{
  "critical_count": 81,
  "critical_cves": [
    {
      "cvss_score": 9.8,
      "description": "A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.",
      "epss_score": 0.00351,
      "id": "CVE-2026-30352"
    },
    {
      "cvss_score": 9.8,
      "description": "ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without param",
      "epss_score": 0.00111,
      "id": "CVE-2026-41462"
    },
    {
      "cvss_score": 9.8,
      "description": "A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a mani",
      "epss_score": 0.01254,
      "id": "CVE-2026-7136"
    },
    {
      "cvss_score": 9.8,
      "description": "A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulat",
      "epss_score": 0.01254,
      "id": "CVE-2026-7137"
    },
    {
      "cvss_score": 9.8,
      "description": "A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation ",
      "epss_score": 0.01254,
      "id": "CVE-2026-7138"
    }
  ],
  "high_count": 376,
  "high_risk_cves": [
    {
      "cvss_score": 5.3,
      "description": "An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.",
      "epss_score": 0.9452,
      "id": "CVE-2023-23752",
      "is_kev": true,
      "severity": "MEDIUM"
    },
    {
      "cvss_score": 9.8,
      "description": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or com",
      "epss_score": 0.94489,
      "id": "CVE-2018-7600",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allo",
      "epss_score": 0.94485,
      "id": "CVE-2018-1000861",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2",
      "epss_score": 0.94485,
      "id": "CVE-2021-22986",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers",
      "epss_score": 0.94482,
      "id": "CVE-2017-1000353",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.1,
      "description": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to ",
      "epss_score": 0.94473,
      "id": "CVE-2018-13379",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 befo",
      "epss_score": 0.94471,
      "id": "CVE-2019-3396",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 7.5,
      "description": "Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velo",
      "epss_score": 0.9447,
      "id": "CVE-2019-17558",
      "is_kev": true,
      "severity": "HIGH"
    },
    {
      "cvss_score": 9.8,
      "description": "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HT",
      "epss_score": 0.94469,
      "id": "CVE-2020-1938",
      "is_kev": true,
      "severity": "CRITICAL"
    },
    {
      "cvss_score": 9.8,
      "description": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable v",
      "epss_score": 0.94468,
      "id": "CVE-2019-2725",
      "is_kev": true,
      "severity": "CRITICAL"
    }
  ],
  "kev_added": 4,
  "last_sync": "2026-05-04T14:00:12.326124",
  "low_count": 28,
  "medium_count": 391,
  "news_articles": 68,
  "news_sources": 4,
  "period_end": "2026-05-04",
  "period_start": "2026-04-27",
  "severity_breakdown": {
    "CRITICAL": 81,
    "HIGH": 376,
    "LOW": 28,
    "MEDIUM": 391,
    "Unknown": 173
  },
  "total_new_cves": 1049
}