📊 SecuPortal 日次脆弱性ダイジェスト

2026-07-07 11:06:02 生成 · 2026-07-01〜2026-07-07 (7日分)
新規 KEV 23 | 更新ソフト 118 | 対象期間 7日 | 生成 2026-07-07 11:06:02

📦 更新された主要ソフトウェア


製品新バージョンリリース日CVE件数CriticalHighKEV状態
Next.js 1616.2.102026-07-01221101⚠️要確認
OpenVPN 2.72.7.52026-07-013110⚠️要確認
GitLab 18.818.8.112026-06-301630490🟠重要
Jenkins (weekly)2.5712026-06-3016050🟠重要
Laravel 1313.18.02026-06-300000✅計画
MediaWiki 1.461.46.02026-06-3021110⚠️要確認
Ruby 3.43.4.102026-06-300000✅計画
Rust 1.961.96.12026-06-300000✅計画
Traefik 2.112.11.512026-06-3017260⚠️要確認
Traefik 3.63.6.222026-06-3017260⚠️要確認
Traefik 3.73.7.62026-06-3017260⚠️要確認
VirtualBox 7.27.2.122026-06-30330190🟠重要
macOS 2626.5.22026-06-2913816472813⚠️要確認
MediaWiki 1.431.43.92026-06-2921110⚠️要確認
MediaWiki 1.441.44.62026-06-2921110⚠️要確認
MediaWiki 1.451.45.42026-06-2921110⚠️要確認
Symfony 6.46.4.422026-06-272010🟠重要
Symfony 7.47.4.142026-06-272010🟠重要
Symfony 8.08.0.142026-06-272010🟠重要
Symfony 8.18.1.12026-06-272010🟠重要
Angular 2222.0.42026-06-264000✅計画
Elasticsearch 8.198.19.182026-06-263000✅計画
HAProxy 2.62.6.302026-06-261010🟠重要
HAProxy 2.82.8.252026-06-261010🟠重要
HAProxy 3.03.0.242026-06-261010🟠重要
HAProxy 3.23.2.202026-06-261010🟠重要
HAProxy 3.33.3.112026-06-261010🟠重要
Apache ActiveMQ 5.195.19.82026-06-2513071⚠️要確認
Apache ActiveMQ 6.26.2.72026-06-2513071⚠️要確認
Elasticsearch 9.39.3.72026-06-253000✅計画
Elasticsearch 9.49.4.32026-06-253000✅計画
HAProxy 3.43.4.12026-06-251010🟠重要
Nextcloud 3232.0.122026-06-250000✅計画
Nextcloud 3333.0.62026-06-250000✅計画
Nextcloud 3434.0.12026-06-250000✅計画
Node.js 2626.4.02026-06-2516370⚠️要確認
Spring Boot 3.53.5.162026-06-257140⚠️要確認
Vue 3.53.5.392026-06-250000✅計画
MongoDB 4.44.4.312026-06-2420031⚠️要確認
Apache Kafka 4.34.3.12026-06-233100⚠️要確認
Drupal 10.610.6.122026-06-237000✅計画
Drupal 11.311.3.132026-06-237000✅計画
GitLab 18.1118.11.62026-06-231630490🟠重要
GitLab 19.019.0.32026-06-231630490🟠重要
GitLab 19.119.1.12026-06-231630490🟠重要
Node.js 2222.23.12026-06-2316370⚠️要確認
Node.js 2424.18.02026-06-2316370⚠️要確認
Amazon Linux 22.0.20260615.02026-06-220000✅計画
Amazon Linux 20232023.12.20260611.02026-06-220000✅計画
Alpine Linux 3.223.22.52026-06-210000✅計画
Alpine Linux 3.233.23.52026-06-210000✅計画
Postfix 3.103.10.112026-06-180000✅計画
Postfix 3.113.11.42026-06-180000✅計画
Postfix 3.83.8.182026-06-180000✅計画
Postfix 3.93.9.122026-06-180000✅計画
Tomcat 9.09.0.1192026-06-1813270⚠️要確認
Drupal 10.510.5.122026-06-177000✅計画
Drupal 11.211.2.142026-06-177000✅計画
HashiCorp Vault 2.02.0.32026-06-174030🟠重要
SQL Server 2022 (17.0)17.0.4055.5 CU62026-06-170000✅計画
nginx 1.301.30.32026-06-170000✅計画
nginx 1.311.31.22026-06-170000✅計画
Tomcat 10.110.1.562026-06-1713270⚠️要確認
Tomcat 11.011.0.232026-06-1713270⚠️要確認
Amazon Linux 2018.032018.03.0.20231218.02026-06-160000✅計画
MongoDB 5.05.0.342026-06-1620031⚠️要確認
MongoDB 6.06.0.292026-06-1620031⚠️要確認
MongoDB 7.07.0.372026-06-1620031⚠️要確認
MongoDB 8.08.0.262026-06-1620031⚠️要確認
MongoDB 8.28.2.112026-06-1620031⚠️要確認
TYPO3 1010.4.582026-06-164020🟠重要
TYPO3 1111.5.522026-06-164020🟠重要
TYPO3 1212.4.472026-06-164020🟠重要
TYPO3 1313.4.322026-06-164020🟠重要
TYPO3 1414.3.42026-06-164020🟠重要
MongoDB 8.38.3.42026-06-1520031⚠️要確認
Alpine Linux 3.243.24.12026-06-130000✅計画
RabbitMQ 4.24.2.82026-06-130000✅計画
RabbitMQ 4.34.3.22026-06-110000✅計画
Angular 2020.3.252026-06-104000✅計画
Angular 2121.2.172026-06-104000✅計画
GitLab 18.1018.10.82026-06-101630490🟠重要
Python 3.133.13.142026-06-105010🟠重要
Python 3.143.14.62026-06-105010🟠重要
Spring Boot 4.04.0.72026-06-107140⚠️要確認
Spring Boot 4.14.1.02026-06-107140⚠️要確認
.NET 1010.0.92026-06-095050🟠重要
.NET 88.0.282026-06-095050🟠重要
.NET 99.0.172026-06-095050🟠重要
Laravel 1212.62.02026-06-090000✅計画
OpenSearch 33.7.02026-06-091010🟠重要
OpenSSL 3.03.0.212026-06-09191100⚠️要確認
OpenSSL 3.43.4.62026-06-09191100⚠️要確認
OpenSSL 3.53.5.72026-06-09191100⚠️要確認
OpenSSL 3.63.6.32026-06-09191100⚠️要確認
OpenSSL 4.04.0.12026-06-09191100⚠️要確認
Apache HTTP Server 2.42.4.682026-06-0813370⚠️要確認
Jenkins LTS 2.5552.555.32026-06-0816050🟠重要
Nuxt 33.21.82026-06-080000✅計画
Nuxt 44.4.82026-06-080000✅計画
Spring Framework 6.26.2.192026-06-089030🟠重要
Spring Framework 7.07.0.82026-06-089030🟠重要
Squid 77.62026-06-073020🟠重要
PHP 8.48.4.222026-06-043020🟠重要
PHP 8.58.5.72026-06-043020🟠重要
Redis 8.28.2.72026-06-044040🟠重要
Redis 8.48.4.42026-06-044040🟠重要
Redis 8.68.6.42026-06-044040🟠重要
Django 5.25.2.152026-06-0322270⚠️要確認
Django 6.06.0.62026-06-0322270⚠️要確認
MySQL 8.48.4.102026-06-031000✅計画
MySQL 9.79.7.12026-06-031000✅計画
Angular 1919.2.252026-06-024000✅計画
Caddy 22.11.42026-06-028420⚠️要確認
Eclipse Jetty 12.012.0.362026-06-024030🟠重要
Eclipse Jetty 12.112.1.102026-06-024030🟠重要
Go 1.251.25.112026-06-02263130⚠️要確認
Go 1.261.26.42026-06-02263130⚠️要確認

非主要製品 の更新: 0件(今回の取得データでは is_major_product=false の software_update 項目なし)


🔴 ★★★ 要対応 CVE


CVE ID製品CVSSKEVAV推奨アクション
CVE-2025-55182Next.js 1610.0N(推定)パッチ即時
CVE-2026-13782macOS 2610.0N(推定)パッチ即時
CVE-2026-40466Apache ActiveMQ 5.19/6.28.8N(推定)パッチ即時
CVE-2026-4148MongoDB 4.4〜8.3系8.8N(推定)パッチ即時

※ KEV該当は各製品の cve_stats.kev>=1 に基づく判定です。上記CVE IDは top_cves の中で最もCVSSが高いものを代表として掲載していますが、実際にKEV登録対象となっているCVE個体は公式アドバイザリ/CISA KEVカタログで確認してください。AV(攻撃元区分)も個別CVEデータが提供されていないため推定値です。


🟠 ★★ 参考 CVE


展開して表示 (34件)

主要製品だがリモート性未確認・CVSS高めのもの(自社が直接運用する可能性がある製品)


  • CVE-2026-28780 — Apache HTTP Server 2.4 (CVSS 9.8, KEV無) : Critical判定だがリモート悪用性の確証データなし。2.4.68への計画的な適用を推奨。
  • CVE-2026-27590 — Caddy 2 (CVSS 9.8, KEV無) : 2.11.4への更新で修正対象。remote性は公式アドバイザリで確認の可能性。
  • CVE-2026-4277 — Django 5.2/6.0 (CVSS 9.8, KEV無) : 5.2.15/6.0.6で修正済み。自社Django運用があれば優先的な検証を推奨。
  • CVE-2025-68121 — Go 1.25/1.26 (CVSS 10.0, KEV無) : 標準ライブラリ側のCriticalの可能性。影響コンポーネント(net/http等)の利用有無を確認推奨。
  • CVE-2025-67484 — MediaWiki (CVSS 9.8, KEV無) : 自社でMediaWikiを運用していれば優先パッチの可能性。
  • CVE-2026-21636 — Node.js 22/24/26 (CVSS 10.0, KEV無) : Critical。影響範囲(HTTPパーサ等)を公式アドバイザリで確認し優先パッチの可能性。
  • CVE-2026-31789 — OpenSSL (CVSS 9.8, KEV無) : TLS実装への広範な依存があるため優先確認を推奨。
  • CVE-2025-12106 — OpenVPN 2.7 (CVSS 9.1, KEV無) : 自社でVPN基盤として利用していれば優先確認の可能性。
  • CVE-2026-40976 — Spring Boot 3.5/4.0/4.1 (CVSS 9.1, KEV無) : remote性等の詳細は公式アドバイザリで確認の可能性。
  • CVE-2025-66614 — Tomcat 9.0/10.1/11.0 (CVSS 9.1, KEV無) : remote性確認の上、計画的パッチの可能性。
  • CVE-2026-39858 — Traefik 2.11/3.6/3.7 (CVSS 10.0, KEV無) : リバースプロキシとして外部公開構成の場合は優先確認を推奨。

  • 非主要製品だがKEV新規登録(自社は基本未使用と想定されるが確認推奨)


  • CVE-2022-0492 — Linux Kernel (CVSS N/A, KEV有) : cgroups v1 release_agent権限昇格。コンテナホストの構成次第で影響がある可能性。
  • CVE-2025-48595 — Android Framework (CVSS 8.4, KEV有) : ローカル権限昇格。業務端末がAndroidを含む場合は確認推奨。
  • CVE-2025-67038 — Lantronix EDS5000 (CVSS 9.8, KEV有) : シリアルデバイスサーバ。自社では未使用の可能性が高い。
  • CVE-2026-10520 — Ivanti Sentry (CVSS 10.0, KEV有) : Ivanti製品は自社未使用のため影響は低い可能性。
  • CVE-2026-11645 — Google Chromium V8 (CVSS 8.8, KEV有) : ブラウザ/Electron系。社内端末のブラウザ更新状況は別途確認を推奨。
  • CVE-2026-12569 — PTC Windchill/FlexPLM (CVSS N/A, KEV有) : PLM製品。自社未使用のため影響は低い可能性。
  • CVE-2026-20230 — Cisco Unified Communications Manager (CVSS 8.6, KEV有) : Cisco UC製品は自社未使用のため影響は低い可能性。
  • CVE-2026-20245 — Cisco Catalyst SD-WAN Manager (CVSS 7.8, KEV有) : 自社未使用のため影響は低い可能性。
  • CVE-2026-20253 — Splunk Enterprise (CVSS 9.8, KEV有) : Splunkは自社未使用のため影響は低い可能性。
  • CVE-2026-20262 — Cisco Catalyst SD-WAN Manager (CVSS 6.5, KEV有) : 同上、自社未使用のため影響は低い可能性。
  • CVE-2026-28318 — SolarWinds Serv-U (CVSS 7.5, KEV有) : 自社未使用のため影響は低い可能性。
  • CVE-2026-34908 — Ubiquiti UniFi OS (CVSS 10.0, KEV有) : ネットワーク機器。自社での利用有無を確認推奨。
  • CVE-2026-34909 — Ubiquiti UniFi OS (CVSS 10.0, KEV有) : 同上。
  • CVE-2026-34910 — Ubiquiti UniFi OS (CVSS 10.0, KEV有) : 同上。
  • CVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools (CVSS 9.8, KEV有/ランサムウェア実績あり) : 自社未使用のERPだが取引先・委託先の利用有無は確認を推奨。
  • CVE-2026-42271 — BerriAI LiteLLM (CVSS 8.8, KEV有) : LLMゲートウェイ製品。社内でLiteLLMを利用していれば要確認。
  • CVE-2026-45247 — Mirasvit Full Page Cache Warmer (CVSS 9.8, KEV有) : Magento拡張。自社EC基盤での該当プラグイン利用有無を確認推奨。
  • CVE-2026-45659 — Microsoft SharePoint Server (CVSS N/A, KEV有) : 主要製品リスト外だが、社内SharePoint利用があれば優先度見直しの可能性。
  • CVE-2026-48558 — SimpleHelp (CVSS 10.0, KEV有) : 遠隔サポートツール。自社未使用のため影響は低い可能性。
  • CVE-2026-48907 — Widget Factory Joomla Content Editor (CVSS N/A, KEV有) : Joomla拡張。自社Joomla利用有無を確認推奨。
  • CVE-2026-50751 — Check Point Security Gateway (CVSS 9.3, KEV有/ランサムウェア実績あり) : 自社未使用のVPNゲートウェイのため影響は低い可能性。
  • CVE-2026-54420 — LiteSpeed cPanel Plugin (CVSS 8.5, KEV有) : 共有ホスティング環境限定の可能性が高く、自社構成では影響は低い可能性。
  • CVE-2026-7473 — Arista EOS (CVSS 5.8, KEV有) : ネットワークOS。自社未使用のため影響は低い可能性。


  • 📝 AI 全体サマリ


    展開して読む
  • 今週はエンタープライズ機器(Ivanti / Cisco / Splunk / Oracle PeopleSoft / SolarWinds 等)を狙ったKEV新規登録が多く、いずれも自社の運用対象外の可能性が高いと考えられます。一方で自社が利用する一般的なOSS群(Next.js、Apache ActiveMQ、MongoDB、macOS)で cve_stats 上KEV該当と見られる更新があり、優先対応が必要になる可能性があります。
  • Next.js 16.2.10 は CVSS 10.0・KEV該当(cve_stats.kev=1)と見られ、自社が最も直接運用する主要フレームワークであるため最優先での検証・適用が望ましいと考えられます。ただしtop_cvesのCVE-2025-55182が具体的にKEV対象CVEであるかは公式アドバイザリでの再確認を推奨します。
  • OpenSSL / Go / Node.js / Tomcat / Traefik など基盤ライブラリ・ミドルウェア系でCVSS9.0以上のCriticalが多数報告されており、直接のリモート悪用性が未確定でも依存範囲の広さから優先的な棚卸しを推奨します。
  • データ上の制約として、software_update側のtop_cvesにはis_remoteやAV(攻撃元区分)の個別フィールドがなく、★★★/★★の厳密な仕分けはcve_stats.kev(製品単位のKEV有無)を代替指標として用いています。個々のCVEの正確なリモート性・攻撃元区分は公式アドバイザリまたはNVD/CISA KEVカタログで確認することを推奨します。

  • PoC検証を推奨するCVE: CVE-2025-55182(Next.js 16, KEV該当・CVSS 10.0)


    自社の主要運用製品であり、KEV該当・CVSS最高値のため、検証環境での挙動確認(パッチ適用前後の差分確認)を推奨します。以下は検証環境構築の骨子例です(攻撃コードは含みません)。


    
    # docker-compose.yml (検証用スケルトン、exploitコードは含まない)
    services:
      nextjs-vulnerable:
        image: node:22-alpine
        working_dir: /app
        volumes:
          - ./app:/app
        command: sh -c "npm install next@<脆弱バージョン> && npm run build && npm start"
        ports:
          - "3000:3000"
        networks:
          - isolated
    
      nextjs-patched:
        image: node:22-alpine
        working_dir: /app
        volumes:
          - ./app-patched:/app
        command: sh -c "npm install next@16.2.10 && npm run build && npm start"
        ports:
          - "3001:3000"
        networks:
          - isolated
    
    networks:
      isolated:
        internal: true  # 外部への通信を遮断し検証環境を隔離
    

  • 検証は隔離ネットワーク内で実施し、外部公開しないことを推奨します。
  • 実際の検証手順・再現方法は公式アドバイザリ(Next.js Security Advisory)およびNVD記載の技術詳細を確認の上、社内ルールに従って実施してください。


  • 原本データ (JSON) — 表示するにはクリック
    {
      "range": {
        "from": "2026-07-01",
        "to": "2026-07-07",
        "days": 7
      },
      "summary": {
        "total_kev_new": 23,
        "total_software_update": 118,
        "by_date": {
          "2026-07-02": {
            "kev_new": 23,
            "software_update": 118
          }
        }
      },
      "kev_new": [
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2022-0492",
          "cve_id": "CVE-2022-0492",
          "vendor_project": "Linux",
          "product": "Kernel",
          "vulnerability_name": "Linux Kernel Improper Authentication Vulnerability",
          "date_added": "2026-06-02",
          "short_description": "Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-05",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": null,
          "epss_score": null
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2025-48595",
          "cve_id": "CVE-2025-48595",
          "vendor_project": "Android",
          "product": "Framework",
          "vulnerability_name": "Android Framework Integer Overflow Vulnerability",
          "date_added": "2026-06-02",
          "short_description": "Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-05",
          "known_ransomware": "Unknown",
          "cvss_score": 8.4,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "L",
          "is_remote": false,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
          "epss_score": 0.01714
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2025-67038",
          "cve_id": "CVE-2025-67038",
          "vendor_project": "Lantronix",
          "product": "EDS5000",
          "vulnerability_name": "Lantronix EDS5000 Code Injection Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.",
          "epss_score": 0.01131
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-10520",
          "cve_id": "CVE-2026-10520",
          "vendor_project": "Ivanti",
          "product": "Sentry",
          "vulnerability_name": "Ivanti Sentry OS Command Injection Vulnerability",
          "date_added": "2026-06-11",
          "short_description": "Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-14",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution",
          "epss_score": 0.98937
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-11645",
          "cve_id": "CVE-2026-11645",
          "vendor_project": "Google",
          "product": "Chromium V8",
          "vulnerability_name": "Google Chromium V8 Out-of-Bounds Read and Write Vulnerability",
          "date_added": "2026-06-09",
          "short_description": "Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-23",
          "known_ransomware": "Unknown",
          "cvss_score": 8.8,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
          "epss_score": 0.01654
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-12569",
          "cve_id": "CVE-2026-12569",
          "vendor_project": "PTC",
          "product": "Windchill and FlexPLM",
          "vulnerability_name": "PTC Windchill and FlexPLM Improper Input Validation Vulnerability",
          "date_added": "2026-06-25",
          "short_description": "PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-28",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.   *  This advisory also applies to all CPS versions\n  *  The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030",
          "epss_score": 0.01106
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20230",
          "cve_id": "CVE-2026-20230",
          "vendor_project": "Cisco",
          "product": "Unified Communications Manager",
          "vulnerability_name": "Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability",
          "date_added": "2026-06-25",
          "short_description": "Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-28",
          "known_ransomware": "Unknown",
          "cvss_score": 8.6,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device.\r\n\r This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could a",
          "epss_score": 0.41694
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20245",
          "cve_id": "CVE-2026-20245",
          "vendor_project": "Cisco",
          "product": "Catalyst SD-WAN Manager",
          "vulnerability_name": "Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability",
          "date_added": "2026-06-09",
          "short_description": "Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-23",
          "known_ransomware": "Unknown",
          "cvss_score": 7.8,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "L",
          "is_remote": false,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected syst",
          "epss_score": 0.09922
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20253",
          "cve_id": "CVE-2026-20253",
          "vendor_project": "Splunk",
          "product": "Enterprise",
          "vulnerability_name": "Splunk Enterprise Missing Authentication for Critical Function Vulnerability",
          "date_added": "2026-06-18",
          "short_description": "Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-21",
          "known_ransomware": "Unknown",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.",
          "epss_score": 0.88171
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20262",
          "cve_id": "CVE-2026-20262",
          "vendor_project": "Cisco",
          "product": "Catalyst SD-WAN Manager",
          "vulnerability_name": "Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability",
          "date_added": "2026-06-15",
          "short_description": "Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-29",
          "known_ransomware": "Unknown",
          "cvss_score": 6.5,
          "cvss_severity": "MEDIUM",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.\r\n\r\nThis vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful explo",
          "epss_score": 0.07683
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-28318",
          "cve_id": "CVE-2026-28318",
          "vendor_project": "SolarWinds",
          "product": "Serv-U",
          "vulnerability_name": "SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability",
          "date_added": "2026-06-05",
          "short_description": "SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-19",
          "known_ransomware": "Unknown",
          "cvss_score": 7.5,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update",
          "epss_score": 0.10659
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-34908",
          "cve_id": "CVE-2026-34908",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Improper Access Control Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.",
          "epss_score": 0.02452
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-34909",
          "cve_id": "CVE-2026-34909",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Path Traversal Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.",
          "epss_score": 0.02269
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-34910",
          "cve_id": "CVE-2026-34910",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Improper Input Validation Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.",
          "epss_score": 0.78555
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-35273",
          "cve_id": "CVE-2026-35273",
          "vendor_project": "Oracle",
          "product": " PeopleSoft Enterprise PeopleTools",
          "vulnerability_name": "Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability",
          "date_added": "2026-06-12",
          "short_description": "Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-15",
          "known_ransomware": "Known",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability i",
          "epss_score": 0.9233
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-42271",
          "cve_id": "CVE-2026-42271",
          "vendor_project": "BerriAI",
          "product": "LiteLLM",
          "vulnerability_name": "BerriAI LiteLLM Command Injection Vulnerability",
          "date_added": "2026-06-08",
          "short_description": "BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-22",
          "known_ransomware": "Unknown",
          "cvss_score": 8.8,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied com",
          "epss_score": 0.80188
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-45247",
          "cve_id": "CVE-2026-45247",
          "vendor_project": "Mirasvit",
          "product": "Mirasvit Full Page Cache Warmer",
          "vulnerability_name": "Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability",
          "date_added": "2026-06-03",
          "short_description": "Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-06",
          "known_ransomware": "Unknown",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.",
          "epss_score": 0.27546
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-45659",
          "cve_id": "CVE-2026-45659",
          "vendor_project": "Microsoft",
          "product": "SharePoint Server",
          "vulnerability_name": "Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability",
          "date_added": "2026-07-01",
          "short_description": "Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-07-04",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": null,
          "epss_score": null
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-48558",
          "cve_id": "CVE-2026-48558",
          "vendor_project": "SimpleHelp ",
          "product": "SimpleHelp",
          "vulnerability_name": "SimpleHelp Authentication Bypass Vulnerability",
          "date_added": "2026-06-29",
          "short_description": "SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-07-02",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may",
          "epss_score": 0.0116
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-48907",
          "cve_id": "CVE-2026-48907",
          "vendor_project": "Widget Factory",
          "product": "Joomla Content Editor ",
          "vulnerability_name": "Widget Factory Joomla Content Editor Improper Access Control Vulnerability",
          "date_added": "2026-06-16",
          "short_description": "Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. ",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-19",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.",
          "epss_score": 0.80425
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-50751",
          "cve_id": "CVE-2026-50751",
          "vendor_project": "Check Point",
          "product": "Security Gateway",
          "vulnerability_name": "Check Point Security Gateway Improper Authentication Vulnerability",
          "date_added": "2026-06-08",
          "short_description": "Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-11",
          "known_ransomware": "Known",
          "cvss_score": 9.3,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.",
          "epss_score": 0.71051
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-54420",
          "cve_id": "CVE-2026-54420",
          "vendor_project": "LiteSpeed",
          "product": "cPanel Plugin",
          "vulnerability_name": "LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability",
          "date_added": "2026-06-15",
          "short_description": "LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-18",
          "known_ransomware": "Unknown",
          "cvss_score": 8.5,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.",
          "epss_score": 0.01261
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-7473",
          "cve_id": "CVE-2026-7473",
          "vendor_project": "Arista",
          "product": "Extensible Operating System",
          "vulnerability_name": "Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability",
          "date_added": "2026-06-09",
          "short_description": "Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-23",
          "known_ransomware": "Unknown",
          "cvss_score": 5.8,
          "cvss_severity": "MEDIUM",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tun",
          "epss_score": 0.00836
        }
      ],
      "software_update": [
        {
          "digest_date": "2026-07-02",
          "key": "alpine-linux:3.22",
          "product": "alpine-linux",
          "category": "os",
          "cycle": "3.22",
          "latest": "3.22.5",
          "release_date": "2025-05-30",
          "latest_release_date": "2026-06-21",
          "eol_date": "2027-05-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "alpine-linux:3.23",
          "product": "alpine-linux",
          "category": "os",
          "cycle": "3.23",
          "latest": "3.23.5",
          "release_date": "2025-12-04",
          "latest_release_date": "2026-06-21",
          "eol_date": "2027-11-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "alpine-linux:3.24",
          "product": "alpine-linux",
          "category": "os",
          "cycle": "3.24",
          "latest": "3.24.1",
          "release_date": "2026-06-09",
          "latest_release_date": "2026-06-13",
          "eol_date": "2028-06-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "amazon-linux:2",
          "product": "amazon-linux",
          "category": "os",
          "cycle": "2",
          "latest": "2.0.20260615.0",
          "release_date": "2018-06-26",
          "latest_release_date": "2026-06-22",
          "eol_date": "2026-06-30",
          "support_date": "2026-06-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "amazon-linux:2018.03",
          "product": "amazon-linux",
          "category": "os",
          "cycle": "2018.03",
          "latest": "2018.03.0.20231218.0",
          "release_date": "2018-04-25",
          "latest_release_date": "2026-06-16",
          "eol_date": "2023-12-31",
          "support_date": "2020-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "amazon-linux:2023",
          "product": "amazon-linux",
          "category": "os",
          "cycle": "2023",
          "latest": "2023.12.20260611.0",
          "release_date": "2023-03-01",
          "latest_release_date": "2026-06-22",
          "eol_date": "2029-06-30",
          "support_date": "2027-06-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:19",
          "product": "angular",
          "category": "framework",
          "cycle": "19",
          "latest": "19.2.25",
          "release_date": "2024-11-19",
          "latest_release_date": "2026-06-02",
          "eol_date": "2026-05-19",
          "support_date": "2025-05-28",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:20",
          "product": "angular",
          "category": "framework",
          "cycle": "20",
          "latest": "20.3.25",
          "release_date": "2025-05-28",
          "latest_release_date": "2026-06-10",
          "eol_date": "2026-11-28",
          "support_date": "2025-11-19",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:21",
          "product": "angular",
          "category": "framework",
          "cycle": "21",
          "latest": "21.2.17",
          "release_date": "2025-11-19",
          "latest_release_date": "2026-06-10",
          "eol_date": "2027-05-19",
          "support_date": "2026-06-03",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:22",
          "product": "angular",
          "category": "framework",
          "cycle": "22",
          "latest": "22.0.4",
          "release_date": "2026-06-03",
          "latest_release_date": "2026-06-26",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache-activemq:5.19",
          "product": "apache-activemq",
          "category": "middleware",
          "cycle": "5.19",
          "latest": "5.19.8",
          "release_date": "2025-03-07",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 0,
            "high": 7,
            "medium": 6,
            "low": 0,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40466",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-49157",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-45505",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache-activemq:6.2",
          "product": "apache-activemq",
          "category": "middleware",
          "cycle": "6.2",
          "latest": "6.2.7",
          "release_date": "2025-11-09",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 0,
            "high": 7,
            "medium": 6,
            "low": 0,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40466",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-49157",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-45505",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache-kafka:4.3",
          "product": "apache-kafka",
          "category": "middleware",
          "cycle": "4.3",
          "latest": "4.3.1",
          "release_date": "2026-05-20",
          "latest_release_date": "2026-06-23",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 1,
            "high": 0,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-33557",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-33558",
                "severity": "MEDIUM",
                "score": 5.3
              },
              {
                "cve_id": "CVE-2026-41115",
                "severity": "MEDIUM",
                "score": 4.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache:2.4",
          "product": "apache",
          "category": "webserver",
          "cycle": "2.4",
          "latest": "2.4.68",
          "release_date": "2012-02-21",
          "latest_release_date": "2026-06-08",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 3,
            "high": 7,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-28780",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-29167",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-42535",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "caddy:2",
          "product": "caddy",
          "category": "webserver",
          "cycle": "2",
          "latest": "2.11.4",
          "release_date": "2020-05-04",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 8,
            "critical": 4,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-27590",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-27587",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-27586",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "django:5.2",
          "product": "django",
          "category": "framework",
          "cycle": "5.2",
          "latest": "5.2.15",
          "release_date": "2025-04-02",
          "latest_release_date": "2026-06-03",
          "eol_date": "2028-04-30",
          "support_date": "2025-12-03",
          "is_major_product": true,
          "cve_stats": {
            "total": 22,
            "critical": 2,
            "high": 7,
            "medium": 6,
            "low": 7,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4277",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-64459",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2025-14550",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "django:6.0",
          "product": "django",
          "category": "framework",
          "cycle": "6.0",
          "latest": "6.0.6",
          "release_date": "2025-12-03",
          "latest_release_date": "2026-06-03",
          "eol_date": "2027-04-30",
          "support_date": "2026-08-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 22,
            "critical": 2,
            "high": 7,
            "medium": 6,
            "low": 7,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4277",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-64459",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2025-14550",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "dotnet:10",
          "product": "dotnet",
          "category": "framework",
          "cycle": "10",
          "latest": "10.0.9",
          "release_date": "2025-11-11",
          "latest_release_date": "2026-06-09",
          "eol_date": "2028-11-14",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 5,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-26131",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2026-42899",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-21218",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "dotnet:8",
          "product": "dotnet",
          "category": "framework",
          "cycle": "8",
          "latest": "8.0.28",
          "release_date": "2023-11-14",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-11-10",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 5,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-26131",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2026-42899",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-21218",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "dotnet:9",
          "product": "dotnet",
          "category": "framework",
          "cycle": "9",
          "latest": "9.0.17",
          "release_date": "2024-11-12",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-11-10",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 5,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-26131",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2026-42899",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-21218",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:10.5",
          "product": "drupal",
          "category": "cms",
          "cycle": "10.5",
          "latest": "10.5.12",
          "release_date": "2025-06-18",
          "latest_release_date": "2026-06-17",
          "eol_date": "2026-06-17",
          "support_date": "2025-12-17",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:10.6",
          "product": "drupal",
          "category": "cms",
          "cycle": "10.6",
          "latest": "10.6.12",
          "release_date": "2025-12-17",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-12-16",
          "support_date": "2026-06-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:11.2",
          "product": "drupal",
          "category": "cms",
          "cycle": "11.2",
          "latest": "11.2.14",
          "release_date": "2025-06-18",
          "latest_release_date": "2026-06-17",
          "eol_date": "2026-06-17",
          "support_date": "2025-12-10",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:11.3",
          "product": "drupal",
          "category": "cms",
          "cycle": "11.3",
          "latest": "11.3.13",
          "release_date": "2025-12-17",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-12-16",
          "support_date": "2026-06-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "eclipse-jetty:12.0",
          "product": "eclipse-jetty",
          "category": "webserver",
          "cycle": "12.0",
          "latest": "12.0.36",
          "release_date": "2023-08-07",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 3,
            "medium": 0,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-1605",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-5795",
                "severity": "HIGH",
                "score": 7.4
              },
              {
                "cve_id": "CVE-2026-2332",
                "severity": "HIGH",
                "score": 7.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "eclipse-jetty:12.1",
          "product": "eclipse-jetty",
          "category": "webserver",
          "cycle": "12.1",
          "latest": "12.1.10",
          "release_date": "2025-08-18",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 3,
            "medium": 0,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-1605",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-5795",
                "severity": "HIGH",
                "score": 7.4
              },
              {
                "cve_id": "CVE-2026-2332",
                "severity": "HIGH",
                "score": 7.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "elasticsearch:8.19",
          "product": "elasticsearch",
          "category": "database",
          "cycle": "8.19",
          "latest": "8.19.18",
          "release_date": "2025-07-23",
          "latest_release_date": "2026-06-26",
          "eol_date": "2027-07-15",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 0,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-37731",
                "severity": "MEDIUM",
                "score": 6.8
              },
              {
                "cve_id": "CVE-2025-68384",
                "severity": "MEDIUM",
                "score": 6.5
              },
              {
                "cve_id": "CVE-2025-68390",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "elasticsearch:9.3",
          "product": "elasticsearch",
          "category": "database",
          "cycle": "9.3",
          "latest": "9.3.7",
          "release_date": "2026-02-03",
          "latest_release_date": "2026-06-25",
          "eol_date": "2026-05-26",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 0,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-37731",
                "severity": "MEDIUM",
                "score": 6.8
              },
              {
                "cve_id": "CVE-2025-68384",
                "severity": "MEDIUM",
                "score": 6.5
              },
              {
                "cve_id": "CVE-2025-68390",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "elasticsearch:9.4",
          "product": "elasticsearch",
          "category": "database",
          "cycle": "9.4",
          "latest": "9.4.3",
          "release_date": "2026-05-05",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 0,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-37731",
                "severity": "MEDIUM",
                "score": 6.8
              },
              {
                "cve_id": "CVE-2025-68384",
                "severity": "MEDIUM",
                "score": 6.5
              },
              {
                "cve_id": "CVE-2025-68390",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:18.10",
          "product": "gitlab",
          "category": "devops",
          "cycle": "18.10",
          "latest": "18.10.8",
          "release_date": "2026-03-19",
          "latest_release_date": "2026-06-10",
          "eol_date": "2026-06-18",
          "support_date": "2026-04-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:18.11",
          "product": "gitlab",
          "category": "devops",
          "cycle": "18.11",
          "latest": "18.11.6",
          "release_date": "2026-04-16",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-07-16",
          "support_date": "2026-05-21",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:18.8",
          "product": "gitlab",
          "category": "devops",
          "cycle": "18.8",
          "latest": "18.8.11",
          "release_date": "2026-01-15",
          "latest_release_date": "2026-06-29",
          "eol_date": "2026-04-16",
          "support_date": "2026-02-19",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:19.0",
          "product": "gitlab",
          "category": "devops",
          "cycle": "19.0",
          "latest": "19.0.3",
          "release_date": "2026-05-21",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-08-20",
          "support_date": "2026-06-18",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:19.1",
          "product": "gitlab",
          "category": "devops",
          "cycle": "19.1",
          "latest": "19.1.1",
          "release_date": "2026-06-18",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-09-17",
          "support_date": "2026-07-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "go:1.25",
          "product": "go",
          "category": "programming",
          "cycle": "1.25",
          "latest": "1.25.11",
          "release_date": "2025-08-12",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 26,
            "critical": 3,
            "high": 13,
            "medium": 8,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-68121",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-27143",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-66630",
                "severity": "CRITICAL",
                "score": 9.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "go:1.26",
          "product": "go",
          "category": "programming",
          "cycle": "1.26",
          "latest": "1.26.4",
          "release_date": "2026-02-11",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 26,
            "critical": 3,
            "high": 13,
            "medium": 8,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-68121",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-27143",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-66630",
                "severity": "CRITICAL",
                "score": 9.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:2.6",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "2.6",
          "latest": "2.6.30",
          "release_date": "2022-05-31",
          "latest_release_date": "2026-06-26",
          "eol_date": "2027-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:2.8",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "2.8",
          "latest": "2.8.25",
          "release_date": "2023-05-31",
          "latest_release_date": "2026-06-26",
          "eol_date": "2028-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.0",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.0",
          "latest": "3.0.24",
          "release_date": "2024-05-29",
          "latest_release_date": "2026-06-26",
          "eol_date": "2029-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.2",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.2",
          "latest": "3.2.20",
          "release_date": "2025-05-28",
          "latest_release_date": "2026-06-26",
          "eol_date": "2030-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.3",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.3",
          "latest": "3.3.11",
          "release_date": "2025-11-26",
          "latest_release_date": "2026-06-26",
          "eol_date": "2027-01-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.4",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.4",
          "latest": "3.4.1",
          "release_date": "2026-06-03",
          "latest_release_date": "2026-06-25",
          "eol_date": "2031-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "hashicorp-vault:2.0",
          "product": "hashicorp-vault",
          "category": "devops",
          "cycle": "2.0",
          "latest": "2.0.3",
          "release_date": "2026-04-13",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 3,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-3605",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-4525",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-5807",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "jenkins:2",
          "product": "jenkins",
          "category": "devops",
          "cycle": "2",
          "latest": "2.571",
          "release_date": "2016-04-20",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 0,
            "high": 5,
            "medium": 10,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-53435",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-33001",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-27099",
                "severity": "HIGH",
                "score": 8.0
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "jenkins:2.555",
          "product": "jenkins",
          "category": "devops",
          "cycle": "2.555",
          "latest": "2.555.3",
          "release_date": "2026-03-18",
          "latest_release_date": "2026-06-08",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 0,
            "high": 5,
            "medium": 10,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-53435",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-33001",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-27099",
                "severity": "HIGH",
                "score": 8.0
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "laravel:12",
          "product": "laravel",
          "category": "framework",
          "cycle": "12",
          "latest": "12.62.0",
          "release_date": "2025-02-24",
          "latest_release_date": "2026-06-09",
          "eol_date": "2027-02-24",
          "support_date": "2026-08-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "laravel:13",
          "product": "laravel",
          "category": "framework",
          "cycle": "13",
          "latest": "13.18.0",
          "release_date": "2026-03-17",
          "latest_release_date": "2026-06-30",
          "eol_date": "2028-03-17",
          "support_date": "2027-09-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "macos:26",
          "product": "macos",
          "category": "os",
          "cycle": "26",
          "latest": "26.5.2",
          "release_date": "2025-09-15",
          "latest_release_date": "2026-06-29",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1381,
            "critical": 64,
            "high": 728,
            "medium": 535,
            "low": 54,
            "kev": 13,
            "top_cves": [
              {
                "cve_id": "CVE-2026-13782",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-30793",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0905",
                "severity": "CRITICAL",
                "score": 9.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.43",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.43",
          "latest": "1.43.9",
          "release_date": "2024-12-21",
          "latest_release_date": "2026-06-29",
          "eol_date": "2027-12-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.44",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.44",
          "latest": "1.44.6",
          "release_date": "2025-07-02",
          "latest_release_date": "2026-06-29",
          "eol_date": "2026-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.45",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.45",
          "latest": "1.45.4",
          "release_date": "2025-12-04",
          "latest_release_date": "2026-06-29",
          "eol_date": "2026-12-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.46",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.46",
          "latest": "1.46.0",
          "release_date": "2026-06-30",
          "latest_release_date": "2026-06-30",
          "eol_date": "2027-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:4.4",
          "product": "mongodb",
          "category": "database",
          "cycle": "4.4",
          "latest": "4.4.31",
          "release_date": "2020-07-31",
          "latest_release_date": "2026-06-24",
          "eol_date": "2024-02-29",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:5.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "5.0",
          "latest": "5.0.34",
          "release_date": "2021-07-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2024-10-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:6.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "6.0",
          "latest": "6.0.29",
          "release_date": "2022-07-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2025-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:7.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "7.0",
          "latest": "7.0.37",
          "release_date": "2023-08-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2027-08-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:8.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "8.0",
          "latest": "8.0.26",
          "release_date": "2024-10-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2029-10-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:8.2",
          "product": "mongodb",
          "category": "database",
          "cycle": "8.2",
          "latest": "8.2.11",
          "release_date": "2025-09-30",
          "latest_release_date": "2026-06-16",
          "eol_date": "2026-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:8.3",
          "product": "mongodb",
          "category": "database",
          "cycle": "8.3",
          "latest": "8.3.4",
          "release_date": "2026-05-31",
          "latest_release_date": "2026-06-15",
          "eol_date": "2029-10-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mssqlserver:17.0",
          "product": "mssqlserver",
          "category": "database",
          "cycle": "17.0",
          "latest": "17.0.4055.5 CU6",
          "release_date": "2025-11-18",
          "latest_release_date": "2026-06-17",
          "eol_date": "2036-01-06",
          "support_date": "2031-01-06",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mysql:8.4",
          "product": "mysql",
          "category": "database",
          "cycle": "8.4",
          "latest": "8.4.10",
          "release_date": "2024-04-10",
          "latest_release_date": "2026-06-03",
          "eol_date": "2032-04-30",
          "support_date": "2029-04-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 0,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21964",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mysql:9.7",
          "product": "mysql",
          "category": "database",
          "cycle": "9.7",
          "latest": "9.7.1",
          "release_date": "2026-04-21",
          "latest_release_date": "2026-06-03",
          "eol_date": "2034-04-21",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 0,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21964",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextcloud:32",
          "product": "nextcloud",
          "category": "cms",
          "cycle": "32",
          "latest": "32.0.12",
          "release_date": "2025-09-27",
          "latest_release_date": "2026-06-25",
          "eol_date": "2026-09-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextcloud:33",
          "product": "nextcloud",
          "category": "cms",
          "cycle": "33",
          "latest": "33.0.6",
          "release_date": "2026-02-18",
          "latest_release_date": "2026-06-25",
          "eol_date": "2027-02-28",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextcloud:34",
          "product": "nextcloud",
          "category": "cms",
          "cycle": "34",
          "latest": "34.0.1",
          "release_date": "2026-06-09",
          "latest_release_date": "2026-06-25",
          "eol_date": "2027-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextjs:16",
          "product": "nextjs",
          "category": "framework",
          "cycle": "16",
          "latest": "16.2.10",
          "release_date": "2025-10-22",
          "latest_release_date": "2026-07-01",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 22,
            "critical": 1,
            "high": 10,
            "medium": 10,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2025-55182",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-44578",
                "severity": "HIGH",
                "score": 8.6
              },
              {
                "cve_id": "CVE-2026-44574",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nginx:1.30",
          "product": "nginx",
          "category": "webserver",
          "cycle": "1.30",
          "latest": "1.30.3",
          "release_date": "2026-04-14",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nginx:1.31",
          "product": "nginx",
          "category": "webserver",
          "cycle": "1.31",
          "latest": "1.31.2",
          "release_date": "2026-05-13",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nodejs:22",
          "product": "nodejs",
          "category": "programming",
          "cycle": "22",
          "latest": "22.23.1",
          "release_date": "2024-04-24",
          "latest_release_date": "2026-06-23",
          "eol_date": "2027-04-30",
          "support_date": "2025-10-21",
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 3,
            "high": 7,
            "medium": 4,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21636",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-48930",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-55130",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nodejs:24",
          "product": "nodejs",
          "category": "programming",
          "cycle": "24",
          "latest": "24.18.0",
          "release_date": "2025-05-06",
          "latest_release_date": "2026-06-23",
          "eol_date": "2028-04-30",
          "support_date": "2026-10-20",
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 3,
            "high": 7,
            "medium": 4,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21636",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-48930",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-55130",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nodejs:26",
          "product": "nodejs",
          "category": "programming",
          "cycle": "26",
          "latest": "26.4.0",
          "release_date": "2026-05-05",
          "latest_release_date": "2026-06-25",
          "eol_date": "2029-04-30",
          "support_date": "2027-10-27",
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 3,
            "high": 7,
            "medium": 4,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21636",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-48930",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-55130",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nuxt:3",
          "product": "nuxt",
          "category": "framework",
          "cycle": "3",
          "latest": "3.21.8",
          "release_date": "2022-11-16",
          "latest_release_date": "2026-06-08",
          "eol_date": "2026-07-31",
          "support_date": "2025-07-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nuxt:4",
          "product": "nuxt",
          "category": "framework",
          "cycle": "4",
          "latest": "4.4.8",
          "release_date": "2025-07-16",
          "latest_release_date": "2026-06-08",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "opensearch:3",
          "product": "opensearch",
          "category": "database",
          "cycle": "3",
          "latest": "3.7.0",
          "release_date": "2025-05-06",
          "latest_release_date": "2026-06-09",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-9624",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.0",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.0",
          "latest": "3.0.21",
          "release_date": "2021-09-07",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-09-07",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.4",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.4",
          "latest": "3.4.6",
          "release_date": "2024-10-22",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-10-22",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.5",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.5",
          "latest": "3.5.7",
          "release_date": "2025-04-08",
          "latest_release_date": "2026-06-09",
          "eol_date": "2030-04-08",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.6",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.6",
          "latest": "3.6.3",
          "release_date": "2025-10-01",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-11-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:4.0",
          "product": "openssl",
          "category": "crypto",
          "cycle": "4.0",
          "latest": "4.0.1",
          "release_date": "2026-04-14",
          "latest_release_date": "2026-06-09",
          "eol_date": "2027-05-14",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openvpn:2.7",
          "product": "openvpn",
          "category": "middleware",
          "cycle": "2.7",
          "latest": "2.7.5",
          "release_date": "2026-02-11",
          "latest_release_date": "2026-07-01",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 1,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-12106",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2025-13086",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-13751",
                "severity": "MEDIUM",
                "score": 5.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "php:8.4",
          "product": "php",
          "category": "programming",
          "cycle": "8.4",
          "latest": "8.4.22",
          "release_date": "2024-11-21",
          "latest_release_date": "2026-06-04",
          "eol_date": "2028-12-31",
          "support_date": "2026-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 2,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-14177",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14180",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14178",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "php:8.5",
          "product": "php",
          "category": "programming",
          "cycle": "8.5",
          "latest": "8.5.7",
          "release_date": "2025-11-20",
          "latest_release_date": "2026-06-04",
          "eol_date": "2029-12-31",
          "support_date": "2027-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 2,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-14177",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14180",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14178",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.10",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.10",
          "latest": "3.10.11",
          "release_date": "2025-02-16",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.11",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.11",
          "latest": "3.11.4",
          "release_date": "2026-03-06",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.8",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.8",
          "latest": "3.8.18",
          "release_date": "2023-04-17",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.9",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.9",
          "latest": "3.9.12",
          "release_date": "2024-03-06",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "python:3.13",
          "product": "python",
          "category": "programming",
          "cycle": "3.13",
          "latest": "3.13.14",
          "release_date": "2024-10-07",
          "latest_release_date": "2026-06-10",
          "eol_date": "2029-10-31",
          "support_date": "2026-10-01",
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 1,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-13836",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-13837",
                "severity": "MEDIUM",
                "score": 5.5
              },
              {
                "cve_id": "CVE-2025-12084",
                "severity": "MEDIUM",
                "score": 5.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "python:3.14",
          "product": "python",
          "category": "programming",
          "cycle": "3.14",
          "latest": "3.14.6",
          "release_date": "2025-10-07",
          "latest_release_date": "2026-06-10",
          "eol_date": "2030-10-31",
          "support_date": "2027-10-01",
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 1,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-13836",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-13837",
                "severity": "MEDIUM",
                "score": 5.5
              },
              {
                "cve_id": "CVE-2025-12084",
                "severity": "MEDIUM",
                "score": 5.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "rabbitmq:4.2",
          "product": "rabbitmq",
          "category": "middleware",
          "cycle": "4.2",
          "latest": "4.2.8",
          "release_date": "2025-10-27",
          "latest_release_date": "2026-06-13",
          "eol_date": "2026-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "rabbitmq:4.3",
          "product": "rabbitmq",
          "category": "middleware",
          "cycle": "4.3",
          "latest": "4.3.2",
          "release_date": "2026-04-23",
          "latest_release_date": "2026-06-11",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "redis:8.2",
          "product": "redis",
          "category": "database",
          "cycle": "8.2",
          "latest": "8.2.7",
          "release_date": "2025-08-04",
          "latest_release_date": "2026-06-04",
          "eol_date": "2026-05-25",
          "support_date": "2025-11-18",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 4,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-62507",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-25243",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-23479",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "redis:8.4",
          "product": "redis",
          "category": "database",
          "cycle": "8.4",
          "latest": "8.4.4",
          "release_date": "2025-11-18",
          "latest_release_date": "2026-06-04",
          "eol_date": "false",
          "support_date": "2026-02-11",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 4,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-62507",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-25243",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-23479",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "redis:8.6",
          "product": "redis",
          "category": "database",
          "cycle": "8.6",
          "latest": "8.6.4",
          "release_date": "2026-02-11",
          "latest_release_date": "2026-06-04",
          "eol_date": "false",
          "support_date": "2026-05-25",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 4,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-62507",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-25243",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-23479",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "ruby:3.4",
          "product": "ruby",
          "category": "programming",
          "cycle": "3.4",
          "latest": "3.4.10",
          "release_date": "2024-12-24",
          "latest_release_date": "2026-06-30",
          "eol_date": "2028-03-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "rust:1.96",
          "product": "rust",
          "category": "programming",
          "cycle": "1.96",
          "latest": "1.96.1",
          "release_date": "2026-05-28",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-boot:3.5",
          "product": "spring-boot",
          "category": "framework",
          "cycle": "3.5",
          "latest": "3.5.16",
          "release_date": "2025-05-31",
          "latest_release_date": "2026-06-25",
          "eol_date": "2026-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 1,
            "high": 4,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40976",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-22731",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-22733",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-boot:4.0",
          "product": "spring-boot",
          "category": "framework",
          "cycle": "4.0",
          "latest": "4.0.7",
          "release_date": "2025-11-30",
          "latest_release_date": "2026-06-10",
          "eol_date": "2026-12-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 1,
            "high": 4,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40976",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-22731",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-22733",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-boot:4.1",
          "product": "spring-boot",
          "category": "framework",
          "cycle": "4.1",
          "latest": "4.1.0",
          "release_date": "2026-06-30",
          "latest_release_date": "2026-06-10",
          "eol_date": "2027-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 1,
            "high": 4,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40976",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-22731",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-22733",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-framework:6.2",
          "product": "spring-framework",
          "category": "framework",
          "cycle": "6.2",
          "latest": "6.2.19",
          "release_date": "2024-11-30",
          "latest_release_date": "2026-06-08",
          "eol_date": "2026-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 9,
            "critical": 0,
            "high": 3,
            "medium": 5,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-41842",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41849",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41850",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-framework:7.0",
          "product": "spring-framework",
          "category": "framework",
          "cycle": "7.0",
          "latest": "7.0.8",
          "release_date": "2025-11-30",
          "latest_release_date": "2026-06-08",
          "eol_date": "2027-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 9,
            "critical": 0,
            "high": 3,
            "medium": 5,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-41842",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41849",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41850",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "squid:7",
          "product": "squid",
          "category": "webserver",
          "cycle": "7",
          "latest": "7.6",
          "release_date": "2025-07-10",
          "latest_release_date": "2026-06-07",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 2,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-32748",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-33526",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-33515",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:6.4",
          "product": "symfony",
          "category": "framework",
          "cycle": "6.4",
          "latest": "6.4.42",
          "release_date": "2023-11-29",
          "latest_release_date": "2026-06-27",
          "eol_date": "2027-11-30",
          "support_date": "2026-11-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:7.4",
          "product": "symfony",
          "category": "framework",
          "cycle": "7.4",
          "latest": "7.4.14",
          "release_date": "2025-11-27",
          "latest_release_date": "2026-06-27",
          "eol_date": "2029-11-30",
          "support_date": "2028-11-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:8.0",
          "product": "symfony",
          "category": "framework",
          "cycle": "8.0",
          "latest": "8.0.14",
          "release_date": "2025-11-27",
          "latest_release_date": "2026-06-27",
          "eol_date": "2026-07-31",
          "support_date": "2026-07-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:8.1",
          "product": "symfony",
          "category": "framework",
          "cycle": "8.1",
          "latest": "8.1.1",
          "release_date": "2026-05-29",
          "latest_release_date": "2026-06-27",
          "eol_date": "2027-01-31",
          "support_date": "2027-01-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "tomcat:10.1",
          "product": "tomcat",
          "category": "webserver",
          "cycle": "10.1",
          "latest": "10.1.56",
          "release_date": "2022-09-23",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 2,
            "high": 7,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-66614",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29145",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29129",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "tomcat:11.0",
          "product": "tomcat",
          "category": "webserver",
          "cycle": "11.0",
          "latest": "11.0.23",
          "release_date": "2024-10-03",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 2,
            "high": 7,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-66614",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29145",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29129",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "tomcat:9.0",
          "product": "tomcat",
          "category": "webserver",
          "cycle": "9.0",
          "latest": "9.0.119",
          "release_date": "2017-09-27",
          "latest_release_date": "2026-06-18",
          "eol_date": "2027-03-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 2,
            "high": 7,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-66614",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29145",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29129",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "traefik:2.11",
          "product": "traefik",
          "category": "webserver",
          "cycle": "2.11",
          "latest": "2.11.51",
          "release_date": "2024-02-12",
          "latest_release_date": "2026-06-30",
          "eol_date": "2026-02-01",
          "support_date": "2025-04-29",
          "is_major_product": true,
          "cve_stats": {
            "total": 17,
            "critical": 2,
            "high": 6,
            "medium": 7,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-39858",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-35051",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-33433",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "traefik:3.6",
          "product": "traefik",
          "category": "webserver",
          "cycle": "3.6",
          "latest": "3.6.22",
          "release_date": "2025-11-07",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": "2026-05-11",
          "is_major_product": true,
          "cve_stats": {
            "total": 17,
            "critical": 2,
            "high": 6,
            "medium": 7,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-39858",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-35051",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-33433",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "traefik:3.7",
          "product": "traefik",
          "category": "webserver",
          "cycle": "3.7",
          "latest": "3.7.6",
          "release_date": "2026-04-22",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 17,
            "critical": 2,
            "high": 6,
            "medium": 7,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-39858",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-35051",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-33433",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:10",
          "product": "typo3",
          "category": "cms",
          "cycle": "10",
          "latest": "10.4.58",
          "release_date": "2019-07-23",
          "latest_release_date": "2026-06-16",
          "eol_date": "2023-04-30",
          "support_date": "2021-10-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:11",
          "product": "typo3",
          "category": "cms",
          "cycle": "11",
          "latest": "11.5.52",
          "release_date": "2020-12-22",
          "latest_release_date": "2026-06-16",
          "eol_date": "2024-10-31",
          "support_date": "2023-03-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:12",
          "product": "typo3",
          "category": "cms",
          "cycle": "12",
          "latest": "12.4.47",
          "release_date": "2022-10-04",
          "latest_release_date": "2026-06-16",
          "eol_date": "2026-04-30",
          "support_date": "2024-10-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:13",
          "product": "typo3",
          "category": "cms",
          "cycle": "13",
          "latest": "13.4.32",
          "release_date": "2024-01-30",
          "latest_release_date": "2026-06-16",
          "eol_date": "2027-12-31",
          "support_date": "2026-06-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:14",
          "product": "typo3",
          "category": "cms",
          "cycle": "14",
          "latest": "14.3.4",
          "release_date": "2025-11-25",
          "latest_release_date": "2026-06-16",
          "eol_date": "2029-06-30",
          "support_date": "2027-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "virtualbox:7.2",
          "product": "virtualbox",
          "category": "virtualization",
          "cycle": "7.2",
          "latest": "7.2.12",
          "release_date": "2025-08-14",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 33,
            "critical": 0,
            "high": 19,
            "medium": 8,
            "low": 6,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21990",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-21988",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-21956",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "vue:3.5",
          "product": "vue",
          "category": "framework",
          "cycle": "3.5",
          "latest": "3.5.39",
          "release_date": "2024-09-03",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        }
      ]
    }