Solution sectors / security-products
Security Products
Security products — endpoint protection, SIEM, identity and access management, scanners and PKI — are trusted with the keys to the kingdom, so their vulnerabilities are especially dangerous. This hub tracks CVEs across defensive tooling.
vuln-mgmt-scanner · 98identity-access-mgmt · 68endpoint-av-edr · 35secure-gateway-vpn · 22siem-soar · 13pki-crypto · 13
Cumulative CVEs
15,573
across 292 monthly snapshots
Latest month
302
-12.0% MoM · +128.8% YoY
Peak month
449
Mar 26
KEV this month
12
103 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- On-prem45%
- Embedded30%
- Mixed25%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to Security Products.
- CVE-2026-58165OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation8.8
- CVE-2026-0828Kernel driver vulnerability in Safetica Endpoint Client7.5
- CVE-2026-57527ZAP ViewState Add-on Insecure Deserialization via JSFViewState.decode()8.8
- CVE-2026-57915Apache Kerby: Kerberos Pre-Authentication Bypass7.3
- CVE-2026-57914Apache Kerby: StackOverflow on parsing deeply nested ASN1 structures6.5
- CVE-2026-8661Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin4.8
- CVE-2026-40702EVoke Systems EVoke CSMS Missing Authentication for Critical Function9.4
- CVE-2026-50176EVoke Systems EVoke CSMS Improper Restriction of Excessive Authentication Attempts7.5
- CVE-2026-11800Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion8.1
- CVE-2026-54479EVoke Systems EVoke CSMS Insufficient Session Expiration7.3
- CVE-2026-44622EVoke Systems EVoke CSMS Insufficiently Protected Credentials6.5
- CVE-2026-57522Bitwarden Server < 2026.5.0 JSON Injection via Webhook Templates3.5
- CVE-2026-57521Bitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceController4.3
- CVE-2026-57520Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint7.1
- CVE-2026-54448Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser6.5
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Top vendors
Most CVEs in this sector, latest monthly snapshot.
| Vendor | CVEs | Crit | KEV |
|---|---|---|---|
| openclaw | 61 | 1 | · |
| misp | 28 | 1 | · |
| gen digital | 17 | · | · |
| nsa | 15 | · | · |
| nationalsecurityagency | 14 | · | · |
| rapid7 | 14 | · | · |
| misp-project | 13 | 1 | · |
| paloaltonetworks | 12 | 1 | · |
| splunk | 12 | 2 | 1 |
| cyberark | 10 | 1 | · |
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| vuln-mgmt-scanner | 98 | 4 | · | 27 | — | misp (40) · ghidra (30) · openbullet2 (5) |
| identity-access-mgmt | 68 | 22 | · | 24 | — | identity manager (13) · red hat build of keycloak 26.6 (8) · wertheim safecontroller software for vault rooms (safe deposit locker system) (8) |
| — | 53 | 23 | 12 | 17 | — | splunk (9) · splunk enterprise (9) · splunk cloud platform (8) |
| endpoint-av-edr | 35 | 1 | · | 12 | — | avast antivirus (9) · avast business antivirus (8) · avast one (8) |
| secure-gateway-vpn | 22 | · | · | 8 | — | kiteworks (9) · secure data forms (8) · securly (7) |
| pki-crypto | 13 | 5 | · | 8 | — | evoke csms (4) · op-tee (3) · gnupg (1) |
| siem-soar | 13 | 1 | · | 7 | — | iris-web (7) · isap smart collector (2) · opencti (2) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification