114
CVEs
16
Critical
52
High
0
KEV
8
PoC
21
Unpatched C/H
74.6%
Patch Rate
0.4%
Avg EPSS
Severity Breakdown
CRITICAL
16
HIGH
52
MEDIUM
38
LOW
5
Monthly CVE Trend
Affected Products (30)
Java
29
Tomcat
28
Deserialization
24
Http Server
15
PHP
12
Superset
11
Ubuntu
11
Apache Tomcat
10
Openoffice
7
Traffic Server
7
Cloudstack
7
Iotdb
7
Camel
6
Integer Overflow
6
Command Injection
6
Windows
6
Request Smuggling
5
Ranger
5
Airflow
5
Nuttx
5
Kubernetes
5
Kylin
5
Docker
4
Ofbiz
4
Use After Free
4
Zeppelin
4
Solr
4
Kvrocks
4
Apache Airflow
4
Hertzbeat
4
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2016-15057 | Command injection in Apache Continuum (unsupported). EPSS 37.9% indicates active exploitation of this legacy CI/CD system. No patch available — product is end-of-life. | CRITICAL | 9.9 | 37.9% | 87 |
No patch
|
| CVE-2016-20026 | Critical hardcoded credentials vulnerability in ZKTeco ZKBioSecurity 3.0's bundled Apache Tomcat server that allows unauthenticated remote attackers to upload malicious WAR files and execute arbitrary code with SYSTEM privileges. Multiple public exploits are available (Exploit-DB, Packet Storm), making this a high-risk vulnerability for organizations using this biometric security management software. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2026-23552 | Cross-realm token acceptance bypass in Apache Camel Keycloak security policy. The KeycloakSecurityPolicy fails to properly validate token issuers, accepting tokens from different Keycloak realms. PoC available. | CRITICAL | 9.1 | 0.0% | 66 |
PoC
|
| CVE-2026-27636 | Remote code execution in FreeScout prior to version 1.8.206 allows authenticated users to upload `.htaccess` files that bypass file upload restrictions, enabling arbitrary code execution on Apache servers with `AllowOverride All` enabled. Public exploit code exists for this vulnerability. The attack requires valid user credentials but affects all FreeScout installations using the vulnerable PHP Laravel framework configuration. | HIGH | 8.8 | 0.3% | 64 |
PoC
|
| CVE-2026-25747 | Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.1% | 64 |
PoC
|
| CVE-2020-36939 | Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.7% | 58 |
PoC
No patch
|
| CVE-2026-22265 | Authenticated command injection in Roxy-WI versions prior to 8.2.8.2 enables attackers to execute arbitrary system commands through improper sanitization of the grep parameter in log viewing functionality. Public exploit code exists for this vulnerability, affecting users managing HAProxy, Nginx, Apache, and Keepalived servers through the web interface. A patch is available in version 8.2.8.2 and later. | HIGH | 7.5 | 0.2% | 58 |
PoC
|
| CVE-2026-27161 | Unauthenticated attackers can access sensitive files in GetSimple CMS when Apache's AllowOverride directive is disabled, bypassing .htaccess protections that restrict directory access. This configuration is common in hardened and shared hosting environments, exposing authorization credentials, API keys, and cryptographic salts in files like authorization.xml. Public exploit code exists for this vulnerability, and no patch is currently available. | HIGH | 7.5 | 0.1% | 58 |
PoC
No patch
|
| CVE-2026-21962 | Oracle HTTP Server and WebLogic Server Proxy Plug-in have a CVSS 10.0 access control vulnerability allowing unauthenticated network attackers to fully compromise the middleware layer. | CRITICAL | 10.0 | 0.0% | 50 |
|
| CVE-2026-33502 | An unauthenticated server-side request forgery (SSRF) vulnerability exists in AVideo's Live plugin test.php endpoint that allows remote attackers to force the server to send HTTP requests to arbitrary URLs. The vulnerability affects AVideo installations with the Live plugin enabled and can be exploited to probe internal network services, access cloud metadata endpoints, and retrieve content from internal HTTP resources. A proof-of-concept has been published demonstrating localhost service enumeration, and the vulnerability requires no authentication or user interaction to exploit. | CRITICAL | 9.3 | 3.0% | 50 |
|
| CVE-2025-59059 | RCE in Apache Ranger <= 2.7.0 via NashornScriptEngineCreator. EPSS 0.42%. | CRITICAL | 9.8 | 0.4% | 49 |
|
| CVE-2026-27446 | Missing authentication in Apache ActiveMQ Artemis. Unauthenticated remote attacker can access message broker. EPSS 0.20%. | CRITICAL | 9.8 | 0.2% | 49 |
|
| CVE-2025-60021 | Apache bRPC versions before 1.15.0 contain a remote command injection vulnerability in the heap profiler built-in service, allowing attackers to execute arbitrary OS commands. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2026-24713 | Input validation vulnerability in Apache IoTDB from 1.0.0 before 1.3.7 and from 2.0.0 before 2.0.7. Second critical CVE affecting the IoT database. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-23906 | Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific prerequisites are met. | CRITICAL | 9.8 | 0.1% | 49 |
|