128
CVEs
6
Critical
64
High
1
KEV
1
PoC
70
Unpatched C/H
0.0%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
6
HIGH
64
MEDIUM
58
LOW
0
Monthly CVE Trend
Affected Products (20)
Junos
87
Junos Os Evolved
49
Junos Os
9
Null Pointer Dereference
4
Command Injection
3
Heap Overflow
3
Use After Free
3
Tls
2
Memory Corruption
2
Bgp
2
Race Condition
2
Junos Space
2
Jsi Lwc
1
Python
1
Dns
1
Security Director
1
Brute Force
1
Paragon Active Assurance Control Center
1
Stack Overflow
1
Paragon Automation
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-21590 | A security vulnerability in An Improper (CVSS 6.7) that allows a local attacker with high privileges. Risk factors: actively exploited (KEV-listed). | MEDIUM | 6.7 | 0.9% | 94 |
KEV
No patch
|
| CVE-2025-21589 | Authentication bypass in Juniper Networks Session Smart Router and Conductor allows network-based attackers to gain administrative control without credentials. The vulnerability affects multiple versions of the routing platform used in enterprise SD-WAN deployments. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2025-52950 | CVE-2025-52950 is a Missing Authorization vulnerability in Juniper Networks Security Director that allows authenticated attackers to read and modify sensitive resources beyond their authorization level through the web interface. This affects Security Director version 24.4.1 and could enable lateral movement and compromise of downstream managed network devices. The vulnerability has a critical CVSS 9.6 score and represents a significant integrity and availability risk, though it requires valid credentials to exploit. | CRITICAL | 9.6 | 0.1% | 48 |
No patch
|
| CVE-2026-21902 | Incorrect permission assignment on critical resources in Juniper Networks On-Box Anomaly detection framework. Allows unauthorized modification of anomaly detection configuration, potentially disabling security monitoring. | CRITICAL | 9.3 | 0.3% | 47 |
No patch
|
| CVE-2026-33784 | Full device takeover in Juniper Networks Support Insights Virtual Lightweight Collector (vLWC) before 3.0.94 via hardcoded default credentials. The vLWC software ships with an unchangeable initial password for a high-privileged account with no enforced password change during provisioning, enabling unauthenticated remote attackers to gain complete system control. CVSS v4.0 score 9.3 (Critical). No public exploit identified at time of analysis. | CRITICAL | 9.3 | 0.0% | 46 |
No patch
|
| CVE-2026-33771 | Juniper Networks CTP OS 9.2R1 and 9.2R2 fail to persist password complexity settings, enabling unauthenticated attackers to exploit predictable weak passwords on local accounts. The password management function allows administrators to configure complexity requirements but does not save these configurations, verifiable through 'Show password requirements' menu. This defect permits trivial passwords that attackers can brute-force remotely to gain full device control. No public exploit identified at time of analysis. | CRITICAL | 9.1 | 0.0% | 46 |
No patch
|
| CVE-2025-21601 | An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.5% | 44 |
No patch
|
| CVE-2025-30645 | A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.4% | 44 |
No patch
|
| CVE-2025-30649 | An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.4% | 44 |
No patch
|
| CVE-2025-30651 | A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.4% | 44 |
No patch
|
| CVE-2025-30656 | An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.4% | 44 |
No patch
|
| CVE-2025-30658 | A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.4% | 44 |
No patch
|
| CVE-2025-30659 | An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.4% | 44 |
No patch
|
| CVE-2025-30660 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.4% | 44 |
No patch
|
| CVE-2025-21594 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.4% | 44 |
No patch
|