{
  "critical_count": 588,
  "critical_cves": [
    {
      "cvss_score": 9.8,
      "description": "ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable ",
      "epss_score": 0.00026,
      "id": "CVE-2016-20024"
    },
    {
      "cvss_score": 9.8,
      "description": "ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hard",
      "epss_score": 0.00049,
      "id": "CVE-2016-20026"
    },
    {
      "cvss_score": 9.8,
      "description": "ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attack",
      "epss_score": 0.00028,
      "id": "CVE-2016-20030"
    },
    {
      "cvss_score": 9.8,
      "description": "Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating",
      "epss_score": 0.0007,
      "id": "CVE-2017-20223"
    },
    {
      "cvss_score": 9.8,
      "description": "Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP me",
      "epss_score": 0.00344,
      "id": "CVE-2017-20224"
    }
  ],
  "high_count": 2233,
  "high_risk_cves": [
    {
      "cvss_score": 5.3,
      "description": "An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.",
      "epss_score": 0.94511,
      "id": "CVE-2023-23752",
      "is_kev": true,
      "severity": "MEDIUM"
    },
    {
      "cvss_score": 9.8,
      "description": "Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers",
      "epss_score": 0.94493,
      "id": "CVE-2017-1000353",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or com",
      "epss_score": 0.94489,
      "id": "CVE-2018-7600",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allo",
      "epss_score": 0.94485,
      "id": "CVE-2018-1000861",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2",
      "epss_score": 0.94485,
      "id": "CVE-2021-22986",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.1,
      "description": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to ",
      "epss_score": 0.94473,
      "id": "CVE-2018-13379",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 befo",
      "epss_score": 0.94471,
      "id": "CVE-2019-3396",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 7.5,
      "description": "Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velo",
      "epss_score": 0.9447,
      "id": "CVE-2019-17558",
      "is_kev": true,
      "severity": "HIGH"
    },
    {
      "cvss_score": 9.8,
      "description": "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HT",
      "epss_score": 0.94469,
      "id": "CVE-2020-1938",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows a",
      "epss_score": 0.94469,
      "id": "CVE-2022-46169",
      "is_kev": true,
      "severity": "CRITICAL"
    }
  ],
  "kev_added": 24,
  "last_sync": "2026-04-14T15:00:17.682130",
  "low_count": 274,
  "medium_count": 2468,
  "news_articles": 331,
  "news_sources": 4,
  "period_end": "2026-04-14",
  "period_start": "2026-03-15",
  "severity_breakdown": {
    "CRITICAL": 588,
    "HIGH": 2233,
    "LOW": 274,
    "MEDIUM": 2468,
    "NONE": 4,
    "Unknown": 802
  },
  "total_new_cves": 6369
}