | 2026-07-01 | 22 | 1 | 10 | 1 ⚠️ |
| Apache ActiveMQ | 5.19.8 / 6.2.7 | 2026-06-25 | 13 | 0 | 7 | 1 ⚠️ |
| MongoDB | 4.4.31〜8.3.4 | 2026-06-15〜24 | 20 | 0 | 3 | 1 ⚠️ |
| macOS | 26.5.2 | 2026-06-29 | 1381 | 64 | 728 | 13 ⚠️ |
| Django | 5.2.15 / 6.0.6 | 2026-06-03 | 22 | 2 | 7 | 0 ⚠️ |
| Node.js | 22.23.1 / 24.18.0 / 26.4.0 | 2026-06-23〜25 | 16 | 3 | 7 | 0 ⚠️ |
| Go | 1.25.11 / 1.26.4 | 2026-06-02 | 26 | 3 | 13 | 0 ⚠️ |
| Traefik | 2.11.51 / 3.6.22 / 3.7.6 | 2026-06-30 | 17 | 2 | 6 | 0 ⚠️ |
| Apache HTTP Server | 2.4.68 | 2026-06-08 | 13 | 3 | 7 | 0 ⚠️ |
| Caddy | 2.11.4 | 2026-06-02 | 8 | 4 | 2 | 0 ⚠️ |
| OpenSSL | 3.0.21〜4.0.1 | 2026-06-09 | 19 | 1 | 10 | 0 ⚠️ |
| Spring Boot | 3.5.16 / 4.0.7 / 4.1.0 | 2026-06-10〜25 | 7 | 1 | 4 | 0 ⚠️ |
| Tomcat | 9.0.119 / 10.1.56 / 11.0.23 | 2026-06-17〜18 | 13 | 2 | 7 | 0 ⚠️ |
| MediaWiki | 1.43.9〜1.46.0 | 2026-06-29〜30 | 21 | 1 | 1 | 0 ⚠️ |
| Apache Kafka | 4.3.1 | 2026-06-23 | 3 | 1 | 0 | 0 ⚠️ |
| OpenVPN | 2.7.5 | 2026-07-01 | 3 | 1 | 1 | 0 ⚠️ |
| GitLab | 18.8.11〜19.1.1 | 2026-06-10〜29 | 163 | 0 | 49 | 0 |
| VirtualBox | 7.2.12 | 2026-06-30 | 33 | 0 | 19 | 0 |
| Jenkins | 2.555.3 / 2.571 | 2026-06-08〜30 | 16 | 0 | 5 | 0 |
| Redis | 8.2.7 / 8.4.4 / 8.6.4 | 2026-06-04 | 4 | 0 | 4 | 0 |
| Spring Framework | 6.2.19 / 7.0.8 | 2026-06-08 | 9 | 0 | 3 | 0 |
| Eclipse Jetty | 12.0.36 / 12.1.10 | 2026-06-02 | 4 | 0 | 3 | 0 |
| HashiCorp Vault | 2.0.3 | 2026-06-17 | 4 | 0 | 3 | 0 |
| TYPO3 | 10.4.58〜14.3.4 | 2026-06-16 | 4 | 0 | 2 | 0 |
| Squid | 7.6 | 2026-06-07 | 3 | 0 | 2 | 0 |
| PHP | 8.4.22 / 8.5.7 | 2026-06-04 | 3 | 0 | 2 | 0 |
| Symfony | 6.4.42〜8.1.1 | 2026-06-27 | 2 | 0 | 1 | 0 |
| OpenSearch | 3.7.0 | 2026-06-09 | 1 | 0 | 1 | 0 |
| HAProxy | 2.6.30〜3.4.1 | 2026-06-25〜26 | 1 | 0 | 1 | 0 |
| Python | 3.13.14 / 3.14.6 | 2026-06-10 | 5 | 0 | 1 | 0 |
| nginx | 1.30.3 / 1.31.2 | 2026-06-17 | 0 | 0 | 0 | 0 |
| .NET | 8.0.28 / 9.0.17 / 10.0.9 | 2026-06-09 | 5 | 0 | 5 | 0 |
| Angular | 19.2.25〜22.0.4 | 2026-06-02〜26 | 4 | 0 | 0 | 0 |
| Drupal | 10.5.12〜11.3.13 | 2026-06-17〜23 | 7 | 0 | 0 | 0 |
| Elasticsearch | 8.19.18 / 9.3.7 / 9.4.3 | 2026-06-25〜26 | 3 | 0 | 0 | 0 |
| MySQL | 8.4.10 / 9.7.1 | 2026-06-03 | 1 | 0 | 0 | 0 |
| alpine-linux | 3.22.5 / 3.23.5 / 3.24.1 | 2026-06-13〜21 | 0 | 0 | 0 | 0 |
| amazon-linux | 各系列 | 2026-06-16〜22 | 0 | 0 | 0 | 0 |
| Laravel | 12.62.0 / 13.18.0 | 2026-06-09〜30 | 0 | 0 | 0 | 0 |
| Nextcloud | 32.0.12〜34.0.1 | 2026-06-25 | 0 | 0 | 0 | 0 |
| Nuxt | 3.21.8 / 4.4.8 | 2026-06-08 | 0 | 0 | 0 | 0 |
| Postfix | 3.8.18〜3.11.4 | 2026-06-18 | 0 | 0 | 0 | 0 |
| RabbitMQ | 4.2.8 / 4.3.2 | 2026-06-11〜13 | 0 | 0 | 0 | 0 |
| Ruby | 3.4.10 | 2026-06-30 | 0 | 0 | 0 | 0 |
| Rust | 1.96.1 | 2026-06-30 | 0 | 0 | 0 | 0 |
| Vue | 3.5.39 | 2026-06-25 | 0 | 0 | 0 | 0 |
| MSSQL Server | 17.0.4055.5 CU6 | 2026-06-17 | 0 | 0 | 0 | 0 |
その他情報
is_major_product=false)はKEV新規追加の23件すべて。原本データ (JSON) — 表示するにはクリック
{
"range": {
"from": "2026-06-30",
"to": "2026-07-06",
"days": 7
},
"summary": {
"total_kev_new": 23,
"total_software_update": 118,
"by_date": {
"2026-07-02": {
"kev_new": 23,
"software_update": 118
}
}
},
"kev_new": [
{
"digest_date": "2026-07-02",
"key": "CVE-2022-0492",
"cve_id": "CVE-2022-0492",
"vendor_project": "Linux",
"product": "Kernel",
"vulnerability_name": "Linux Kernel Improper Authentication Vulnerability",
"date_added": "2026-06-02",
"short_description": "Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.",
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"due_date": "2026-06-05",
"known_ransomware": "Unknown",
"cvss_score": null,
"cvss_severity": null,
"cvss_vector": null,
"attack_vector": null,
"is_remote": null,
"is_major_product": false,
"matched_product": null,
"title_en": null,
"epss_score": null
},
{
"digest_date": "2026-07-02",
"key": "CVE-2025-48595",
"cve_id": "CVE-2025-48595",
"vendor_project": "Android",
"product": "Framework",
"vulnerability_name": "Android Framework Integer Overflow Vulnerability",
"date_added": "2026-06-02",
"short_description": "Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.",
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"due_date": "2026-06-05",
"known_ransomware": "Unknown",
"cvss_score": 8.4,
"cvss_severity": "HIGH",
"cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attack_vector": "L",
"is_remote": false,
"is_major_product": false,
"matched_product": null,
"title_en": "In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"epss_score": 0.01714
},
{
"digest_date": "2026-07-02",
"key": "CVE-2025-67038",
"cve_id": "CVE-2025-67038",
"vendor_project": "Lantronix",
"product": "EDS5000",
"vulnerability_name": "Lantronix EDS5000 Code Injection Vulnerability",
"date_added": "2026-06-23",
"short_description": "Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-26",
"known_ransomware": "Unknown",
"cvss_score": 9.8,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.",
"epss_score": 0.01131
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-10520",
"cve_id": "CVE-2026-10520",
"vendor_project": "Ivanti",
"product": "Sentry",
"vulnerability_name": "Ivanti Sentry OS Command Injection Vulnerability",
"date_added": "2026-06-11",
"short_description": "Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-14",
"known_ransomware": "Unknown",
"cvss_score": 10.0,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution",
"epss_score": 0.98937
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-11645",
"cve_id": "CVE-2026-11645",
"vendor_project": "Google",
"product": "Chromium V8",
"vulnerability_name": "Google Chromium V8 Out-of-Bounds Read and Write Vulnerability",
"date_added": "2026-06-09",
"short_description": "Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"due_date": "2026-06-23",
"known_ransomware": "Unknown",
"cvss_score": 8.8,
"cvss_severity": "HIGH",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"epss_score": 0.01654
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-12569",
"cve_id": "CVE-2026-12569",
"vendor_project": "PTC",
"product": "Windchill and FlexPLM",
"vulnerability_name": "PTC Windchill and FlexPLM Improper Input Validation Vulnerability",
"date_added": "2026-06-25",
"short_description": "PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-28",
"known_ransomware": "Unknown",
"cvss_score": null,
"cvss_severity": null,
"cvss_vector": null,
"attack_vector": null,
"is_remote": null,
"is_major_product": false,
"matched_product": null,
"title_en": "A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions\n * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030",
"epss_score": 0.01106
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-20230",
"cve_id": "CVE-2026-20230",
"vendor_project": "Cisco",
"product": "Unified Communications Manager",
"vulnerability_name": "Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability",
"date_added": "2026-06-25",
"short_description": "Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-28",
"known_ransomware": "Unknown",
"cvss_score": 8.6,
"cvss_severity": "HIGH",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device.\r\n\r This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could a",
"epss_score": 0.41694
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-20245",
"cve_id": "CVE-2026-20245",
"vendor_project": "Cisco",
"product": "Catalyst SD-WAN Manager",
"vulnerability_name": "Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability",
"date_added": "2026-06-09",
"short_description": "Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.",
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"due_date": "2026-06-23",
"known_ransomware": "Unknown",
"cvss_score": 7.8,
"cvss_severity": "HIGH",
"cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attack_vector": "L",
"is_remote": false,
"is_major_product": false,
"matched_product": null,
"title_en": "A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected syst",
"epss_score": 0.09922
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-20253",
"cve_id": "CVE-2026-20253",
"vendor_project": "Splunk",
"product": "Enterprise",
"vulnerability_name": "Splunk Enterprise Missing Authentication for Critical Function Vulnerability",
"date_added": "2026-06-18",
"short_description": "Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-21",
"known_ransomware": "Unknown",
"cvss_score": 9.8,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.",
"epss_score": 0.88171
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-20262",
"cve_id": "CVE-2026-20262",
"vendor_project": "Cisco",
"product": "Catalyst SD-WAN Manager",
"vulnerability_name": "Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability",
"date_added": "2026-06-15",
"short_description": "Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-29",
"known_ransomware": "Unknown",
"cvss_score": 6.5,
"cvss_severity": "MEDIUM",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.\r\n\r\nThis vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful explo",
"epss_score": 0.07683
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-28318",
"cve_id": "CVE-2026-28318",
"vendor_project": "SolarWinds",
"product": "Serv-U",
"vulnerability_name": "SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability",
"date_added": "2026-06-05",
"short_description": "SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.",
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"due_date": "2026-06-19",
"known_ransomware": "Unknown",
"cvss_score": 7.5,
"cvss_severity": "HIGH",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update",
"epss_score": 0.10659
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-34908",
"cve_id": "CVE-2026-34908",
"vendor_project": "Ubiquiti",
"product": "UniFi OS",
"vulnerability_name": "Ubiquiti UniFi OS Improper Access Control Vulnerability",
"date_added": "2026-06-23",
"short_description": "Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-26",
"known_ransomware": "Unknown",
"cvss_score": 10.0,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.",
"epss_score": 0.02452
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-34909",
"cve_id": "CVE-2026-34909",
"vendor_project": "Ubiquiti",
"product": "UniFi OS",
"vulnerability_name": "Ubiquiti UniFi OS Path Traversal Vulnerability",
"date_added": "2026-06-23",
"short_description": "Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-26",
"known_ransomware": "Unknown",
"cvss_score": 10.0,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.",
"epss_score": 0.02269
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-34910",
"cve_id": "CVE-2026-34910",
"vendor_project": "Ubiquiti",
"product": "UniFi OS",
"vulnerability_name": "Ubiquiti UniFi OS Improper Input Validation Vulnerability",
"date_added": "2026-06-23",
"short_description": "Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-26",
"known_ransomware": "Unknown",
"cvss_score": 10.0,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.",
"epss_score": 0.78555
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-35273",
"cve_id": "CVE-2026-35273",
"vendor_project": "Oracle",
"product": " PeopleSoft Enterprise PeopleTools",
"vulnerability_name": "Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability",
"date_added": "2026-06-12",
"short_description": "Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-15",
"known_ransomware": "Known",
"cvss_score": 9.8,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability i",
"epss_score": 0.9233
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-42271",
"cve_id": "CVE-2026-42271",
"vendor_project": "BerriAI",
"product": "LiteLLM",
"vulnerability_name": "BerriAI LiteLLM Command Injection Vulnerability",
"date_added": "2026-06-08",
"short_description": "BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.",
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"due_date": "2026-06-22",
"known_ransomware": "Unknown",
"cvss_score": 8.8,
"cvss_severity": "HIGH",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied com",
"epss_score": 0.80188
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-45247",
"cve_id": "CVE-2026-45247",
"vendor_project": "Mirasvit",
"product": "Mirasvit Full Page Cache Warmer",
"vulnerability_name": "Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability",
"date_added": "2026-06-03",
"short_description": "Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.",
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"due_date": "2026-06-06",
"known_ransomware": "Unknown",
"cvss_score": 9.8,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.",
"epss_score": 0.27546
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-45659",
"cve_id": "CVE-2026-45659",
"vendor_project": "Microsoft",
"product": "SharePoint Server",
"vulnerability_name": "Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability",
"date_added": "2026-07-01",
"short_description": "Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-07-04",
"known_ransomware": "Unknown",
"cvss_score": null,
"cvss_severity": null,
"cvss_vector": null,
"attack_vector": null,
"is_remote": null,
"is_major_product": false,
"matched_product": null,
"title_en": null,
"epss_score": null
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-48558",
"cve_id": "CVE-2026-48558",
"vendor_project": "SimpleHelp ",
"product": "SimpleHelp",
"vulnerability_name": "SimpleHelp Authentication Bypass Vulnerability",
"date_added": "2026-06-29",
"short_description": "SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-07-02",
"known_ransomware": "Unknown",
"cvss_score": 10.0,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may",
"epss_score": 0.0116
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-48907",
"cve_id": "CVE-2026-48907",
"vendor_project": "Widget Factory",
"product": "Joomla Content Editor ",
"vulnerability_name": "Widget Factory Joomla Content Editor Improper Access Control Vulnerability",
"date_added": "2026-06-16",
"short_description": "Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. ",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-19",
"known_ransomware": "Unknown",
"cvss_score": null,
"cvss_severity": null,
"cvss_vector": null,
"attack_vector": null,
"is_remote": null,
"is_major_product": false,
"matched_product": null,
"title_en": "A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.",
"epss_score": 0.80425
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-50751",
"cve_id": "CVE-2026-50751",
"vendor_project": "Check Point",
"product": "Security Gateway",
"vulnerability_name": "Check Point Security Gateway Improper Authentication Vulnerability",
"date_added": "2026-06-08",
"short_description": "Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.",
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"due_date": "2026-06-11",
"known_ransomware": "Known",
"cvss_score": 9.3,
"cvss_severity": "CRITICAL",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.",
"epss_score": 0.71051
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-54420",
"cve_id": "CVE-2026-54420",
"vendor_project": "LiteSpeed",
"product": "cPanel Plugin",
"vulnerability_name": "LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability",
"date_added": "2026-06-15",
"short_description": "LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.",
"required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
"due_date": "2026-06-18",
"known_ransomware": "Unknown",
"cvss_score": 8.5,
"cvss_severity": "HIGH",
"cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.",
"epss_score": 0.01261
},
{
"digest_date": "2026-07-02",
"key": "CVE-2026-7473",
"cve_id": "CVE-2026-7473",
"vendor_project": "Arista",
"product": "Extensible Operating System",
"vulnerability_name": "Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability",
"date_added": "2026-06-09",
"short_description": "Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.",
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"due_date": "2026-06-23",
"known_ransomware": "Unknown",
"cvss_score": 5.8,
"cvss_severity": "MEDIUM",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attack_vector": "N",
"is_remote": true,
"is_major_product": false,
"matched_product": null,
"title_en": "On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tun",
"epss_score": 0.00836
}
],
"software_update": [
{
"digest_date": "2026-07-02",
"key": "alpine-linux:3.22",
"product": "alpine-linux",
"category": "os",
"cycle": "3.22",
"latest": "3.22.5",
"release_date": "2025-05-30",
"latest_release_date": "2026-06-21",
"eol_date": "2027-05-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "alpine-linux:3.23",
"product": "alpine-linux",
"category": "os",
"cycle": "3.23",
"latest": "3.23.5",
"release_date": "2025-12-04",
"latest_release_date": "2026-06-21",
"eol_date": "2027-11-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "alpine-linux:3.24",
"product": "alpine-linux",
"category": "os",
"cycle": "3.24",
"latest": "3.24.1",
"release_date": "2026-06-09",
"latest_release_date": "2026-06-13",
"eol_date": "2028-06-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "amazon-linux:2",
"product": "amazon-linux",
"category": "os",
"cycle": "2",
"latest": "2.0.20260615.0",
"release_date": "2018-06-26",
"latest_release_date": "2026-06-22",
"eol_date": "2026-06-30",
"support_date": "2026-06-30",
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "amazon-linux:2018.03",
"product": "amazon-linux",
"category": "os",
"cycle": "2018.03",
"latest": "2018.03.0.20231218.0",
"release_date": "2018-04-25",
"latest_release_date": "2026-06-16",
"eol_date": "2023-12-31",
"support_date": "2020-12-31",
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "amazon-linux:2023",
"product": "amazon-linux",
"category": "os",
"cycle": "2023",
"latest": "2023.12.20260611.0",
"release_date": "2023-03-01",
"latest_release_date": "2026-06-22",
"eol_date": "2029-06-30",
"support_date": "2027-06-30",
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "angular:19",
"product": "angular",
"category": "framework",
"cycle": "19",
"latest": "19.2.25",
"release_date": "2024-11-19",
"latest_release_date": "2026-06-02",
"eol_date": "2026-05-19",
"support_date": "2025-05-28",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 0,
"medium": 4,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-22610",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2026-27970",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2025-61261",
"severity": "MEDIUM",
"score": 5.4
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "angular:20",
"product": "angular",
"category": "framework",
"cycle": "20",
"latest": "20.3.25",
"release_date": "2025-05-28",
"latest_release_date": "2026-06-10",
"eol_date": "2026-11-28",
"support_date": "2025-11-19",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 0,
"medium": 4,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-22610",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2026-27970",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2025-61261",
"severity": "MEDIUM",
"score": 5.4
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "angular:21",
"product": "angular",
"category": "framework",
"cycle": "21",
"latest": "21.2.17",
"release_date": "2025-11-19",
"latest_release_date": "2026-06-10",
"eol_date": "2027-05-19",
"support_date": "2026-06-03",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 0,
"medium": 4,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-22610",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2026-27970",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2025-61261",
"severity": "MEDIUM",
"score": 5.4
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "angular:22",
"product": "angular",
"category": "framework",
"cycle": "22",
"latest": "22.0.4",
"release_date": "2026-06-03",
"latest_release_date": "2026-06-26",
"eol_date": "false",
"support_date": "true",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 0,
"medium": 4,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-22610",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2026-27970",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2025-61261",
"severity": "MEDIUM",
"score": 5.4
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "apache-activemq:5.19",
"product": "apache-activemq",
"category": "middleware",
"cycle": "5.19",
"latest": "5.19.8",
"release_date": "2025-03-07",
"latest_release_date": "2026-06-25",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 13,
"critical": 0,
"high": 7,
"medium": 6,
"low": 0,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2026-40466",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-49157",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-45505",
"severity": "HIGH",
"score": 8.8
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "apache-activemq:6.2",
"product": "apache-activemq",
"category": "middleware",
"cycle": "6.2",
"latest": "6.2.7",
"release_date": "2025-11-09",
"latest_release_date": "2026-06-25",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 13,
"critical": 0,
"high": 7,
"medium": 6,
"low": 0,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2026-40466",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-49157",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-45505",
"severity": "HIGH",
"score": 8.8
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "apache-kafka:4.3",
"product": "apache-kafka",
"category": "middleware",
"cycle": "4.3",
"latest": "4.3.1",
"release_date": "2026-05-20",
"latest_release_date": "2026-06-23",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 3,
"critical": 1,
"high": 0,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-33557",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-33558",
"severity": "MEDIUM",
"score": 5.3
},
{
"cve_id": "CVE-2026-41115",
"severity": "MEDIUM",
"score": 4.3
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "apache:2.4",
"product": "apache",
"category": "webserver",
"cycle": "2.4",
"latest": "2.4.68",
"release_date": "2012-02-21",
"latest_release_date": "2026-06-08",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 13,
"critical": 3,
"high": 7,
"medium": 3,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-28780",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2026-29167",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2026-42535",
"severity": "CRITICAL",
"score": 9.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "caddy:2",
"product": "caddy",
"category": "webserver",
"cycle": "2",
"latest": "2.11.4",
"release_date": "2020-05-04",
"latest_release_date": "2026-06-02",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 8,
"critical": 4,
"high": 2,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-27590",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2026-27587",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-27586",
"severity": "CRITICAL",
"score": 9.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "django:5.2",
"product": "django",
"category": "framework",
"cycle": "5.2",
"latest": "5.2.15",
"release_date": "2025-04-02",
"latest_release_date": "2026-06-03",
"eol_date": "2028-04-30",
"support_date": "2025-12-03",
"is_major_product": true,
"cve_stats": {
"total": 22,
"critical": 2,
"high": 7,
"medium": 6,
"low": 7,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-4277",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-64459",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2025-14550",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "django:6.0",
"product": "django",
"category": "framework",
"cycle": "6.0",
"latest": "6.0.6",
"release_date": "2025-12-03",
"latest_release_date": "2026-06-03",
"eol_date": "2027-04-30",
"support_date": "2026-08-31",
"is_major_product": true,
"cve_stats": {
"total": 22,
"critical": 2,
"high": 7,
"medium": 6,
"low": 7,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-4277",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-64459",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2025-14550",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "dotnet:10",
"product": "dotnet",
"category": "framework",
"cycle": "10",
"latest": "10.0.9",
"release_date": "2025-11-11",
"latest_release_date": "2026-06-09",
"eol_date": "2028-11-14",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 5,
"critical": 0,
"high": 5,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-26131",
"severity": "HIGH",
"score": 7.8
},
{
"cve_id": "CVE-2026-42899",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-21218",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "dotnet:8",
"product": "dotnet",
"category": "framework",
"cycle": "8",
"latest": "8.0.28",
"release_date": "2023-11-14",
"latest_release_date": "2026-06-09",
"eol_date": "2026-11-10",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 5,
"critical": 0,
"high": 5,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-26131",
"severity": "HIGH",
"score": 7.8
},
{
"cve_id": "CVE-2026-42899",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-21218",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "dotnet:9",
"product": "dotnet",
"category": "framework",
"cycle": "9",
"latest": "9.0.17",
"release_date": "2024-11-12",
"latest_release_date": "2026-06-09",
"eol_date": "2026-11-10",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 5,
"critical": 0,
"high": 5,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-26131",
"severity": "HIGH",
"score": 7.8
},
{
"cve_id": "CVE-2026-42899",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-21218",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "drupal:10.5",
"product": "drupal",
"category": "cms",
"cycle": "10.5",
"latest": "10.5.12",
"release_date": "2025-06-18",
"latest_release_date": "2026-06-17",
"eol_date": "2026-06-17",
"support_date": "2025-12-17",
"is_major_product": true,
"cve_stats": {
"total": 7,
"critical": 0,
"high": 0,
"medium": 6,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-6366",
"severity": "MEDIUM",
"score": 6.6
},
{
"cve_id": "CVE-2026-6367",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2026-6365",
"severity": "MEDIUM",
"score": 6.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "drupal:10.6",
"product": "drupal",
"category": "cms",
"cycle": "10.6",
"latest": "10.6.12",
"release_date": "2025-12-17",
"latest_release_date": "2026-06-23",
"eol_date": "2026-12-16",
"support_date": "2026-06-16",
"is_major_product": true,
"cve_stats": {
"total": 7,
"critical": 0,
"high": 0,
"medium": 6,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-6366",
"severity": "MEDIUM",
"score": 6.6
},
{
"cve_id": "CVE-2026-6367",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2026-6365",
"severity": "MEDIUM",
"score": 6.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "drupal:11.2",
"product": "drupal",
"category": "cms",
"cycle": "11.2",
"latest": "11.2.14",
"release_date": "2025-06-18",
"latest_release_date": "2026-06-17",
"eol_date": "2026-06-17",
"support_date": "2025-12-10",
"is_major_product": true,
"cve_stats": {
"total": 7,
"critical": 0,
"high": 0,
"medium": 6,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-6366",
"severity": "MEDIUM",
"score": 6.6
},
{
"cve_id": "CVE-2026-6367",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2026-6365",
"severity": "MEDIUM",
"score": 6.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "drupal:11.3",
"product": "drupal",
"category": "cms",
"cycle": "11.3",
"latest": "11.3.13",
"release_date": "2025-12-17",
"latest_release_date": "2026-06-23",
"eol_date": "2026-12-16",
"support_date": "2026-06-16",
"is_major_product": true,
"cve_stats": {
"total": 7,
"critical": 0,
"high": 0,
"medium": 6,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-6366",
"severity": "MEDIUM",
"score": 6.6
},
{
"cve_id": "CVE-2026-6367",
"severity": "MEDIUM",
"score": 6.1
},
{
"cve_id": "CVE-2026-6365",
"severity": "MEDIUM",
"score": 6.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "eclipse-jetty:12.0",
"product": "eclipse-jetty",
"category": "webserver",
"cycle": "12.0",
"latest": "12.0.36",
"release_date": "2023-08-07",
"latest_release_date": "2026-06-02",
"eol_date": "false",
"support_date": "true",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 3,
"medium": 0,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-1605",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-5795",
"severity": "HIGH",
"score": 7.4
},
{
"cve_id": "CVE-2026-2332",
"severity": "HIGH",
"score": 7.4
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "eclipse-jetty:12.1",
"product": "eclipse-jetty",
"category": "webserver",
"cycle": "12.1",
"latest": "12.1.10",
"release_date": "2025-08-18",
"latest_release_date": "2026-06-02",
"eol_date": "false",
"support_date": "true",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 3,
"medium": 0,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-1605",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-5795",
"severity": "HIGH",
"score": 7.4
},
{
"cve_id": "CVE-2026-2332",
"severity": "HIGH",
"score": 7.4
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "elasticsearch:8.19",
"product": "elasticsearch",
"category": "database",
"cycle": "8.19",
"latest": "8.19.18",
"release_date": "2025-07-23",
"latest_release_date": "2026-06-26",
"eol_date": "2027-07-15",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 3,
"critical": 0,
"high": 0,
"medium": 3,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-37731",
"severity": "MEDIUM",
"score": 6.8
},
{
"cve_id": "CVE-2025-68384",
"severity": "MEDIUM",
"score": 6.5
},
{
"cve_id": "CVE-2025-68390",
"severity": "MEDIUM",
"score": 4.9
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "elasticsearch:9.3",
"product": "elasticsearch",
"category": "database",
"cycle": "9.3",
"latest": "9.3.7",
"release_date": "2026-02-03",
"latest_release_date": "2026-06-25",
"eol_date": "2026-05-26",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 3,
"critical": 0,
"high": 0,
"medium": 3,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-37731",
"severity": "MEDIUM",
"score": 6.8
},
{
"cve_id": "CVE-2025-68384",
"severity": "MEDIUM",
"score": 6.5
},
{
"cve_id": "CVE-2025-68390",
"severity": "MEDIUM",
"score": 4.9
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "elasticsearch:9.4",
"product": "elasticsearch",
"category": "database",
"cycle": "9.4",
"latest": "9.4.3",
"release_date": "2026-05-05",
"latest_release_date": "2026-06-25",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 3,
"critical": 0,
"high": 0,
"medium": 3,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-37731",
"severity": "MEDIUM",
"score": 6.8
},
{
"cve_id": "CVE-2025-68384",
"severity": "MEDIUM",
"score": 6.5
},
{
"cve_id": "CVE-2025-68390",
"severity": "MEDIUM",
"score": 4.9
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "gitlab:18.10",
"product": "gitlab",
"category": "devops",
"cycle": "18.10",
"latest": "18.10.8",
"release_date": "2026-03-19",
"latest_release_date": "2026-06-10",
"eol_date": "2026-06-18",
"support_date": "2026-04-16",
"is_major_product": true,
"cve_stats": {
"total": 163,
"critical": 0,
"high": 49,
"medium": 89,
"low": 24,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-6073",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2026-1090",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2025-9222",
"severity": "HIGH",
"score": 8.7
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "gitlab:18.11",
"product": "gitlab",
"category": "devops",
"cycle": "18.11",
"latest": "18.11.6",
"release_date": "2026-04-16",
"latest_release_date": "2026-06-23",
"eol_date": "2026-07-16",
"support_date": "2026-05-21",
"is_major_product": true,
"cve_stats": {
"total": 163,
"critical": 0,
"high": 49,
"medium": 89,
"low": 24,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-6073",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2026-1090",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2025-9222",
"severity": "HIGH",
"score": 8.7
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "gitlab:18.8",
"product": "gitlab",
"category": "devops",
"cycle": "18.8",
"latest": "18.8.11",
"release_date": "2026-01-15",
"latest_release_date": "2026-06-29",
"eol_date": "2026-04-16",
"support_date": "2026-02-19",
"is_major_product": true,
"cve_stats": {
"total": 163,
"critical": 0,
"high": 49,
"medium": 89,
"low": 24,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-6073",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2026-1090",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2025-9222",
"severity": "HIGH",
"score": 8.7
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "gitlab:19.0",
"product": "gitlab",
"category": "devops",
"cycle": "19.0",
"latest": "19.0.3",
"release_date": "2026-05-21",
"latest_release_date": "2026-06-23",
"eol_date": "2026-08-20",
"support_date": "2026-06-18",
"is_major_product": true,
"cve_stats": {
"total": 163,
"critical": 0,
"high": 49,
"medium": 89,
"low": 24,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-6073",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2026-1090",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2025-9222",
"severity": "HIGH",
"score": 8.7
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "gitlab:19.1",
"product": "gitlab",
"category": "devops",
"cycle": "19.1",
"latest": "19.1.1",
"release_date": "2026-06-18",
"latest_release_date": "2026-06-23",
"eol_date": "2026-09-17",
"support_date": "2026-07-16",
"is_major_product": true,
"cve_stats": {
"total": 163,
"critical": 0,
"high": 49,
"medium": 89,
"low": 24,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-6073",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2026-1090",
"severity": "HIGH",
"score": 8.7
},
{
"cve_id": "CVE-2025-9222",
"severity": "HIGH",
"score": 8.7
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "go:1.25",
"product": "go",
"category": "programming",
"cycle": "1.25",
"latest": "1.25.11",
"release_date": "2025-08-12",
"latest_release_date": "2026-06-02",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 26,
"critical": 3,
"high": 13,
"medium": 8,
"low": 2,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-68121",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-27143",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-66630",
"severity": "CRITICAL",
"score": 9.4
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "go:1.26",
"product": "go",
"category": "programming",
"cycle": "1.26",
"latest": "1.26.4",
"release_date": "2026-02-11",
"latest_release_date": "2026-06-02",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 26,
"critical": 3,
"high": 13,
"medium": 8,
"low": 2,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-68121",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-27143",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-66630",
"severity": "CRITICAL",
"score": 9.4
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "haproxy:2.6",
"product": "haproxy",
"category": "webserver",
"cycle": "2.6",
"latest": "2.6.30",
"release_date": "2022-05-31",
"latest_release_date": "2026-06-26",
"eol_date": "2027-04-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 1,
"critical": 0,
"high": 1,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-11230",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "haproxy:2.8",
"product": "haproxy",
"category": "webserver",
"cycle": "2.8",
"latest": "2.8.25",
"release_date": "2023-05-31",
"latest_release_date": "2026-06-26",
"eol_date": "2028-04-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 1,
"critical": 0,
"high": 1,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-11230",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "haproxy:3.0",
"product": "haproxy",
"category": "webserver",
"cycle": "3.0",
"latest": "3.0.24",
"release_date": "2024-05-29",
"latest_release_date": "2026-06-26",
"eol_date": "2029-04-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 1,
"critical": 0,
"high": 1,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-11230",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "haproxy:3.2",
"product": "haproxy",
"category": "webserver",
"cycle": "3.2",
"latest": "3.2.20",
"release_date": "2025-05-28",
"latest_release_date": "2026-06-26",
"eol_date": "2030-04-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 1,
"critical": 0,
"high": 1,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-11230",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "haproxy:3.3",
"product": "haproxy",
"category": "webserver",
"cycle": "3.3",
"latest": "3.3.11",
"release_date": "2025-11-26",
"latest_release_date": "2026-06-26",
"eol_date": "2027-01-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 1,
"critical": 0,
"high": 1,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-11230",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "haproxy:3.4",
"product": "haproxy",
"category": "webserver",
"cycle": "3.4",
"latest": "3.4.1",
"release_date": "2026-06-03",
"latest_release_date": "2026-06-25",
"eol_date": "2031-04-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 1,
"critical": 0,
"high": 1,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-11230",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "hashicorp-vault:2.0",
"product": "hashicorp-vault",
"category": "devops",
"cycle": "2.0",
"latest": "2.0.3",
"release_date": "2026-04-13",
"latest_release_date": "2026-06-17",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 3,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-3605",
"severity": "HIGH",
"score": 8.1
},
{
"cve_id": "CVE-2026-4525",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-5807",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "jenkins:2",
"product": "jenkins",
"category": "devops",
"cycle": "2",
"latest": "2.571",
"release_date": "2016-04-20",
"latest_release_date": "2026-06-30",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 16,
"critical": 0,
"high": 5,
"medium": 10,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-53435",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-33001",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-27099",
"severity": "HIGH",
"score": 8.0
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "jenkins:2.555",
"product": "jenkins",
"category": "devops",
"cycle": "2.555",
"latest": "2.555.3",
"release_date": "2026-03-18",
"latest_release_date": "2026-06-08",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 16,
"critical": 0,
"high": 5,
"medium": 10,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-53435",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-33001",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-27099",
"severity": "HIGH",
"score": 8.0
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "laravel:12",
"product": "laravel",
"category": "framework",
"cycle": "12",
"latest": "12.62.0",
"release_date": "2025-02-24",
"latest_release_date": "2026-06-09",
"eol_date": "2027-02-24",
"support_date": "2026-08-16",
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "laravel:13",
"product": "laravel",
"category": "framework",
"cycle": "13",
"latest": "13.18.0",
"release_date": "2026-03-17",
"latest_release_date": "2026-06-30",
"eol_date": "2028-03-17",
"support_date": "2027-09-30",
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "macos:26",
"product": "macos",
"category": "os",
"cycle": "26",
"latest": "26.5.2",
"release_date": "2025-09-15",
"latest_release_date": "2026-06-29",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 1381,
"critical": 64,
"high": 728,
"medium": 535,
"low": 54,
"kev": 13,
"top_cves": [
{
"cve_id": "CVE-2026-13782",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-30793",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2026-0905",
"severity": "CRITICAL",
"score": 9.8
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mediawiki:1.43",
"product": "mediawiki",
"category": "cms",
"cycle": "1.43",
"latest": "1.43.9",
"release_date": "2024-12-21",
"latest_release_date": "2026-06-29",
"eol_date": "2027-12-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 21,
"critical": 1,
"high": 1,
"medium": 18,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-67484",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2026-0669",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-67480",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mediawiki:1.44",
"product": "mediawiki",
"category": "cms",
"cycle": "1.44",
"latest": "1.44.6",
"release_date": "2025-07-02",
"latest_release_date": "2026-06-29",
"eol_date": "2026-07-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 21,
"critical": 1,
"high": 1,
"medium": 18,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-67484",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2026-0669",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-67480",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mediawiki:1.45",
"product": "mediawiki",
"category": "cms",
"cycle": "1.45",
"latest": "1.45.4",
"release_date": "2025-12-04",
"latest_release_date": "2026-06-29",
"eol_date": "2026-12-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 21,
"critical": 1,
"high": 1,
"medium": 18,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-67484",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2026-0669",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-67480",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mediawiki:1.46",
"product": "mediawiki",
"category": "cms",
"cycle": "1.46",
"latest": "1.46.0",
"release_date": "2026-06-30",
"latest_release_date": "2026-06-30",
"eol_date": "2027-07-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 21,
"critical": 1,
"high": 1,
"medium": 18,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-67484",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2026-0669",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-67480",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mongodb:4.4",
"product": "mongodb",
"category": "database",
"cycle": "4.4",
"latest": "4.4.31",
"release_date": "2020-07-31",
"latest_release_date": "2026-06-24",
"eol_date": "2024-02-29",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 20,
"critical": 0,
"high": 3,
"medium": 16,
"low": 1,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2026-4148",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2025-14847",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-1848",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mongodb:5.0",
"product": "mongodb",
"category": "database",
"cycle": "5.0",
"latest": "5.0.34",
"release_date": "2021-07-31",
"latest_release_date": "2026-06-16",
"eol_date": "2024-10-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 20,
"critical": 0,
"high": 3,
"medium": 16,
"low": 1,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2026-4148",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2025-14847",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-1848",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mongodb:6.0",
"product": "mongodb",
"category": "database",
"cycle": "6.0",
"latest": "6.0.29",
"release_date": "2022-07-31",
"latest_release_date": "2026-06-16",
"eol_date": "2025-07-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 20,
"critical": 0,
"high": 3,
"medium": 16,
"low": 1,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2026-4148",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2025-14847",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-1848",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mongodb:7.0",
"product": "mongodb",
"category": "database",
"cycle": "7.0",
"latest": "7.0.37",
"release_date": "2023-08-31",
"latest_release_date": "2026-06-16",
"eol_date": "2027-08-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 20,
"critical": 0,
"high": 3,
"medium": 16,
"low": 1,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2026-4148",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2025-14847",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-1848",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mongodb:8.0",
"product": "mongodb",
"category": "database",
"cycle": "8.0",
"latest": "8.0.26",
"release_date": "2024-10-31",
"latest_release_date": "2026-06-16",
"eol_date": "2029-10-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 20,
"critical": 0,
"high": 3,
"medium": 16,
"low": 1,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2026-4148",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2025-14847",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-1848",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mongodb:8.2",
"product": "mongodb",
"category": "database",
"cycle": "8.2",
"latest": "8.2.11",
"release_date": "2025-09-30",
"latest_release_date": "2026-06-16",
"eol_date": "2026-07-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 20,
"critical": 0,
"high": 3,
"medium": 16,
"low": 1,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2026-4148",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2025-14847",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-1848",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mongodb:8.3",
"product": "mongodb",
"category": "database",
"cycle": "8.3",
"latest": "8.3.4",
"release_date": "2026-05-31",
"latest_release_date": "2026-06-15",
"eol_date": "2029-10-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 20,
"critical": 0,
"high": 3,
"medium": 16,
"low": 1,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2026-4148",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2025-14847",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-1848",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mssqlserver:17.0",
"product": "mssqlserver",
"category": "database",
"cycle": "17.0",
"latest": "17.0.4055.5 CU6",
"release_date": "2025-11-18",
"latest_release_date": "2026-06-17",
"eol_date": "2036-01-06",
"support_date": "2031-01-06",
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "mysql:8.4",
"product": "mysql",
"category": "database",
"cycle": "8.4",
"latest": "8.4.10",
"release_date": "2024-04-10",
"latest_release_date": "2026-06-03",
"eol_date": "2032-04-30",
"support_date": "2029-04-30",
"is_major_product": true,
"cve_stats": {
"total": 1,
"critical": 0,
"high": 0,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-21964",
"severity": "MEDIUM",
"score": 4.9
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "mysql:9.7",
"product": "mysql",
"category": "database",
"cycle": "9.7",
"latest": "9.7.1",
"release_date": "2026-04-21",
"latest_release_date": "2026-06-03",
"eol_date": "2034-04-21",
"support_date": "true",
"is_major_product": true,
"cve_stats": {
"total": 1,
"critical": 0,
"high": 0,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-21964",
"severity": "MEDIUM",
"score": 4.9
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "nextcloud:32",
"product": "nextcloud",
"category": "cms",
"cycle": "32",
"latest": "32.0.12",
"release_date": "2025-09-27",
"latest_release_date": "2026-06-25",
"eol_date": "2026-09-30",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "nextcloud:33",
"product": "nextcloud",
"category": "cms",
"cycle": "33",
"latest": "33.0.6",
"release_date": "2026-02-18",
"latest_release_date": "2026-06-25",
"eol_date": "2027-02-28",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "nextcloud:34",
"product": "nextcloud",
"category": "cms",
"cycle": "34",
"latest": "34.0.1",
"release_date": "2026-06-09",
"latest_release_date": "2026-06-25",
"eol_date": "2027-06-30",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "nextjs:16",
"product": "nextjs",
"category": "framework",
"cycle": "16",
"latest": "16.2.10",
"release_date": "2025-10-22",
"latest_release_date": "2026-07-01",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 22,
"critical": 1,
"high": 10,
"medium": 10,
"low": 1,
"kev": 1,
"top_cves": [
{
"cve_id": "CVE-2025-55182",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-44578",
"severity": "HIGH",
"score": 8.6
},
{
"cve_id": "CVE-2026-44574",
"severity": "HIGH",
"score": 8.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "nginx:1.30",
"product": "nginx",
"category": "webserver",
"cycle": "1.30",
"latest": "1.30.3",
"release_date": "2026-04-14",
"latest_release_date": "2026-06-17",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "nginx:1.31",
"product": "nginx",
"category": "webserver",
"cycle": "1.31",
"latest": "1.31.2",
"release_date": "2026-05-13",
"latest_release_date": "2026-06-17",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "nodejs:22",
"product": "nodejs",
"category": "programming",
"cycle": "22",
"latest": "22.23.1",
"release_date": "2024-04-24",
"latest_release_date": "2026-06-23",
"eol_date": "2027-04-30",
"support_date": "2025-10-21",
"is_major_product": true,
"cve_stats": {
"total": 16,
"critical": 3,
"high": 7,
"medium": 4,
"low": 2,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-21636",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-48930",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-55130",
"severity": "CRITICAL",
"score": 9.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "nodejs:24",
"product": "nodejs",
"category": "programming",
"cycle": "24",
"latest": "24.18.0",
"release_date": "2025-05-06",
"latest_release_date": "2026-06-23",
"eol_date": "2028-04-30",
"support_date": "2026-10-20",
"is_major_product": true,
"cve_stats": {
"total": 16,
"critical": 3,
"high": 7,
"medium": 4,
"low": 2,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-21636",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-48930",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-55130",
"severity": "CRITICAL",
"score": 9.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "nodejs:26",
"product": "nodejs",
"category": "programming",
"cycle": "26",
"latest": "26.4.0",
"release_date": "2026-05-05",
"latest_release_date": "2026-06-25",
"eol_date": "2029-04-30",
"support_date": "2027-10-27",
"is_major_product": true,
"cve_stats": {
"total": 16,
"critical": 3,
"high": 7,
"medium": 4,
"low": 2,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-21636",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-48930",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-55130",
"severity": "CRITICAL",
"score": 9.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "nuxt:3",
"product": "nuxt",
"category": "framework",
"cycle": "3",
"latest": "3.21.8",
"release_date": "2022-11-16",
"latest_release_date": "2026-06-08",
"eol_date": "2026-07-31",
"support_date": "2025-07-16",
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "nuxt:4",
"product": "nuxt",
"category": "framework",
"cycle": "4",
"latest": "4.4.8",
"release_date": "2025-07-16",
"latest_release_date": "2026-06-08",
"eol_date": "false",
"support_date": "true",
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "opensearch:3",
"product": "opensearch",
"category": "database",
"cycle": "3",
"latest": "3.7.0",
"release_date": "2025-05-06",
"latest_release_date": "2026-06-09",
"eol_date": "false",
"support_date": "true",
"is_major_product": true,
"cve_stats": {
"total": 1,
"critical": 0,
"high": 1,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-9624",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "openssl:3.0",
"product": "openssl",
"category": "crypto",
"cycle": "3.0",
"latest": "3.0.21",
"release_date": "2021-09-07",
"latest_release_date": "2026-06-09",
"eol_date": "2026-09-07",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 19,
"critical": 1,
"high": 10,
"medium": 8,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-31789",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-15467",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-28387",
"severity": "HIGH",
"score": 8.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "openssl:3.4",
"product": "openssl",
"category": "crypto",
"cycle": "3.4",
"latest": "3.4.6",
"release_date": "2024-10-22",
"latest_release_date": "2026-06-09",
"eol_date": "2026-10-22",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 19,
"critical": 1,
"high": 10,
"medium": 8,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-31789",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-15467",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-28387",
"severity": "HIGH",
"score": 8.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "openssl:3.5",
"product": "openssl",
"category": "crypto",
"cycle": "3.5",
"latest": "3.5.7",
"release_date": "2025-04-08",
"latest_release_date": "2026-06-09",
"eol_date": "2030-04-08",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 19,
"critical": 1,
"high": 10,
"medium": 8,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-31789",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-15467",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-28387",
"severity": "HIGH",
"score": 8.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "openssl:3.6",
"product": "openssl",
"category": "crypto",
"cycle": "3.6",
"latest": "3.6.3",
"release_date": "2025-10-01",
"latest_release_date": "2026-06-09",
"eol_date": "2026-11-01",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 19,
"critical": 1,
"high": 10,
"medium": 8,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-31789",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-15467",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-28387",
"severity": "HIGH",
"score": 8.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "openssl:4.0",
"product": "openssl",
"category": "crypto",
"cycle": "4.0",
"latest": "4.0.1",
"release_date": "2026-04-14",
"latest_release_date": "2026-06-09",
"eol_date": "2027-05-14",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 19,
"critical": 1,
"high": 10,
"medium": 8,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-31789",
"severity": "CRITICAL",
"score": 9.8
},
{
"cve_id": "CVE-2025-15467",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-28387",
"severity": "HIGH",
"score": 8.1
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "openvpn:2.7",
"product": "openvpn",
"category": "middleware",
"cycle": "2.7",
"latest": "2.7.5",
"release_date": "2026-02-11",
"latest_release_date": "2026-07-01",
"eol_date": "false",
"support_date": "true",
"is_major_product": true,
"cve_stats": {
"total": 3,
"critical": 1,
"high": 1,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-12106",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2025-13086",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-13751",
"severity": "MEDIUM",
"score": 5.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "php:8.4",
"product": "php",
"category": "programming",
"cycle": "8.4",
"latest": "8.4.22",
"release_date": "2024-11-21",
"latest_release_date": "2026-06-04",
"eol_date": "2028-12-31",
"support_date": "2026-12-31",
"is_major_product": true,
"cve_stats": {
"total": 3,
"critical": 0,
"high": 2,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-14177",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-14180",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-14178",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "php:8.5",
"product": "php",
"category": "programming",
"cycle": "8.5",
"latest": "8.5.7",
"release_date": "2025-11-20",
"latest_release_date": "2026-06-04",
"eol_date": "2029-12-31",
"support_date": "2027-12-31",
"is_major_product": true,
"cve_stats": {
"total": 3,
"critical": 0,
"high": 2,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-14177",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-14180",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-14178",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "postfix:3.10",
"product": "postfix",
"category": "middleware",
"cycle": "3.10",
"latest": "3.10.11",
"release_date": "2025-02-16",
"latest_release_date": "2026-06-18",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "postfix:3.11",
"product": "postfix",
"category": "middleware",
"cycle": "3.11",
"latest": "3.11.4",
"release_date": "2026-03-06",
"latest_release_date": "2026-06-18",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "postfix:3.8",
"product": "postfix",
"category": "middleware",
"cycle": "3.8",
"latest": "3.8.18",
"release_date": "2023-04-17",
"latest_release_date": "2026-06-18",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "postfix:3.9",
"product": "postfix",
"category": "middleware",
"cycle": "3.9",
"latest": "3.9.12",
"release_date": "2024-03-06",
"latest_release_date": "2026-06-18",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "python:3.13",
"product": "python",
"category": "programming",
"cycle": "3.13",
"latest": "3.13.14",
"release_date": "2024-10-07",
"latest_release_date": "2026-06-10",
"eol_date": "2029-10-31",
"support_date": "2026-10-01",
"is_major_product": true,
"cve_stats": {
"total": 5,
"critical": 0,
"high": 1,
"medium": 3,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-13836",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-13837",
"severity": "MEDIUM",
"score": 5.5
},
{
"cve_id": "CVE-2025-12084",
"severity": "MEDIUM",
"score": 5.3
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "python:3.14",
"product": "python",
"category": "programming",
"cycle": "3.14",
"latest": "3.14.6",
"release_date": "2025-10-07",
"latest_release_date": "2026-06-10",
"eol_date": "2030-10-31",
"support_date": "2027-10-01",
"is_major_product": true,
"cve_stats": {
"total": 5,
"critical": 0,
"high": 1,
"medium": 3,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-13836",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2025-13837",
"severity": "MEDIUM",
"score": 5.5
},
{
"cve_id": "CVE-2025-12084",
"severity": "MEDIUM",
"score": 5.3
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "rabbitmq:4.2",
"product": "rabbitmq",
"category": "middleware",
"cycle": "4.2",
"latest": "4.2.8",
"release_date": "2025-10-27",
"latest_release_date": "2026-06-13",
"eol_date": "2026-07-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "rabbitmq:4.3",
"product": "rabbitmq",
"category": "middleware",
"cycle": "4.3",
"latest": "4.3.2",
"release_date": "2026-04-23",
"latest_release_date": "2026-06-11",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "redis:8.2",
"product": "redis",
"category": "database",
"cycle": "8.2",
"latest": "8.2.7",
"release_date": "2025-08-04",
"latest_release_date": "2026-06-04",
"eol_date": "2026-05-25",
"support_date": "2025-11-18",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 4,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-62507",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-25243",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-23479",
"severity": "HIGH",
"score": 8.8
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "redis:8.4",
"product": "redis",
"category": "database",
"cycle": "8.4",
"latest": "8.4.4",
"release_date": "2025-11-18",
"latest_release_date": "2026-06-04",
"eol_date": "false",
"support_date": "2026-02-11",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 4,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-62507",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-25243",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-23479",
"severity": "HIGH",
"score": 8.8
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "redis:8.6",
"product": "redis",
"category": "database",
"cycle": "8.6",
"latest": "8.6.4",
"release_date": "2026-02-11",
"latest_release_date": "2026-06-04",
"eol_date": "false",
"support_date": "2026-05-25",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 4,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-62507",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-25243",
"severity": "HIGH",
"score": 8.8
},
{
"cve_id": "CVE-2026-23479",
"severity": "HIGH",
"score": 8.8
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "ruby:3.4",
"product": "ruby",
"category": "programming",
"cycle": "3.4",
"latest": "3.4.10",
"release_date": "2024-12-24",
"latest_release_date": "2026-06-30",
"eol_date": "2028-03-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "rust:1.96",
"product": "rust",
"category": "programming",
"cycle": "1.96",
"latest": "1.96.1",
"release_date": "2026-05-28",
"latest_release_date": "2026-06-30",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
},
{
"digest_date": "2026-07-02",
"key": "spring-boot:3.5",
"product": "spring-boot",
"category": "framework",
"cycle": "3.5",
"latest": "3.5.16",
"release_date": "2025-05-31",
"latest_release_date": "2026-06-25",
"eol_date": "2026-06-30",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 7,
"critical": 1,
"high": 4,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-40976",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-22731",
"severity": "HIGH",
"score": 8.2
},
{
"cve_id": "CVE-2026-22733",
"severity": "HIGH",
"score": 8.2
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "spring-boot:4.0",
"product": "spring-boot",
"category": "framework",
"cycle": "4.0",
"latest": "4.0.7",
"release_date": "2025-11-30",
"latest_release_date": "2026-06-10",
"eol_date": "2026-12-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 7,
"critical": 1,
"high": 4,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-40976",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-22731",
"severity": "HIGH",
"score": 8.2
},
{
"cve_id": "CVE-2026-22733",
"severity": "HIGH",
"score": 8.2
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "spring-boot:4.1",
"product": "spring-boot",
"category": "framework",
"cycle": "4.1",
"latest": "4.1.0",
"release_date": "2026-06-30",
"latest_release_date": "2026-06-10",
"eol_date": "2027-07-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 7,
"critical": 1,
"high": 4,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-40976",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-22731",
"severity": "HIGH",
"score": 8.2
},
{
"cve_id": "CVE-2026-22733",
"severity": "HIGH",
"score": 8.2
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "spring-framework:6.2",
"product": "spring-framework",
"category": "framework",
"cycle": "6.2",
"latest": "6.2.19",
"release_date": "2024-11-30",
"latest_release_date": "2026-06-08",
"eol_date": "2026-06-30",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 9,
"critical": 0,
"high": 3,
"medium": 5,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-41842",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-41849",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-41850",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "spring-framework:7.0",
"product": "spring-framework",
"category": "framework",
"cycle": "7.0",
"latest": "7.0.8",
"release_date": "2025-11-30",
"latest_release_date": "2026-06-08",
"eol_date": "2027-06-30",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 9,
"critical": 0,
"high": 3,
"medium": 5,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-41842",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-41849",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-41850",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "squid:7",
"product": "squid",
"category": "webserver",
"cycle": "7",
"latest": "7.6",
"release_date": "2025-07-10",
"latest_release_date": "2026-06-07",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 3,
"critical": 0,
"high": 2,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-32748",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-33526",
"severity": "HIGH",
"score": 7.5
},
{
"cve_id": "CVE-2026-33515",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "symfony:6.4",
"product": "symfony",
"category": "framework",
"cycle": "6.4",
"latest": "6.4.42",
"release_date": "2023-11-29",
"latest_release_date": "2026-06-27",
"eol_date": "2027-11-30",
"support_date": "2026-11-30",
"is_major_product": true,
"cve_stats": {
"total": 2,
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-64500",
"severity": "HIGH",
"score": 7.3
},
{
"cve_id": "CVE-2026-24739",
"severity": "MEDIUM",
"score": 6.3
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "symfony:7.4",
"product": "symfony",
"category": "framework",
"cycle": "7.4",
"latest": "7.4.14",
"release_date": "2025-11-27",
"latest_release_date": "2026-06-27",
"eol_date": "2029-11-30",
"support_date": "2028-11-30",
"is_major_product": true,
"cve_stats": {
"total": 2,
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-64500",
"severity": "HIGH",
"score": 7.3
},
{
"cve_id": "CVE-2026-24739",
"severity": "MEDIUM",
"score": 6.3
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "symfony:8.0",
"product": "symfony",
"category": "framework",
"cycle": "8.0",
"latest": "8.0.14",
"release_date": "2025-11-27",
"latest_release_date": "2026-06-27",
"eol_date": "2026-07-31",
"support_date": "2026-07-31",
"is_major_product": true,
"cve_stats": {
"total": 2,
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-64500",
"severity": "HIGH",
"score": 7.3
},
{
"cve_id": "CVE-2026-24739",
"severity": "MEDIUM",
"score": 6.3
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "symfony:8.1",
"product": "symfony",
"category": "framework",
"cycle": "8.1",
"latest": "8.1.1",
"release_date": "2026-05-29",
"latest_release_date": "2026-06-27",
"eol_date": "2027-01-31",
"support_date": "2027-01-31",
"is_major_product": true,
"cve_stats": {
"total": 2,
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-64500",
"severity": "HIGH",
"score": 7.3
},
{
"cve_id": "CVE-2026-24739",
"severity": "MEDIUM",
"score": 6.3
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "tomcat:10.1",
"product": "tomcat",
"category": "webserver",
"cycle": "10.1",
"latest": "10.1.56",
"release_date": "2022-09-23",
"latest_release_date": "2026-06-17",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 13,
"critical": 2,
"high": 7,
"medium": 3,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-66614",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-29145",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-29129",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "tomcat:11.0",
"product": "tomcat",
"category": "webserver",
"cycle": "11.0",
"latest": "11.0.23",
"release_date": "2024-10-03",
"latest_release_date": "2026-06-17",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 13,
"critical": 2,
"high": 7,
"medium": 3,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-66614",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-29145",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-29129",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "tomcat:9.0",
"product": "tomcat",
"category": "webserver",
"cycle": "9.0",
"latest": "9.0.119",
"release_date": "2017-09-27",
"latest_release_date": "2026-06-18",
"eol_date": "2027-03-31",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 13,
"critical": 2,
"high": 7,
"medium": 3,
"low": 1,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-66614",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-29145",
"severity": "CRITICAL",
"score": 9.1
},
{
"cve_id": "CVE-2026-29129",
"severity": "HIGH",
"score": 7.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "traefik:2.11",
"product": "traefik",
"category": "webserver",
"cycle": "2.11",
"latest": "2.11.51",
"release_date": "2024-02-12",
"latest_release_date": "2026-06-30",
"eol_date": "2026-02-01",
"support_date": "2025-04-29",
"is_major_product": true,
"cve_stats": {
"total": 17,
"critical": 2,
"high": 6,
"medium": 7,
"low": 2,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-39858",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-35051",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-33433",
"severity": "HIGH",
"score": 8.8
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "traefik:3.6",
"product": "traefik",
"category": "webserver",
"cycle": "3.6",
"latest": "3.6.22",
"release_date": "2025-11-07",
"latest_release_date": "2026-06-30",
"eol_date": "false",
"support_date": "2026-05-11",
"is_major_product": true,
"cve_stats": {
"total": 17,
"critical": 2,
"high": 6,
"medium": 7,
"low": 2,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-39858",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-35051",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-33433",
"severity": "HIGH",
"score": 8.8
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "traefik:3.7",
"product": "traefik",
"category": "webserver",
"cycle": "3.7",
"latest": "3.7.6",
"release_date": "2026-04-22",
"latest_release_date": "2026-06-30",
"eol_date": "false",
"support_date": "true",
"is_major_product": true,
"cve_stats": {
"total": 17,
"critical": 2,
"high": 6,
"medium": 7,
"low": 2,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-39858",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-35051",
"severity": "CRITICAL",
"score": 10.0
},
{
"cve_id": "CVE-2026-33433",
"severity": "HIGH",
"score": 8.8
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "typo3:10",
"product": "typo3",
"category": "cms",
"cycle": "10",
"latest": "10.4.58",
"release_date": "2019-07-23",
"latest_release_date": "2026-06-16",
"eol_date": "2023-04-30",
"support_date": "2021-10-31",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 2,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-59022",
"severity": "HIGH",
"score": 8.1
},
{
"cve_id": "CVE-2026-0859",
"severity": "HIGH",
"score": 7.8
},
{
"cve_id": "CVE-2025-59020",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "typo3:11",
"product": "typo3",
"category": "cms",
"cycle": "11",
"latest": "11.5.52",
"release_date": "2020-12-22",
"latest_release_date": "2026-06-16",
"eol_date": "2024-10-31",
"support_date": "2023-03-31",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 2,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-59022",
"severity": "HIGH",
"score": 8.1
},
{
"cve_id": "CVE-2026-0859",
"severity": "HIGH",
"score": 7.8
},
{
"cve_id": "CVE-2025-59020",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "typo3:12",
"product": "typo3",
"category": "cms",
"cycle": "12",
"latest": "12.4.47",
"release_date": "2022-10-04",
"latest_release_date": "2026-06-16",
"eol_date": "2026-04-30",
"support_date": "2024-10-31",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 2,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-59022",
"severity": "HIGH",
"score": 8.1
},
{
"cve_id": "CVE-2026-0859",
"severity": "HIGH",
"score": 7.8
},
{
"cve_id": "CVE-2025-59020",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "typo3:13",
"product": "typo3",
"category": "cms",
"cycle": "13",
"latest": "13.4.32",
"release_date": "2024-01-30",
"latest_release_date": "2026-06-16",
"eol_date": "2027-12-31",
"support_date": "2026-06-30",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 2,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-59022",
"severity": "HIGH",
"score": 8.1
},
{
"cve_id": "CVE-2026-0859",
"severity": "HIGH",
"score": 7.8
},
{
"cve_id": "CVE-2025-59020",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "typo3:14",
"product": "typo3",
"category": "cms",
"cycle": "14",
"latest": "14.3.4",
"release_date": "2025-11-25",
"latest_release_date": "2026-06-16",
"eol_date": "2029-06-30",
"support_date": "2027-12-31",
"is_major_product": true,
"cve_stats": {
"total": 4,
"critical": 0,
"high": 2,
"medium": 2,
"low": 0,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2025-59022",
"severity": "HIGH",
"score": 8.1
},
{
"cve_id": "CVE-2026-0859",
"severity": "HIGH",
"score": 7.8
},
{
"cve_id": "CVE-2025-59020",
"severity": "MEDIUM",
"score": 6.5
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "virtualbox:7.2",
"product": "virtualbox",
"category": "virtualization",
"cycle": "7.2",
"latest": "7.2.12",
"release_date": "2025-08-14",
"latest_release_date": "2026-06-30",
"eol_date": "false",
"support_date": null,
"is_major_product": true,
"cve_stats": {
"total": 33,
"critical": 0,
"high": 19,
"medium": 8,
"low": 6,
"kev": 0,
"top_cves": [
{
"cve_id": "CVE-2026-21990",
"severity": "HIGH",
"score": 8.2
},
{
"cve_id": "CVE-2026-21988",
"severity": "HIGH",
"score": 8.2
},
{
"cve_id": "CVE-2026-21956",
"severity": "HIGH",
"score": 8.2
}
]
}
},
{
"digest_date": "2026-07-02",
"key": "vue:3.5",
"product": "vue",
"category": "framework",
"cycle": "3.5",
"latest": "3.5.39",
"release_date": "2024-09-03",
"latest_release_date": "2026-06-25",
"eol_date": "false",
"support_date": "true",
"is_major_product": true,
"cve_stats": {
"total": 0,
"critical": 0,
"high": 0,
"medium": 0,
"low": 0,
"kev": 0,
"top_cves": []
}
}
]
}