Solution sectors / cloud-saas
Cloud & SaaS
Cloud platforms, SaaS applications and the virtualization and container layers beneath them concentrate enormous amounts of data and compute. This hub follows CVE trends across cloud-native infrastructure.
saas-application · 188container-orchestration · 109cloud-platform · 45virtualization · 24api-gateway · 19
Cumulative CVEs
10,781
across 265 monthly snapshots
Latest month
397
-0.8% MoM · +228.1% YoY
Peak month
400
May 26
KEV this month
0
101 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- Mixed52%
- On-prem36%
- SaaS13%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to Cloud & SaaS.
- CVE-2026-56777n8n - AST Validator Bypass in Python Code Node5.0
- CVE-2026-56356n8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field5.4
- CVE-2026-56350n8n - SSO Enforcement Bypass via API6.3
- CVE-2026-27957Coolify: Authenticated RCE via command injection in CA certificate management feature8.8
- CVE-2026-27956Coolify: Cross-team application domain enumeration via domains_by_server endpoint4.3
- CVE-2026-27955Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`6.6
- CVE-2026-27883Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure5.0
- CVE-2026-27881Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)5.0
- CVE-2026-27882Coolify: Timing Attack in GitLab Webhook Token Validation4.8
- CVE-2026-12610Sssd: use-after-free crash in sssd' 'sssd_pam' process6.4
- CVE-2026-14164Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()7.5
- CVE-2026-34592Coolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and Infrastructure7.7
- CVE-2026-34594Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management8.8
- CVE-2026-34597Coolify: Authenticated Host RCE8.8
- CVE-2026-41896Coolify: Unauthenticated Deployment Trigger via Webhook HMAC Bypass with Null Secret7.5
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| saas-application | 188 | 29 | · | 43 | — | nocodb (29) · n8n (28) · microsoft 365 (26) |
| container-orchestration | 109 | 20 | · | 21 | — | red hat openshift container platform 4 (24) · n8n (21) · fission (17) |
| cloud-platform | 45 | 8 | · | 19 | — | ironic (5) · cloud foundation (3) · telco cloud platform (3) |
| virtualization | 24 | · | · | 8 | — | oracle vm virtualbox (10) · vm virtualbox (10) · red hat openshift virtualization 4 (7) |
| api-gateway | 19 | 1 | · | 5 | — | envoy (15) · 2download connector for 2dl hosted checkout (1) · api manager (1) |
| — | 12 | 3 | · | 5 | — | aria operations (3) · vmware aria operations (3) · exchange online (2) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification