{
  "critical_count": 152,
  "critical_cves": [
    {
      "cvss_score": 9.9,
      "description": "Files or directories accessible to external parties vulnerability in ABB T-MAC Plus.\n\nThis issue affects T-MAC Plus: 4.0-24.",
      "epss_score": 0.00047,
      "id": "CVE-2025-14771"
    },
    {
      "cvss_score": 9.8,
      "description": "ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy\n\n\nAssessment: Fully addressed.\n\n\nWhen the serialised stream contains a TC_PROXYCLASSDESC (the mar",
      "epss_score": 0.00046,
      "id": "CVE-2026-47065"
    },
    {
      "cvss_score": 9.8,
      "description": "An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.",
      "epss_score": 0.00084,
      "id": "CVE-2026-35075"
    },
    {
      "cvss_score": 9.6,
      "description": "A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The ",
      "epss_score": 0.00076,
      "id": "CVE-2026-5241"
    },
    {
      "cvss_score": 9.8,
      "description": "An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.",
      "epss_score": 0.00256,
      "id": "CVE-2026-36576"
    }
  ],
  "high_count": 741,
  "high_risk_cves": [
    {
      "cvss_score": 5.3,
      "description": "An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.",
      "epss_score": 0.94522,
      "id": "CVE-2023-23752",
      "is_kev": true,
      "severity": "MEDIUM"
    },
    {
      "cvss_score": 9.8,
      "description": "SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.",
      "epss_score": 0.94513,
      "id": "CVE-2017-8917",
      "is_kev": false,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or com",
      "epss_score": 0.94489,
      "id": "CVE-2018-7600",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allo",
      "epss_score": 0.94485,
      "id": "CVE-2018-1000861",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2",
      "epss_score": 0.94485,
      "id": "CVE-2021-22986",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers",
      "epss_score": 0.94479,
      "id": "CVE-2017-1000353",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.1,
      "description": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to ",
      "epss_score": 0.94473,
      "id": "CVE-2018-13379",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 befo",
      "epss_score": 0.94471,
      "id": "CVE-2019-3396",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 7.5,
      "description": "Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velo",
      "epss_score": 0.9447,
      "id": "CVE-2019-17558",
      "is_kev": true,
      "severity": "HIGH"
    },
    {
      "cvss_score": 9.8,
      "description": "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HT",
      "epss_score": 0.94469,
      "id": "CVE-2020-1938",
      "is_kev": true,
      "severity": "CRITICAL"
    }
  ],
  "kev_added": 7,
  "last_sync": "2026-06-10T00:30:14.859931",
  "low_count": 69,
  "medium_count": 734,
  "news_articles": 88,
  "news_sources": 4,
  "period_end": "2026-06-10",
  "period_start": "2026-06-03",
  "severity_breakdown": {
    "CRITICAL": 152,
    "HIGH": 741,
    "LOW": 69,
    "MEDIUM": 734,
    "Unknown": 285
  },
  "total_new_cves": 1981
}