📊 SecuPortal 日次脆弱性ダイジェスト

2026-07-08 11:04:53 生成 · 2026-07-02〜2026-07-08 (7日分)
新規 KEV 23 | 更新ソフト 118 | 対象期間 7日 | 生成 2026-07-08 11:04:53

📦 更新された主要ソフトウェア


製品新バージョンリリース日CVE件数CriticalHighKEV状態
Next.js (16)16.2.102026-07-01221101⚠️要確認
OpenVPN (2.7)2.7.52026-07-013110⚠️要確認
Jenkins (2)2.5712026-06-3016050🟠重要
Laravel (13)13.18.02026-06-300000✅計画
MediaWiki (1.46)1.46.02026-06-3021110⚠️要確認
Ruby (3.4)3.4.102026-06-300000✅計画
Rust (1.96)1.96.12026-06-300000✅計画
Traefik (2.11)2.11.512026-06-3017260⚠️要確認
Traefik (3.6)3.6.222026-06-3017260⚠️要確認
Traefik (3.7)3.7.62026-06-3017260⚠️要確認
VirtualBox (7.2)7.2.122026-06-30330190🟠重要
GitLab (18.8)18.8.112026-06-291630490🟠重要
macOS (26)26.5.22026-06-2913816472813⚠️要確認
MediaWiki (1.43)1.43.92026-06-2921110⚠️要確認
MediaWiki (1.44)1.44.62026-06-2921110⚠️要確認
MediaWiki (1.45)1.45.42026-06-2921110⚠️要確認
Symfony (6.4)6.4.422026-06-272010🟠重要
Symfony (7.4)7.4.142026-06-272010🟠重要
Symfony (8.0)8.0.142026-06-272010🟠重要
Symfony (8.1)8.1.12026-06-272010🟠重要
Angular (22)22.0.42026-06-264000✅計画
Elasticsearch (8.19)8.19.182026-06-263000✅計画
HAProxy (2.6)2.6.302026-06-261010🟠重要
HAProxy (2.8)2.8.252026-06-261010🟠重要
HAProxy (3.0)3.0.242026-06-261010🟠重要
HAProxy (3.2)3.2.202026-06-261010🟠重要
HAProxy (3.3)3.3.112026-06-261010🟠重要
Apache ActiveMQ (5.19)5.19.82026-06-2513071⚠️要確認
Apache ActiveMQ (6.2)6.2.72026-06-2513071⚠️要確認
Elasticsearch (9.3)9.3.72026-06-253000✅計画
Elasticsearch (9.4)9.4.32026-06-253000✅計画
HAProxy (3.4)3.4.12026-06-251010🟠重要
Nextcloud (32)32.0.122026-06-250000✅計画
Nextcloud (33)33.0.62026-06-250000✅計画
Nextcloud (34)34.0.12026-06-250000✅計画
Node.js (26)26.4.02026-06-2516370⚠️要確認
Spring Boot (3.5)3.5.162026-06-257140⚠️要確認
Vue.js (3.5)3.5.392026-06-250000✅計画
MongoDB (4.4)4.4.312026-06-2420031⚠️要確認
Apache Kafka (4.3)4.3.12026-06-233100⚠️要確認
Drupal (10.6)10.6.122026-06-237000✅計画
Drupal (11.3)11.3.132026-06-237000✅計画
GitLab (18.11)18.11.62026-06-231630490🟠重要
GitLab (19.0)19.0.32026-06-231630490🟠重要
GitLab (19.1)19.1.12026-06-231630490🟠重要
Node.js (22)22.23.12026-06-2316370⚠️要確認
Node.js (24)24.18.02026-06-2316370⚠️要確認
Amazon Linux (2)2.0.20260615.02026-06-220000✅計画
Amazon Linux (2023)2023.12.20260611.02026-06-220000✅計画
Alpine Linux (3.22)3.22.52026-06-210000✅計画
Alpine Linux (3.23)3.23.52026-06-210000✅計画
Postfix (3.8)3.8.182026-06-180000✅計画
Postfix (3.9)3.9.122026-06-180000✅計画
Postfix (3.10)3.10.112026-06-180000✅計画
Postfix (3.11)3.11.42026-06-180000✅計画
Apache Tomcat (9.0)9.0.1192026-06-1813270⚠️要確認
Drupal (10.5)10.5.122026-06-177000✅計画
Drupal (11.2)11.2.142026-06-177000✅計画
HashiCorp Vault (2.0)2.0.32026-06-174030🟠重要
Microsoft SQL Server (17.0)17.0.4055.5 CU62026-06-170000✅計画
nginx (1.30)1.30.32026-06-170000✅計画
nginx (1.31)1.31.22026-06-170000✅計画
Apache Tomcat (10.1)10.1.562026-06-1713270⚠️要確認
Apache Tomcat (11.0)11.0.232026-06-1713270⚠️要確認
Amazon Linux (2018.03)2018.03.0.20231218.02026-06-160000✅計画
MongoDB (5.0)5.0.342026-06-1620031⚠️要確認
MongoDB (6.0)6.0.292026-06-1620031⚠️要確認
MongoDB (7.0)7.0.372026-06-1620031⚠️要確認
MongoDB (8.0)8.0.262026-06-1620031⚠️要確認
MongoDB (8.2)8.2.112026-06-1620031⚠️要確認
TYPO3 (10)10.4.582026-06-164020🟠重要
TYPO3 (11)11.5.522026-06-164020🟠重要
TYPO3 (12)12.4.472026-06-164020🟠重要
TYPO3 (13)13.4.322026-06-164020🟠重要
TYPO3 (14)14.3.42026-06-164020🟠重要
MongoDB (8.3)8.3.42026-06-1520031⚠️要確認
Alpine Linux (3.24)3.24.12026-06-130000✅計画
RabbitMQ (4.2)4.2.82026-06-130000✅計画
RabbitMQ (4.3)4.3.22026-06-110000✅計画
Angular (20)20.3.252026-06-104000✅計画
Angular (21)21.2.172026-06-104000✅計画
GitLab (18.10)18.10.82026-06-101630490🟠重要
Python (3.13)3.13.142026-06-105010🟠重要
Python (3.14)3.14.62026-06-105010🟠重要
Spring Boot (4.0)4.0.72026-06-107140⚠️要確認
Spring Boot (4.1)4.1.02026-06-107140⚠️要確認
.NET (8)8.0.282026-06-095050🟠重要
.NET (9)9.0.172026-06-095050🟠重要
.NET (10)10.0.92026-06-095050🟠重要
Laravel (12)12.62.02026-06-090000✅計画
OpenSearch (3)3.7.02026-06-091010🟠重要
OpenSSL (3.0)3.0.212026-06-09191100⚠️要確認
OpenSSL (3.4)3.4.62026-06-09191100⚠️要確認
OpenSSL (3.5)3.5.72026-06-09191100⚠️要確認
OpenSSL (3.6)3.6.32026-06-09191100⚠️要確認
OpenSSL (4.0)4.0.12026-06-09191100⚠️要確認
Apache HTTP Server (2.4)2.4.682026-06-0813370⚠️要確認
Jenkins (2.555)2.555.32026-06-0816050🟠重要
Nuxt (3)3.21.82026-06-080000✅計画
Nuxt (4)4.4.82026-06-080000✅計画
Spring Framework (6.2)6.2.192026-06-089030🟠重要
Spring Framework (7.0)7.0.82026-06-089030🟠重要
Squid (7)7.62026-06-073020🟠重要
PHP (8.4)8.4.222026-06-043020🟠重要
PHP (8.5)8.5.72026-06-043020🟠重要
Redis (8.2)8.2.72026-06-044040🟠重要
Redis (8.4)8.4.42026-06-044040🟠重要
Redis (8.6)8.6.42026-06-044040🟠重要
Django (5.2)5.2.152026-06-0322270⚠️要確認
Django (6.0)6.0.62026-06-0322270⚠️要確認
MySQL (8.4)8.4.102026-06-031000✅計画
MySQL (9.7)9.7.12026-06-031000✅計画
Angular (19)19.2.252026-06-024000✅計画
Caddy (2)2.11.42026-06-028420⚠️要確認
Eclipse Jetty (12.0)12.0.362026-06-024030🟠重要
Eclipse Jetty (12.1)12.1.102026-06-024030🟠重要
Go (1.25)1.25.112026-06-02263130⚠️要確認
Go (1.26)1.26.42026-06-02263130⚠️要確認

非主要製品の更新: 0件(今回のダイジェストでは is_major_product=false の software_update エントリは検出されず、OSディストリ/Alpine派生などの区分は該当なし)


🔴 ★★★ 要対応 CVE


本日の要対応該当なし(KEV新規登録24件はいずれも is_major_product=false と分類されており、★★★の閾値(主要製品×KEV/CVSS≥9.0かつリモート/既知ランサムウェア)には該当しない可能性が高い)。


ただし上表の Next.js 16 系には CVSS 10.0・KEV該当の CVE-2025-55182 が含まれている旨、cve_stats 上で確認できるため、公式アドバイザリで詳細を確認の上、優先度を個別に引き上げる余地がある可能性がある。


🟠 ★★ 参考 CVE


展開して表示 (23件)
  • CVE-2022-0492 — Linux Kernel (CVSS N/A, KEV) : cgroups v1 release_agent経由の権限昇格。is_major_product=falseで自社主要製品リスト外だが、ホストOSのカーネル更新追従状況は別途確認の余地がある。
  • CVE-2025-48595 — Android Framework (CVSS 8.4, KEV) : Androidローカル権限昇格。サーバサイドOSS中心の自社運用とは無関係の可能性が高い。
  • CVE-2025-67038 — Lantronix EDS5000 (CVSS 9.8, KEV) : IoTシリアルデバイスサーバのOSコマンドインジェクション。自社導入実績なしと推測。
  • CVE-2026-10520 — Ivanti Sentry (CVSS 10.0, KEV) : 未認証RCE。Ivanti製品は自社非利用のため対象外の可能性が高い。
  • CVE-2026-11645 — Google Chromium V8 (CVSS 8.8, KEV) : ブラウザサンドボックス内RCE。従業員端末側のブラウザ更新で追従される想定。
  • CVE-2026-12569 — PTC Windchill and FlexPLM (CVSS N/A, KEV) : PLM製品の未認証RCE。自社非利用と推測。
  • CVE-2026-20230 — Cisco Unified Communications Manager (CVSS 8.6, KEV) : SSRF経由のroot権限奪取。Cisco機器は自社非利用のため対象外の可能性が高い。
  • CVE-2026-20245 — Cisco Catalyst SD-WAN Manager (CVSS 7.8, KEV) : ローカル権限昇格。Cisco非利用のため対象外の可能性が高い。
  • CVE-2026-20253 — Splunk Enterprise (CVSS 9.8, KEV) : PostgreSQLサイドカー経由の未認証ファイル操作。Splunk自体は自社非利用だが、内部にPostgreSQL要素が含まれる点のみ留意(自社PostgreSQL運用とは無関係と推測)。
  • CVE-2026-20262 — Cisco Catalyst SD-WAN Manager (CVSS 6.5, KEV) : パストラバーサル。Cisco非利用のため対象外の可能性が高い。
  • CVE-2026-28318 — SolarWinds Serv-U (CVSS 7.5, KEV) : 未認証DoS。自社利用実績なしと推測。
  • CVE-2026-34908 — Ubiquiti UniFi OS (CVSS 10.0, KEV) : アクセス制御不備。自社ネットワーク機器の構成確認は個別に要すると考えられる。
  • CVE-2026-34909 — Ubiquiti UniFi OS (CVSS 10.0, KEV) : パストラバーサル。同上。
  • CVE-2026-34910 — Ubiquiti UniFi OS (CVSS 10.0, KEV) : コマンドインジェクション。EPSSが0.79と高めのため、UniFi機器の有無だけは念のため棚卸を推奨。
  • CVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools (CVSS 9.8, KEV, ランサムウェア既知) : 未認証乗っ取り。Oracle PeopleSoftは自社非利用のため対象外の可能性が高い。
  • CVE-2026-42271 — BerriAI LiteLLM (CVSS 8.8, KEV) : 低権限ユーザによるコマンドインジェクション。LLMゲートウェイ製品のため、社内でLLM API中継基盤として類似ツールを利用している場合のみ要確認。
  • CVE-2026-45247 — Mirasvit Full Page Cache Warmer (CVSS 9.8, KEV) : Magento拡張のPHPデシリアライズRCE。自社EC基盤非利用のため対象外の可能性が高い。
  • CVE-2026-45659 — Microsoft SharePoint Server (CVSS N/A, KEV) : デシリアライズ脆弱性。自社SharePoint利用有無は別途確認事項。
  • CVE-2026-48558 — SimpleHelp (CVSS 10.0, KEV) : OIDC認証バイパス。リモート支援ツールの自社利用有無は別途確認事項。
  • CVE-2026-48907 — Widget Factory Joomla Content Editor (CVSS N/A, KEV) : 未認証でのPHP実行。Joomla非利用のため対象外の可能性が高い。
  • CVE-2026-50751 — Check Point Security Gateway (CVSS 9.3, KEV, ランサムウェア既知) : IKEv1認証バイパスによるVPN接続。Check Point非利用のため対象外の可能性が高い。
  • CVE-2026-54420 — LiteSpeed cPanel Plugin (CVSS 8.5, KEV) : シンボリックリンク追跡。共有ホスティング(cPanel)非利用のため対象外の可能性が高い。
  • CVE-2026-7473 — Arista Extensible Operating System (CVSS 5.8, KEV) : トンネルパケット処理の不備。Arista機器非利用のため対象外の可能性が高い。


  • 📝 AI 全体サマリ


    展開して読む
  • 全体トレンドとして、今回のKEV新規登録24件はいずれもエンタープライズアプライアンス(Ivanti/Cisco/Oracle PeopleSoft/Splunk/Check Point/Ubiquiti等)やニッチ製品に集中しており、自社が主に運用するnginx/Django/Next.js等のOSSスタックへの直接的な緊急対応は今回の期間では発生していない可能性が高い。一方で、Next.js 16系(CVSS10.0・KEV該当のCVE-2025-55182含む)、macOS 26(Critical 64件・KEV 13件)、MongoDB各系(KEV1件)、Apache ActiveMQ(KEV1件)など、自社主要製品側の集計値にもKEV該当CVEが含まれている点は公式アドバイザリで詳細確認を推奨する。
  • 特記事項として、Django/Go/OpenSSL/Node.js/Traefik/GitLab等は今回のリリースでCritical/High件数が比較的多く、通常のパッチ計画サイクルでの追従に加え、公開されているCVE個票(top_cves)ベースでの影響範囲精査を推奨する。BerriAI LiteLLM(CVE-2026-42271)はLLM関連基盤ツールであり、PRODUCTS辞書には含まれないが社内でLLMゲートウェイ運用がある場合は個別確認が望ましい。
  • PoC検証を推奨する候補としては、Next.js 16系のCVE-2025-55182(CVSS10.0・KEV該当)が最有力候補となる可能性がある。公式アドバイザリで詳細確認後、検証環境の骨子例として以下のようなDocker Compose構成が考えられる(実際のexploitコードは含めず、あくまで挙動確認用の骨子)。

  • 
    # docker-compose.yml (検証用サンプル骨子・PoCコードは含まない)
    services:
      nextjs-app:
        build: ./nextjs-target   # 影響バージョンのNext.jsアプリを配置
        ports:
          - "3000:3000"
        environment:
          - NODE_ENV=production
        networks:
          - poc-net
    
      reverse-proxy:
        image: nginx:1.31        # 最新パッチ版を利用して比較検証も可能
        ports:
          - "8080:80"
        depends_on:
          - nextjs-app
        networks:
          - poc-net
    
    networks:
      poc-net:
        driver: bridge
    

    上記はあくまでアプリケーション単体を隔離ネットワーク上で動作確認するための骨子であり、実際の脆弱性再現手順・攻撃コードは公式アドバイザリおよびベンダーの正式な検証ガイドラインに従って別途検討することを推奨する。



    原本データ (JSON) — 表示するにはクリック
    {
      "range": {
        "from": "2026-07-02",
        "to": "2026-07-08",
        "days": 7
      },
      "summary": {
        "total_kev_new": 23,
        "total_software_update": 118,
        "by_date": {
          "2026-07-02": {
            "kev_new": 23,
            "software_update": 118
          }
        }
      },
      "kev_new": [
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2022-0492",
          "cve_id": "CVE-2022-0492",
          "vendor_project": "Linux",
          "product": "Kernel",
          "vulnerability_name": "Linux Kernel Improper Authentication Vulnerability",
          "date_added": "2026-06-02",
          "short_description": "Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-05",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": null,
          "epss_score": null
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2025-48595",
          "cve_id": "CVE-2025-48595",
          "vendor_project": "Android",
          "product": "Framework",
          "vulnerability_name": "Android Framework Integer Overflow Vulnerability",
          "date_added": "2026-06-02",
          "short_description": "Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-05",
          "known_ransomware": "Unknown",
          "cvss_score": 8.4,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "L",
          "is_remote": false,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
          "epss_score": 0.01714
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2025-67038",
          "cve_id": "CVE-2025-67038",
          "vendor_project": "Lantronix",
          "product": "EDS5000",
          "vulnerability_name": "Lantronix EDS5000 Code Injection Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.",
          "epss_score": 0.01131
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-10520",
          "cve_id": "CVE-2026-10520",
          "vendor_project": "Ivanti",
          "product": "Sentry",
          "vulnerability_name": "Ivanti Sentry OS Command Injection Vulnerability",
          "date_added": "2026-06-11",
          "short_description": "Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-14",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution",
          "epss_score": 0.98937
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-11645",
          "cve_id": "CVE-2026-11645",
          "vendor_project": "Google",
          "product": "Chromium V8",
          "vulnerability_name": "Google Chromium V8 Out-of-Bounds Read and Write Vulnerability",
          "date_added": "2026-06-09",
          "short_description": "Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-23",
          "known_ransomware": "Unknown",
          "cvss_score": 8.8,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
          "epss_score": 0.01654
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-12569",
          "cve_id": "CVE-2026-12569",
          "vendor_project": "PTC",
          "product": "Windchill and FlexPLM",
          "vulnerability_name": "PTC Windchill and FlexPLM Improper Input Validation Vulnerability",
          "date_added": "2026-06-25",
          "short_description": "PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-28",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.   *  This advisory also applies to all CPS versions\n  *  The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030",
          "epss_score": 0.01106
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20230",
          "cve_id": "CVE-2026-20230",
          "vendor_project": "Cisco",
          "product": "Unified Communications Manager",
          "vulnerability_name": "Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability",
          "date_added": "2026-06-25",
          "short_description": "Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-28",
          "known_ransomware": "Unknown",
          "cvss_score": 8.6,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device.\r\n\r This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could a",
          "epss_score": 0.41694
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20245",
          "cve_id": "CVE-2026-20245",
          "vendor_project": "Cisco",
          "product": "Catalyst SD-WAN Manager",
          "vulnerability_name": "Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability",
          "date_added": "2026-06-09",
          "short_description": "Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-23",
          "known_ransomware": "Unknown",
          "cvss_score": 7.8,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "L",
          "is_remote": false,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected syst",
          "epss_score": 0.09922
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20253",
          "cve_id": "CVE-2026-20253",
          "vendor_project": "Splunk",
          "product": "Enterprise",
          "vulnerability_name": "Splunk Enterprise Missing Authentication for Critical Function Vulnerability",
          "date_added": "2026-06-18",
          "short_description": "Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-21",
          "known_ransomware": "Unknown",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.",
          "epss_score": 0.88171
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-20262",
          "cve_id": "CVE-2026-20262",
          "vendor_project": "Cisco",
          "product": "Catalyst SD-WAN Manager",
          "vulnerability_name": "Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability",
          "date_added": "2026-06-15",
          "short_description": "Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-29",
          "known_ransomware": "Unknown",
          "cvss_score": 6.5,
          "cvss_severity": "MEDIUM",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.\r\n\r\nThis vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful explo",
          "epss_score": 0.07683
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-28318",
          "cve_id": "CVE-2026-28318",
          "vendor_project": "SolarWinds",
          "product": "Serv-U",
          "vulnerability_name": "SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability",
          "date_added": "2026-06-05",
          "short_description": "SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-19",
          "known_ransomware": "Unknown",
          "cvss_score": 7.5,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update",
          "epss_score": 0.10659
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-34908",
          "cve_id": "CVE-2026-34908",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Improper Access Control Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.",
          "epss_score": 0.02452
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-34909",
          "cve_id": "CVE-2026-34909",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Path Traversal Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.",
          "epss_score": 0.02269
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-34910",
          "cve_id": "CVE-2026-34910",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Improper Input Validation Vulnerability",
          "date_added": "2026-06-23",
          "short_description": "Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-26",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.",
          "epss_score": 0.78555
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-35273",
          "cve_id": "CVE-2026-35273",
          "vendor_project": "Oracle",
          "product": " PeopleSoft Enterprise PeopleTools",
          "vulnerability_name": "Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability",
          "date_added": "2026-06-12",
          "short_description": "Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-15",
          "known_ransomware": "Known",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability i",
          "epss_score": 0.9233
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-42271",
          "cve_id": "CVE-2026-42271",
          "vendor_project": "BerriAI",
          "product": "LiteLLM",
          "vulnerability_name": "BerriAI LiteLLM Command Injection Vulnerability",
          "date_added": "2026-06-08",
          "short_description": "BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-22",
          "known_ransomware": "Unknown",
          "cvss_score": 8.8,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied com",
          "epss_score": 0.80188
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-45247",
          "cve_id": "CVE-2026-45247",
          "vendor_project": "Mirasvit",
          "product": "Mirasvit Full Page Cache Warmer",
          "vulnerability_name": "Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability",
          "date_added": "2026-06-03",
          "short_description": "Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-06",
          "known_ransomware": "Unknown",
          "cvss_score": 9.8,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.",
          "epss_score": 0.27546
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-45659",
          "cve_id": "CVE-2026-45659",
          "vendor_project": "Microsoft",
          "product": "SharePoint Server",
          "vulnerability_name": "Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability",
          "date_added": "2026-07-01",
          "short_description": "Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-07-04",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": null,
          "epss_score": null
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-48558",
          "cve_id": "CVE-2026-48558",
          "vendor_project": "SimpleHelp ",
          "product": "SimpleHelp",
          "vulnerability_name": "SimpleHelp Authentication Bypass Vulnerability",
          "date_added": "2026-06-29",
          "short_description": "SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-07-02",
          "known_ransomware": "Unknown",
          "cvss_score": 10.0,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may",
          "epss_score": 0.0116
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-48907",
          "cve_id": "CVE-2026-48907",
          "vendor_project": "Widget Factory",
          "product": "Joomla Content Editor ",
          "vulnerability_name": "Widget Factory Joomla Content Editor Improper Access Control Vulnerability",
          "date_added": "2026-06-16",
          "short_description": "Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. ",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-19",
          "known_ransomware": "Unknown",
          "cvss_score": null,
          "cvss_severity": null,
          "cvss_vector": null,
          "attack_vector": null,
          "is_remote": null,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.",
          "epss_score": 0.80425
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-50751",
          "cve_id": "CVE-2026-50751",
          "vendor_project": "Check Point",
          "product": "Security Gateway",
          "vulnerability_name": "Check Point Security Gateway Improper Authentication Vulnerability",
          "date_added": "2026-06-08",
          "short_description": "Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-11",
          "known_ransomware": "Known",
          "cvss_score": 9.3,
          "cvss_severity": "CRITICAL",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.",
          "epss_score": 0.71051
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-54420",
          "cve_id": "CVE-2026-54420",
          "vendor_project": "LiteSpeed",
          "product": "cPanel Plugin",
          "vulnerability_name": "LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability",
          "date_added": "2026-06-15",
          "short_description": "LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.",
          "required_action": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
          "due_date": "2026-06-18",
          "known_ransomware": "Unknown",
          "cvss_score": 8.5,
          "cvss_severity": "HIGH",
          "cvss_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.",
          "epss_score": 0.01261
        },
        {
          "digest_date": "2026-07-02",
          "key": "CVE-2026-7473",
          "cve_id": "CVE-2026-7473",
          "vendor_project": "Arista",
          "product": "Extensible Operating System",
          "vulnerability_name": "Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability",
          "date_added": "2026-06-09",
          "short_description": "Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.",
          "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
          "due_date": "2026-06-23",
          "known_ransomware": "Unknown",
          "cvss_score": 5.8,
          "cvss_severity": "MEDIUM",
          "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "attack_vector": "N",
          "is_remote": true,
          "is_major_product": false,
          "matched_product": null,
          "title_en": "On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tun",
          "epss_score": 0.00836
        }
      ],
      "software_update": [
        {
          "digest_date": "2026-07-02",
          "key": "alpine-linux:3.22",
          "product": "alpine-linux",
          "category": "os",
          "cycle": "3.22",
          "latest": "3.22.5",
          "release_date": "2025-05-30",
          "latest_release_date": "2026-06-21",
          "eol_date": "2027-05-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "alpine-linux:3.23",
          "product": "alpine-linux",
          "category": "os",
          "cycle": "3.23",
          "latest": "3.23.5",
          "release_date": "2025-12-04",
          "latest_release_date": "2026-06-21",
          "eol_date": "2027-11-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "alpine-linux:3.24",
          "product": "alpine-linux",
          "category": "os",
          "cycle": "3.24",
          "latest": "3.24.1",
          "release_date": "2026-06-09",
          "latest_release_date": "2026-06-13",
          "eol_date": "2028-06-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "amazon-linux:2",
          "product": "amazon-linux",
          "category": "os",
          "cycle": "2",
          "latest": "2.0.20260615.0",
          "release_date": "2018-06-26",
          "latest_release_date": "2026-06-22",
          "eol_date": "2026-06-30",
          "support_date": "2026-06-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "amazon-linux:2018.03",
          "product": "amazon-linux",
          "category": "os",
          "cycle": "2018.03",
          "latest": "2018.03.0.20231218.0",
          "release_date": "2018-04-25",
          "latest_release_date": "2026-06-16",
          "eol_date": "2023-12-31",
          "support_date": "2020-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "amazon-linux:2023",
          "product": "amazon-linux",
          "category": "os",
          "cycle": "2023",
          "latest": "2023.12.20260611.0",
          "release_date": "2023-03-01",
          "latest_release_date": "2026-06-22",
          "eol_date": "2029-06-30",
          "support_date": "2027-06-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:19",
          "product": "angular",
          "category": "framework",
          "cycle": "19",
          "latest": "19.2.25",
          "release_date": "2024-11-19",
          "latest_release_date": "2026-06-02",
          "eol_date": "2026-05-19",
          "support_date": "2025-05-28",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:20",
          "product": "angular",
          "category": "framework",
          "cycle": "20",
          "latest": "20.3.25",
          "release_date": "2025-05-28",
          "latest_release_date": "2026-06-10",
          "eol_date": "2026-11-28",
          "support_date": "2025-11-19",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:21",
          "product": "angular",
          "category": "framework",
          "cycle": "21",
          "latest": "21.2.17",
          "release_date": "2025-11-19",
          "latest_release_date": "2026-06-10",
          "eol_date": "2027-05-19",
          "support_date": "2026-06-03",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "angular:22",
          "product": "angular",
          "category": "framework",
          "cycle": "22",
          "latest": "22.0.4",
          "release_date": "2026-06-03",
          "latest_release_date": "2026-06-26",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 0,
            "medium": 4,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-22610",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-27970",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2025-61261",
                "severity": "MEDIUM",
                "score": 5.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache-activemq:5.19",
          "product": "apache-activemq",
          "category": "middleware",
          "cycle": "5.19",
          "latest": "5.19.8",
          "release_date": "2025-03-07",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 0,
            "high": 7,
            "medium": 6,
            "low": 0,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40466",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-49157",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-45505",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache-activemq:6.2",
          "product": "apache-activemq",
          "category": "middleware",
          "cycle": "6.2",
          "latest": "6.2.7",
          "release_date": "2025-11-09",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 0,
            "high": 7,
            "medium": 6,
            "low": 0,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40466",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-49157",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-45505",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache-kafka:4.3",
          "product": "apache-kafka",
          "category": "middleware",
          "cycle": "4.3",
          "latest": "4.3.1",
          "release_date": "2026-05-20",
          "latest_release_date": "2026-06-23",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 1,
            "high": 0,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-33557",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-33558",
                "severity": "MEDIUM",
                "score": 5.3
              },
              {
                "cve_id": "CVE-2026-41115",
                "severity": "MEDIUM",
                "score": 4.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "apache:2.4",
          "product": "apache",
          "category": "webserver",
          "cycle": "2.4",
          "latest": "2.4.68",
          "release_date": "2012-02-21",
          "latest_release_date": "2026-06-08",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 3,
            "high": 7,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-28780",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-29167",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-42535",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "caddy:2",
          "product": "caddy",
          "category": "webserver",
          "cycle": "2",
          "latest": "2.11.4",
          "release_date": "2020-05-04",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 8,
            "critical": 4,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-27590",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-27587",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-27586",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "django:5.2",
          "product": "django",
          "category": "framework",
          "cycle": "5.2",
          "latest": "5.2.15",
          "release_date": "2025-04-02",
          "latest_release_date": "2026-06-03",
          "eol_date": "2028-04-30",
          "support_date": "2025-12-03",
          "is_major_product": true,
          "cve_stats": {
            "total": 22,
            "critical": 2,
            "high": 7,
            "medium": 6,
            "low": 7,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4277",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-64459",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2025-14550",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "django:6.0",
          "product": "django",
          "category": "framework",
          "cycle": "6.0",
          "latest": "6.0.6",
          "release_date": "2025-12-03",
          "latest_release_date": "2026-06-03",
          "eol_date": "2027-04-30",
          "support_date": "2026-08-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 22,
            "critical": 2,
            "high": 7,
            "medium": 6,
            "low": 7,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4277",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-64459",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2025-14550",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "dotnet:10",
          "product": "dotnet",
          "category": "framework",
          "cycle": "10",
          "latest": "10.0.9",
          "release_date": "2025-11-11",
          "latest_release_date": "2026-06-09",
          "eol_date": "2028-11-14",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 5,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-26131",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2026-42899",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-21218",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "dotnet:8",
          "product": "dotnet",
          "category": "framework",
          "cycle": "8",
          "latest": "8.0.28",
          "release_date": "2023-11-14",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-11-10",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 5,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-26131",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2026-42899",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-21218",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "dotnet:9",
          "product": "dotnet",
          "category": "framework",
          "cycle": "9",
          "latest": "9.0.17",
          "release_date": "2024-11-12",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-11-10",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 5,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-26131",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2026-42899",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-21218",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:10.5",
          "product": "drupal",
          "category": "cms",
          "cycle": "10.5",
          "latest": "10.5.12",
          "release_date": "2025-06-18",
          "latest_release_date": "2026-06-17",
          "eol_date": "2026-06-17",
          "support_date": "2025-12-17",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:10.6",
          "product": "drupal",
          "category": "cms",
          "cycle": "10.6",
          "latest": "10.6.12",
          "release_date": "2025-12-17",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-12-16",
          "support_date": "2026-06-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:11.2",
          "product": "drupal",
          "category": "cms",
          "cycle": "11.2",
          "latest": "11.2.14",
          "release_date": "2025-06-18",
          "latest_release_date": "2026-06-17",
          "eol_date": "2026-06-17",
          "support_date": "2025-12-10",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "drupal:11.3",
          "product": "drupal",
          "category": "cms",
          "cycle": "11.3",
          "latest": "11.3.13",
          "release_date": "2025-12-17",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-12-16",
          "support_date": "2026-06-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 0,
            "high": 0,
            "medium": 6,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6366",
                "severity": "MEDIUM",
                "score": 6.6
              },
              {
                "cve_id": "CVE-2026-6367",
                "severity": "MEDIUM",
                "score": 6.1
              },
              {
                "cve_id": "CVE-2026-6365",
                "severity": "MEDIUM",
                "score": 6.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "eclipse-jetty:12.0",
          "product": "eclipse-jetty",
          "category": "webserver",
          "cycle": "12.0",
          "latest": "12.0.36",
          "release_date": "2023-08-07",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 3,
            "medium": 0,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-1605",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-5795",
                "severity": "HIGH",
                "score": 7.4
              },
              {
                "cve_id": "CVE-2026-2332",
                "severity": "HIGH",
                "score": 7.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "eclipse-jetty:12.1",
          "product": "eclipse-jetty",
          "category": "webserver",
          "cycle": "12.1",
          "latest": "12.1.10",
          "release_date": "2025-08-18",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 3,
            "medium": 0,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-1605",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-5795",
                "severity": "HIGH",
                "score": 7.4
              },
              {
                "cve_id": "CVE-2026-2332",
                "severity": "HIGH",
                "score": 7.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "elasticsearch:8.19",
          "product": "elasticsearch",
          "category": "database",
          "cycle": "8.19",
          "latest": "8.19.18",
          "release_date": "2025-07-23",
          "latest_release_date": "2026-06-26",
          "eol_date": "2027-07-15",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 0,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-37731",
                "severity": "MEDIUM",
                "score": 6.8
              },
              {
                "cve_id": "CVE-2025-68384",
                "severity": "MEDIUM",
                "score": 6.5
              },
              {
                "cve_id": "CVE-2025-68390",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "elasticsearch:9.3",
          "product": "elasticsearch",
          "category": "database",
          "cycle": "9.3",
          "latest": "9.3.7",
          "release_date": "2026-02-03",
          "latest_release_date": "2026-06-25",
          "eol_date": "2026-05-26",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 0,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-37731",
                "severity": "MEDIUM",
                "score": 6.8
              },
              {
                "cve_id": "CVE-2025-68384",
                "severity": "MEDIUM",
                "score": 6.5
              },
              {
                "cve_id": "CVE-2025-68390",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "elasticsearch:9.4",
          "product": "elasticsearch",
          "category": "database",
          "cycle": "9.4",
          "latest": "9.4.3",
          "release_date": "2026-05-05",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 0,
            "medium": 3,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-37731",
                "severity": "MEDIUM",
                "score": 6.8
              },
              {
                "cve_id": "CVE-2025-68384",
                "severity": "MEDIUM",
                "score": 6.5
              },
              {
                "cve_id": "CVE-2025-68390",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:18.10",
          "product": "gitlab",
          "category": "devops",
          "cycle": "18.10",
          "latest": "18.10.8",
          "release_date": "2026-03-19",
          "latest_release_date": "2026-06-10",
          "eol_date": "2026-06-18",
          "support_date": "2026-04-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:18.11",
          "product": "gitlab",
          "category": "devops",
          "cycle": "18.11",
          "latest": "18.11.6",
          "release_date": "2026-04-16",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-07-16",
          "support_date": "2026-05-21",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:18.8",
          "product": "gitlab",
          "category": "devops",
          "cycle": "18.8",
          "latest": "18.8.11",
          "release_date": "2026-01-15",
          "latest_release_date": "2026-06-29",
          "eol_date": "2026-04-16",
          "support_date": "2026-02-19",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:19.0",
          "product": "gitlab",
          "category": "devops",
          "cycle": "19.0",
          "latest": "19.0.3",
          "release_date": "2026-05-21",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-08-20",
          "support_date": "2026-06-18",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "gitlab:19.1",
          "product": "gitlab",
          "category": "devops",
          "cycle": "19.1",
          "latest": "19.1.1",
          "release_date": "2026-06-18",
          "latest_release_date": "2026-06-23",
          "eol_date": "2026-09-17",
          "support_date": "2026-07-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 163,
            "critical": 0,
            "high": 49,
            "medium": 89,
            "low": 24,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-6073",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2026-1090",
                "severity": "HIGH",
                "score": 8.7
              },
              {
                "cve_id": "CVE-2025-9222",
                "severity": "HIGH",
                "score": 8.7
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "go:1.25",
          "product": "go",
          "category": "programming",
          "cycle": "1.25",
          "latest": "1.25.11",
          "release_date": "2025-08-12",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 26,
            "critical": 3,
            "high": 13,
            "medium": 8,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-68121",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-27143",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-66630",
                "severity": "CRITICAL",
                "score": 9.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "go:1.26",
          "product": "go",
          "category": "programming",
          "cycle": "1.26",
          "latest": "1.26.4",
          "release_date": "2026-02-11",
          "latest_release_date": "2026-06-02",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 26,
            "critical": 3,
            "high": 13,
            "medium": 8,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-68121",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-27143",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-66630",
                "severity": "CRITICAL",
                "score": 9.4
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:2.6",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "2.6",
          "latest": "2.6.30",
          "release_date": "2022-05-31",
          "latest_release_date": "2026-06-26",
          "eol_date": "2027-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:2.8",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "2.8",
          "latest": "2.8.25",
          "release_date": "2023-05-31",
          "latest_release_date": "2026-06-26",
          "eol_date": "2028-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.0",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.0",
          "latest": "3.0.24",
          "release_date": "2024-05-29",
          "latest_release_date": "2026-06-26",
          "eol_date": "2029-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.2",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.2",
          "latest": "3.2.20",
          "release_date": "2025-05-28",
          "latest_release_date": "2026-06-26",
          "eol_date": "2030-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.3",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.3",
          "latest": "3.3.11",
          "release_date": "2025-11-26",
          "latest_release_date": "2026-06-26",
          "eol_date": "2027-01-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "haproxy:3.4",
          "product": "haproxy",
          "category": "webserver",
          "cycle": "3.4",
          "latest": "3.4.1",
          "release_date": "2026-06-03",
          "latest_release_date": "2026-06-25",
          "eol_date": "2031-04-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-11230",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "hashicorp-vault:2.0",
          "product": "hashicorp-vault",
          "category": "devops",
          "cycle": "2.0",
          "latest": "2.0.3",
          "release_date": "2026-04-13",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 3,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-3605",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-4525",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-5807",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "jenkins:2",
          "product": "jenkins",
          "category": "devops",
          "cycle": "2",
          "latest": "2.571",
          "release_date": "2016-04-20",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 0,
            "high": 5,
            "medium": 10,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-53435",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-33001",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-27099",
                "severity": "HIGH",
                "score": 8.0
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "jenkins:2.555",
          "product": "jenkins",
          "category": "devops",
          "cycle": "2.555",
          "latest": "2.555.3",
          "release_date": "2026-03-18",
          "latest_release_date": "2026-06-08",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 0,
            "high": 5,
            "medium": 10,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-53435",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-33001",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-27099",
                "severity": "HIGH",
                "score": 8.0
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "laravel:12",
          "product": "laravel",
          "category": "framework",
          "cycle": "12",
          "latest": "12.62.0",
          "release_date": "2025-02-24",
          "latest_release_date": "2026-06-09",
          "eol_date": "2027-02-24",
          "support_date": "2026-08-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "laravel:13",
          "product": "laravel",
          "category": "framework",
          "cycle": "13",
          "latest": "13.18.0",
          "release_date": "2026-03-17",
          "latest_release_date": "2026-06-30",
          "eol_date": "2028-03-17",
          "support_date": "2027-09-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "macos:26",
          "product": "macos",
          "category": "os",
          "cycle": "26",
          "latest": "26.5.2",
          "release_date": "2025-09-15",
          "latest_release_date": "2026-06-29",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 1381,
            "critical": 64,
            "high": 728,
            "medium": 535,
            "low": 54,
            "kev": 13,
            "top_cves": [
              {
                "cve_id": "CVE-2026-13782",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-30793",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0905",
                "severity": "CRITICAL",
                "score": 9.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.43",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.43",
          "latest": "1.43.9",
          "release_date": "2024-12-21",
          "latest_release_date": "2026-06-29",
          "eol_date": "2027-12-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.44",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.44",
          "latest": "1.44.6",
          "release_date": "2025-07-02",
          "latest_release_date": "2026-06-29",
          "eol_date": "2026-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.45",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.45",
          "latest": "1.45.4",
          "release_date": "2025-12-04",
          "latest_release_date": "2026-06-29",
          "eol_date": "2026-12-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mediawiki:1.46",
          "product": "mediawiki",
          "category": "cms",
          "cycle": "1.46",
          "latest": "1.46.0",
          "release_date": "2026-06-30",
          "latest_release_date": "2026-06-30",
          "eol_date": "2027-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 21,
            "critical": 1,
            "high": 1,
            "medium": 18,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-67484",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2026-0669",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-67480",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:4.4",
          "product": "mongodb",
          "category": "database",
          "cycle": "4.4",
          "latest": "4.4.31",
          "release_date": "2020-07-31",
          "latest_release_date": "2026-06-24",
          "eol_date": "2024-02-29",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:5.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "5.0",
          "latest": "5.0.34",
          "release_date": "2021-07-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2024-10-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:6.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "6.0",
          "latest": "6.0.29",
          "release_date": "2022-07-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2025-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:7.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "7.0",
          "latest": "7.0.37",
          "release_date": "2023-08-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2027-08-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:8.0",
          "product": "mongodb",
          "category": "database",
          "cycle": "8.0",
          "latest": "8.0.26",
          "release_date": "2024-10-31",
          "latest_release_date": "2026-06-16",
          "eol_date": "2029-10-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:8.2",
          "product": "mongodb",
          "category": "database",
          "cycle": "8.2",
          "latest": "8.2.11",
          "release_date": "2025-09-30",
          "latest_release_date": "2026-06-16",
          "eol_date": "2026-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mongodb:8.3",
          "product": "mongodb",
          "category": "database",
          "cycle": "8.3",
          "latest": "8.3.4",
          "release_date": "2026-05-31",
          "latest_release_date": "2026-06-15",
          "eol_date": "2029-10-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 20,
            "critical": 0,
            "high": 3,
            "medium": 16,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2026-4148",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2025-14847",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-1848",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mssqlserver:17.0",
          "product": "mssqlserver",
          "category": "database",
          "cycle": "17.0",
          "latest": "17.0.4055.5 CU6",
          "release_date": "2025-11-18",
          "latest_release_date": "2026-06-17",
          "eol_date": "2036-01-06",
          "support_date": "2031-01-06",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mysql:8.4",
          "product": "mysql",
          "category": "database",
          "cycle": "8.4",
          "latest": "8.4.10",
          "release_date": "2024-04-10",
          "latest_release_date": "2026-06-03",
          "eol_date": "2032-04-30",
          "support_date": "2029-04-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 0,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21964",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "mysql:9.7",
          "product": "mysql",
          "category": "database",
          "cycle": "9.7",
          "latest": "9.7.1",
          "release_date": "2026-04-21",
          "latest_release_date": "2026-06-03",
          "eol_date": "2034-04-21",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 0,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21964",
                "severity": "MEDIUM",
                "score": 4.9
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextcloud:32",
          "product": "nextcloud",
          "category": "cms",
          "cycle": "32",
          "latest": "32.0.12",
          "release_date": "2025-09-27",
          "latest_release_date": "2026-06-25",
          "eol_date": "2026-09-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextcloud:33",
          "product": "nextcloud",
          "category": "cms",
          "cycle": "33",
          "latest": "33.0.6",
          "release_date": "2026-02-18",
          "latest_release_date": "2026-06-25",
          "eol_date": "2027-02-28",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextcloud:34",
          "product": "nextcloud",
          "category": "cms",
          "cycle": "34",
          "latest": "34.0.1",
          "release_date": "2026-06-09",
          "latest_release_date": "2026-06-25",
          "eol_date": "2027-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nextjs:16",
          "product": "nextjs",
          "category": "framework",
          "cycle": "16",
          "latest": "16.2.10",
          "release_date": "2025-10-22",
          "latest_release_date": "2026-07-01",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 22,
            "critical": 1,
            "high": 10,
            "medium": 10,
            "low": 1,
            "kev": 1,
            "top_cves": [
              {
                "cve_id": "CVE-2025-55182",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-44578",
                "severity": "HIGH",
                "score": 8.6
              },
              {
                "cve_id": "CVE-2026-44574",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nginx:1.30",
          "product": "nginx",
          "category": "webserver",
          "cycle": "1.30",
          "latest": "1.30.3",
          "release_date": "2026-04-14",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nginx:1.31",
          "product": "nginx",
          "category": "webserver",
          "cycle": "1.31",
          "latest": "1.31.2",
          "release_date": "2026-05-13",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nodejs:22",
          "product": "nodejs",
          "category": "programming",
          "cycle": "22",
          "latest": "22.23.1",
          "release_date": "2024-04-24",
          "latest_release_date": "2026-06-23",
          "eol_date": "2027-04-30",
          "support_date": "2025-10-21",
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 3,
            "high": 7,
            "medium": 4,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21636",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-48930",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-55130",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nodejs:24",
          "product": "nodejs",
          "category": "programming",
          "cycle": "24",
          "latest": "24.18.0",
          "release_date": "2025-05-06",
          "latest_release_date": "2026-06-23",
          "eol_date": "2028-04-30",
          "support_date": "2026-10-20",
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 3,
            "high": 7,
            "medium": 4,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21636",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-48930",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-55130",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nodejs:26",
          "product": "nodejs",
          "category": "programming",
          "cycle": "26",
          "latest": "26.4.0",
          "release_date": "2026-05-05",
          "latest_release_date": "2026-06-25",
          "eol_date": "2029-04-30",
          "support_date": "2027-10-27",
          "is_major_product": true,
          "cve_stats": {
            "total": 16,
            "critical": 3,
            "high": 7,
            "medium": 4,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21636",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-48930",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-55130",
                "severity": "CRITICAL",
                "score": 9.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nuxt:3",
          "product": "nuxt",
          "category": "framework",
          "cycle": "3",
          "latest": "3.21.8",
          "release_date": "2022-11-16",
          "latest_release_date": "2026-06-08",
          "eol_date": "2026-07-31",
          "support_date": "2025-07-16",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "nuxt:4",
          "product": "nuxt",
          "category": "framework",
          "cycle": "4",
          "latest": "4.4.8",
          "release_date": "2025-07-16",
          "latest_release_date": "2026-06-08",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "opensearch:3",
          "product": "opensearch",
          "category": "database",
          "cycle": "3",
          "latest": "3.7.0",
          "release_date": "2025-05-06",
          "latest_release_date": "2026-06-09",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 1,
            "critical": 0,
            "high": 1,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-9624",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.0",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.0",
          "latest": "3.0.21",
          "release_date": "2021-09-07",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-09-07",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.4",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.4",
          "latest": "3.4.6",
          "release_date": "2024-10-22",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-10-22",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.5",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.5",
          "latest": "3.5.7",
          "release_date": "2025-04-08",
          "latest_release_date": "2026-06-09",
          "eol_date": "2030-04-08",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:3.6",
          "product": "openssl",
          "category": "crypto",
          "cycle": "3.6",
          "latest": "3.6.3",
          "release_date": "2025-10-01",
          "latest_release_date": "2026-06-09",
          "eol_date": "2026-11-01",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openssl:4.0",
          "product": "openssl",
          "category": "crypto",
          "cycle": "4.0",
          "latest": "4.0.1",
          "release_date": "2026-04-14",
          "latest_release_date": "2026-06-09",
          "eol_date": "2027-05-14",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 19,
            "critical": 1,
            "high": 10,
            "medium": 8,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-31789",
                "severity": "CRITICAL",
                "score": 9.8
              },
              {
                "cve_id": "CVE-2025-15467",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-28387",
                "severity": "HIGH",
                "score": 8.1
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "openvpn:2.7",
          "product": "openvpn",
          "category": "middleware",
          "cycle": "2.7",
          "latest": "2.7.5",
          "release_date": "2026-02-11",
          "latest_release_date": "2026-07-01",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 1,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-12106",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2025-13086",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-13751",
                "severity": "MEDIUM",
                "score": 5.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "php:8.4",
          "product": "php",
          "category": "programming",
          "cycle": "8.4",
          "latest": "8.4.22",
          "release_date": "2024-11-21",
          "latest_release_date": "2026-06-04",
          "eol_date": "2028-12-31",
          "support_date": "2026-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 2,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-14177",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14180",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14178",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "php:8.5",
          "product": "php",
          "category": "programming",
          "cycle": "8.5",
          "latest": "8.5.7",
          "release_date": "2025-11-20",
          "latest_release_date": "2026-06-04",
          "eol_date": "2029-12-31",
          "support_date": "2027-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 2,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-14177",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14180",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-14178",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.10",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.10",
          "latest": "3.10.11",
          "release_date": "2025-02-16",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.11",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.11",
          "latest": "3.11.4",
          "release_date": "2026-03-06",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.8",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.8",
          "latest": "3.8.18",
          "release_date": "2023-04-17",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "postfix:3.9",
          "product": "postfix",
          "category": "middleware",
          "cycle": "3.9",
          "latest": "3.9.12",
          "release_date": "2024-03-06",
          "latest_release_date": "2026-06-18",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "python:3.13",
          "product": "python",
          "category": "programming",
          "cycle": "3.13",
          "latest": "3.13.14",
          "release_date": "2024-10-07",
          "latest_release_date": "2026-06-10",
          "eol_date": "2029-10-31",
          "support_date": "2026-10-01",
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 1,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-13836",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-13837",
                "severity": "MEDIUM",
                "score": 5.5
              },
              {
                "cve_id": "CVE-2025-12084",
                "severity": "MEDIUM",
                "score": 5.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "python:3.14",
          "product": "python",
          "category": "programming",
          "cycle": "3.14",
          "latest": "3.14.6",
          "release_date": "2025-10-07",
          "latest_release_date": "2026-06-10",
          "eol_date": "2030-10-31",
          "support_date": "2027-10-01",
          "is_major_product": true,
          "cve_stats": {
            "total": 5,
            "critical": 0,
            "high": 1,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-13836",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2025-13837",
                "severity": "MEDIUM",
                "score": 5.5
              },
              {
                "cve_id": "CVE-2025-12084",
                "severity": "MEDIUM",
                "score": 5.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "rabbitmq:4.2",
          "product": "rabbitmq",
          "category": "middleware",
          "cycle": "4.2",
          "latest": "4.2.8",
          "release_date": "2025-10-27",
          "latest_release_date": "2026-06-13",
          "eol_date": "2026-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "rabbitmq:4.3",
          "product": "rabbitmq",
          "category": "middleware",
          "cycle": "4.3",
          "latest": "4.3.2",
          "release_date": "2026-04-23",
          "latest_release_date": "2026-06-11",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "redis:8.2",
          "product": "redis",
          "category": "database",
          "cycle": "8.2",
          "latest": "8.2.7",
          "release_date": "2025-08-04",
          "latest_release_date": "2026-06-04",
          "eol_date": "2026-05-25",
          "support_date": "2025-11-18",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 4,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-62507",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-25243",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-23479",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "redis:8.4",
          "product": "redis",
          "category": "database",
          "cycle": "8.4",
          "latest": "8.4.4",
          "release_date": "2025-11-18",
          "latest_release_date": "2026-06-04",
          "eol_date": "false",
          "support_date": "2026-02-11",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 4,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-62507",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-25243",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-23479",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "redis:8.6",
          "product": "redis",
          "category": "database",
          "cycle": "8.6",
          "latest": "8.6.4",
          "release_date": "2026-02-11",
          "latest_release_date": "2026-06-04",
          "eol_date": "false",
          "support_date": "2026-05-25",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 4,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-62507",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-25243",
                "severity": "HIGH",
                "score": 8.8
              },
              {
                "cve_id": "CVE-2026-23479",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "ruby:3.4",
          "product": "ruby",
          "category": "programming",
          "cycle": "3.4",
          "latest": "3.4.10",
          "release_date": "2024-12-24",
          "latest_release_date": "2026-06-30",
          "eol_date": "2028-03-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "rust:1.96",
          "product": "rust",
          "category": "programming",
          "cycle": "1.96",
          "latest": "1.96.1",
          "release_date": "2026-05-28",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-boot:3.5",
          "product": "spring-boot",
          "category": "framework",
          "cycle": "3.5",
          "latest": "3.5.16",
          "release_date": "2025-05-31",
          "latest_release_date": "2026-06-25",
          "eol_date": "2026-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 1,
            "high": 4,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40976",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-22731",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-22733",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-boot:4.0",
          "product": "spring-boot",
          "category": "framework",
          "cycle": "4.0",
          "latest": "4.0.7",
          "release_date": "2025-11-30",
          "latest_release_date": "2026-06-10",
          "eol_date": "2026-12-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 1,
            "high": 4,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40976",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-22731",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-22733",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-boot:4.1",
          "product": "spring-boot",
          "category": "framework",
          "cycle": "4.1",
          "latest": "4.1.0",
          "release_date": "2026-06-30",
          "latest_release_date": "2026-06-10",
          "eol_date": "2027-07-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 7,
            "critical": 1,
            "high": 4,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-40976",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-22731",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-22733",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-framework:6.2",
          "product": "spring-framework",
          "category": "framework",
          "cycle": "6.2",
          "latest": "6.2.19",
          "release_date": "2024-11-30",
          "latest_release_date": "2026-06-08",
          "eol_date": "2026-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 9,
            "critical": 0,
            "high": 3,
            "medium": 5,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-41842",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41849",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41850",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "spring-framework:7.0",
          "product": "spring-framework",
          "category": "framework",
          "cycle": "7.0",
          "latest": "7.0.8",
          "release_date": "2025-11-30",
          "latest_release_date": "2026-06-08",
          "eol_date": "2027-06-30",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 9,
            "critical": 0,
            "high": 3,
            "medium": 5,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-41842",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41849",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-41850",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "squid:7",
          "product": "squid",
          "category": "webserver",
          "cycle": "7",
          "latest": "7.6",
          "release_date": "2025-07-10",
          "latest_release_date": "2026-06-07",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 3,
            "critical": 0,
            "high": 2,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-32748",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-33526",
                "severity": "HIGH",
                "score": 7.5
              },
              {
                "cve_id": "CVE-2026-33515",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:6.4",
          "product": "symfony",
          "category": "framework",
          "cycle": "6.4",
          "latest": "6.4.42",
          "release_date": "2023-11-29",
          "latest_release_date": "2026-06-27",
          "eol_date": "2027-11-30",
          "support_date": "2026-11-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:7.4",
          "product": "symfony",
          "category": "framework",
          "cycle": "7.4",
          "latest": "7.4.14",
          "release_date": "2025-11-27",
          "latest_release_date": "2026-06-27",
          "eol_date": "2029-11-30",
          "support_date": "2028-11-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:8.0",
          "product": "symfony",
          "category": "framework",
          "cycle": "8.0",
          "latest": "8.0.14",
          "release_date": "2025-11-27",
          "latest_release_date": "2026-06-27",
          "eol_date": "2026-07-31",
          "support_date": "2026-07-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "symfony:8.1",
          "product": "symfony",
          "category": "framework",
          "cycle": "8.1",
          "latest": "8.1.1",
          "release_date": "2026-05-29",
          "latest_release_date": "2026-06-27",
          "eol_date": "2027-01-31",
          "support_date": "2027-01-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 2,
            "critical": 0,
            "high": 1,
            "medium": 1,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-64500",
                "severity": "HIGH",
                "score": 7.3
              },
              {
                "cve_id": "CVE-2026-24739",
                "severity": "MEDIUM",
                "score": 6.3
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "tomcat:10.1",
          "product": "tomcat",
          "category": "webserver",
          "cycle": "10.1",
          "latest": "10.1.56",
          "release_date": "2022-09-23",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 2,
            "high": 7,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-66614",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29145",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29129",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "tomcat:11.0",
          "product": "tomcat",
          "category": "webserver",
          "cycle": "11.0",
          "latest": "11.0.23",
          "release_date": "2024-10-03",
          "latest_release_date": "2026-06-17",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 2,
            "high": 7,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-66614",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29145",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29129",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "tomcat:9.0",
          "product": "tomcat",
          "category": "webserver",
          "cycle": "9.0",
          "latest": "9.0.119",
          "release_date": "2017-09-27",
          "latest_release_date": "2026-06-18",
          "eol_date": "2027-03-31",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 13,
            "critical": 2,
            "high": 7,
            "medium": 3,
            "low": 1,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-66614",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29145",
                "severity": "CRITICAL",
                "score": 9.1
              },
              {
                "cve_id": "CVE-2026-29129",
                "severity": "HIGH",
                "score": 7.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "traefik:2.11",
          "product": "traefik",
          "category": "webserver",
          "cycle": "2.11",
          "latest": "2.11.51",
          "release_date": "2024-02-12",
          "latest_release_date": "2026-06-30",
          "eol_date": "2026-02-01",
          "support_date": "2025-04-29",
          "is_major_product": true,
          "cve_stats": {
            "total": 17,
            "critical": 2,
            "high": 6,
            "medium": 7,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-39858",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-35051",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-33433",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "traefik:3.6",
          "product": "traefik",
          "category": "webserver",
          "cycle": "3.6",
          "latest": "3.6.22",
          "release_date": "2025-11-07",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": "2026-05-11",
          "is_major_product": true,
          "cve_stats": {
            "total": 17,
            "critical": 2,
            "high": 6,
            "medium": 7,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-39858",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-35051",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-33433",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "traefik:3.7",
          "product": "traefik",
          "category": "webserver",
          "cycle": "3.7",
          "latest": "3.7.6",
          "release_date": "2026-04-22",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 17,
            "critical": 2,
            "high": 6,
            "medium": 7,
            "low": 2,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-39858",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-35051",
                "severity": "CRITICAL",
                "score": 10.0
              },
              {
                "cve_id": "CVE-2026-33433",
                "severity": "HIGH",
                "score": 8.8
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:10",
          "product": "typo3",
          "category": "cms",
          "cycle": "10",
          "latest": "10.4.58",
          "release_date": "2019-07-23",
          "latest_release_date": "2026-06-16",
          "eol_date": "2023-04-30",
          "support_date": "2021-10-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:11",
          "product": "typo3",
          "category": "cms",
          "cycle": "11",
          "latest": "11.5.52",
          "release_date": "2020-12-22",
          "latest_release_date": "2026-06-16",
          "eol_date": "2024-10-31",
          "support_date": "2023-03-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:12",
          "product": "typo3",
          "category": "cms",
          "cycle": "12",
          "latest": "12.4.47",
          "release_date": "2022-10-04",
          "latest_release_date": "2026-06-16",
          "eol_date": "2026-04-30",
          "support_date": "2024-10-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:13",
          "product": "typo3",
          "category": "cms",
          "cycle": "13",
          "latest": "13.4.32",
          "release_date": "2024-01-30",
          "latest_release_date": "2026-06-16",
          "eol_date": "2027-12-31",
          "support_date": "2026-06-30",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "typo3:14",
          "product": "typo3",
          "category": "cms",
          "cycle": "14",
          "latest": "14.3.4",
          "release_date": "2025-11-25",
          "latest_release_date": "2026-06-16",
          "eol_date": "2029-06-30",
          "support_date": "2027-12-31",
          "is_major_product": true,
          "cve_stats": {
            "total": 4,
            "critical": 0,
            "high": 2,
            "medium": 2,
            "low": 0,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2025-59022",
                "severity": "HIGH",
                "score": 8.1
              },
              {
                "cve_id": "CVE-2026-0859",
                "severity": "HIGH",
                "score": 7.8
              },
              {
                "cve_id": "CVE-2025-59020",
                "severity": "MEDIUM",
                "score": 6.5
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "virtualbox:7.2",
          "product": "virtualbox",
          "category": "virtualization",
          "cycle": "7.2",
          "latest": "7.2.12",
          "release_date": "2025-08-14",
          "latest_release_date": "2026-06-30",
          "eol_date": "false",
          "support_date": null,
          "is_major_product": true,
          "cve_stats": {
            "total": 33,
            "critical": 0,
            "high": 19,
            "medium": 8,
            "low": 6,
            "kev": 0,
            "top_cves": [
              {
                "cve_id": "CVE-2026-21990",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-21988",
                "severity": "HIGH",
                "score": 8.2
              },
              {
                "cve_id": "CVE-2026-21956",
                "severity": "HIGH",
                "score": 8.2
              }
            ]
          }
        },
        {
          "digest_date": "2026-07-02",
          "key": "vue:3.5",
          "product": "vue",
          "category": "framework",
          "cycle": "3.5",
          "latest": "3.5.39",
          "release_date": "2024-09-03",
          "latest_release_date": "2026-06-25",
          "eol_date": "false",
          "support_date": "true",
          "is_major_product": true,
          "cve_stats": {
            "total": 0,
            "critical": 0,
            "high": 0,
            "medium": 0,
            "low": 0,
            "kev": 0,
            "top_cves": []
          }
        }
      ]
    }