June 2026
June 2026 closed with 8,311 published CVEs — +114.5% YoY . 857 criticals, 23 added to CISA KEV (2 ransomware-linked). google led volume, mostly via chrome. Biggest breakout: google at ×17.1 their 12-month median. Top weakness class — CWE-79 (655 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
June 2026 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 2google1,094 CVE
What's spreading where in June 2026
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — June 2026
Breakout vendors
CVE count ≥3× their own 12-period median.
- 17.1×google1,094 CVE
- 5.6×apache software foundation121 CVE
- 5.0×spring72 CVE
- 4.9×vmware44 CVE
- 4.7×apache94 CVE
- 4.5×flowiseai27 CVE
- 3.4×imagemagick41 CVE
- 3.3×jenkins36 CVE
- 3.1×oracle243 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #13capgo61 CVE
- #26picklescan34 CVE
- #28nocodb29 CVE
- #30misp28 CVE
- #33acer26 CVE
- #42flowise23 CVE
- #44zephyrproject22 CVE
- #48geovision inc.19 CVE
- #51angular17 CVE
- #53fission17 CVE
Top vendors
Ranked by distinct CVE count this period.
- 1,094 CVE59 critCVSS 7.2×17.1KEV 2chrome (965) · android (119) · google chrome (43)
- 514 CVE40 critCVSS 7.8linux (514) · linux kernel (32)
- 265 CVE19 critCVSS 7.3windows 11 26h1 (111) · windows 11 version 26h1 (111) · windows server 2025 (110)
- 243 CVE123 critCVSS 8.7×3.1KEV 1Nuclei 1webcenter content (32) · oracle webcenter content (29) · jd edwards enterpriseone tools (14)
- 145 CVE12 critCVSS 6.6experience manager (60) · adobe experience manager (59) · acrobat reader (24)
- 133 CVE2 critCVSS 6.2red hat enterprise linux 9 (81) · red hat enterprise linux 8 (81) · red hat enterprise linux 10 (80)
- 121 CVE21 critCVSS 7.2×5.6apache airflow (17) · apache activemq (15) · apache http server (13)
- 98 CVEpraisonai (27) · praisonaiagents (11) · picklescan (10)
- 94 CVE17 critCVSS 7.1×4.7airflow (17) · http server (13) · apisix (12)
- 89 CVEopenclaw (25) · praisonai (9) · network-ai (5)
- 75 CVE16 critCVSS 6.9langflow oss (14) · websphere application server (14) · watsonx.data intelligence (10)
- 72 CVECVSS 6.3×5.0spring framework (18) · spring web services (7) · spring security (7)
- 61 CVE1 critCVSS 6.5NEWcapgo (60) · cli (1)
- 61 CVE1 critCVSS 7.0openclaw (61)
- 58 CVE5 critCVSS 8.2Nuclei 5line agency (1) · luxmed | medicine & healthcare doctor wordpress theme (1) · maxinet (1)
- 55 CVE5 critCVSS 7.0debian gnu/linux (28) · xwayland (8) · gpac (6)
- 52 CVE1 critCVSS 6.6macos (51) · iphone os (38) · ios and ipados (38)
- 50 CVE8 critCVSS 6.9firefox (47) · thunderbird (42) · firefox for ios (4)
- 49 CVECVSS 5.9class and exam timetabling system (16) · pharmacy sales and inventory system (6) · inventory system (3)
- 44 CVECVSS 7.0×4.9spring framework (17) · spring security (7) · spring data rest (4)
- 43 CVECVSS 6.2hospital management system (16) · fees management system (9) · online hotel management system (6)
- 41 CVECVSS 5.0×3.4imagemagick (41)
- 38 CVE1 critCVSS 6.7powerflex manager (11) · powerflex (10) · wyse management suite (6)
- 36 CVECVSS 5.2×3.3jenkins (8) · jenkins assembla plugin (3) · jenkins contrast continuous application security plugin (3)
- 35 CVEgithub.com/klever-io/klever-go (4) · github.com/gohugoio/hugo (3) · github.com/go-chi/chi/v5/middleware (3)
- 34 CVE8 critCVSS 8.5NEWpicklescan (34)
- 32 CVE2 critCVSS 6.9wolfssl (32)
- 29 CVECVSS 5.2NEWnocodb (29)
- 28 CVECVSS 6.1gpac (28)
- 28 CVE1 critCVSS 7.0NEWmisp (27) · bsimvis (1)
- 28 CVE8 critCVSS 7.6n8n (28)
- 27 CVE6 critCVSS 7.9×4.5flowise (27)
- 26 CVE8 critCVSS 8.0NEWconnect m6e 5g firmware (26) · connect m6e 5g portable wifi router (26)
- 26 CVECVSS 5.8human resource management system (7) · leave management system (5) · student attendance management system (5)
- 26 CVEfrappe framework (12) · frappe (11) · erpnext (2)
- 26 CVECVSS 5.5security-advisories (26) · nextcloud server (8) · tables (3)
- 25 CVECVSS 5.5gitlab (25)
- 25 CVE1 critCVSS 6.9netty (22) · netty-incubator-codec-ohttp (3)
- 24 CVE2 critCVSS 7.4Nuclei 1gogs (24)
- 24 CVE4 critCVSS 7.3quts hero (13) · qts (12) · file station 5 (6)
- 24 CVE1 critCVSS 7.3wcd9380 firmware (22) · fastconnect 7800 firmware (22) · wcd9385 firmware (22)
- 23 CVE7 critCVSS 7.9NEWflowise (23) · flowise components (1)
- 22 CVECVSS 7.3snapdragon (22)
- 22 CVECVSS 5.9NEWzephyr (22)
- 21 CVE7 critCVSS 8.1n8n (21)
- 20 CVECVSS 5.7mattermost (18) · mattermost server (15) · mattermost desktop (2)
- 20 CVE1 critCVSS 5.8node (12) · node.js (10) · undici (8)
- 19 CVE12 critCVSS 8.8NEWgv-lpclpc2011/2211 (10) · gv-i/o box 4e (8) · geovision (1)
- 18 CVE1 critCVSS 6.6openssl (18)
- 18 CVEweb-token/jwt-library (4) · web-token/jwt-framework (3) · spomky-labs/otphp (2)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | 1,094 | 59 | 2 | · | ×17.1KEV 2 | chrome (965) · android (119) · google chrome (43) | ↑1 | ||
| 2 | linux | 514 | 40 | · | · | linux (514) · linux kernel (32) | ↓1 | ||
| 3 | microsoft | 265 | 19 | · | · | windows 11 26h1 (111) · windows 11 version 26h1 (111) · windows server 2025 (110) | · | ||
| 4 | oracle | 243 | 123 | 1 | 1 | ×3.1KEV 1Nuclei 1 | webcenter content (32) · oracle webcenter content (29) · jd edwards enterpriseone tools (14) | ↑35 | |
| 5 | adobe | 145 | 12 | · | · | experience manager (60) · adobe experience manager (59) · acrobat reader (24) | ↑12 | ||
| 6 | redhat | 133 | 2 | · | · | red hat enterprise linux 9 (81) · red hat enterprise linux 8 (81) · red hat enterprise linux 10 (80) | · | ||
| 7 | apache software foundation | 121 | 21 | · | · | ×5.6 | apache airflow (17) · apache activemq (15) · apache http server (13) | · | |
| 8 | pypi | 98 | · | · | · | praisonai (27) · praisonaiagents (11) · picklescan (10) | ↑23 | ||
| 9 | apache | 94 | 17 | · | · | ×4.7 | airflow (17) · http server (13) · apisix (12) | ↑1 | |
| 10 | npm | 89 | · | · | · | openclaw (25) · praisonai (9) · network-ai (5) | ↓2 | ||
| 11 | ibm | 75 | 16 | · | · | langflow oss (14) · websphere application server (14) · watsonx.data intelligence (10) | ↑9 | ||
| 12 | spring | 72 | · | · | · | ×5.0 | spring framework (18) · spring web services (7) · spring security (7) | — | |
| 13 | capgo | 61 | 1 | · | · | NEW | capgo (60) · cli (1) | — | |
| 14 | openclaw | 61 | 1 | · | · | openclaw (61) | ↓3 | ||
| 15 | themerex | 58 | 5 | · | 5 | Nuclei 5 | line agency (1) · luxmed | medicine & healthcare doctor wordpress theme (1) · maxinet (1) | — | |
| 16 | сообщество свободного программного обеспечения | 55 | 5 | · | · | debian gnu/linux (28) · xwayland (8) · gpac (6) | ↓12 | ||
| 17 | apple | 52 | 1 | · | · | macos (51) · iphone os (38) · ios and ipados (38) | ↓12 | ||
| 18 | mozilla | 50 | 8 | · | · | firefox (47) · thunderbird (42) · firefox for ios (4) | ↑6 | ||
| 19 | sourcecodester | 49 | · | · | · | class and exam timetabling system (16) · pharmacy sales and inventory system (6) · inventory system (3) | ↑16 | ||
| 20 | vmware | 44 | · | · | · | ×4.9 | spring framework (17) · spring security (7) · spring data rest (4) | ↑137 | |
| 21 | itsourcecode | 43 | · | · | · | hospital management system (16) · fees management system (9) · online hotel management system (6) | ↑63 | ||
| 22 | imagemagick | 41 | · | · | · | ×3.4 | imagemagick (41) | — | |
| 23 | dell | 38 | 1 | · | · | powerflex manager (11) · powerflex (10) · wyse management suite (6) | ↑31 | ||
| 24 | jenkins | 36 | · | · | · | ×3.3 | jenkins (8) · jenkins assembla plugin (3) · jenkins contrast continuous application security plugin (3) | ↑68 | |
| 25 | go | 35 | · | · | · | github.com/klever-io/klever-go (4) · github.com/gohugoio/hugo (3) · github.com/go-chi/chi/v5/middleware (3) | ↑4 | ||
| 26 | picklescan | 34 | 8 | · | · | NEW | picklescan (34) | — | |
| 27 | wolfssl | 32 | 2 | · | · | wolfssl (32) | — | ||
| 28 | nocodb | 29 | · | · | · | NEW | nocodb (29) | — | |
| 29 | gpac | 28 | · | · | · | gpac (28) | — | ||
| 30 | misp | 28 | 1 | · | · | NEW | misp (27) · bsimvis (1) | ↑100 | |
| 31 | n8n | 28 | 8 | · | · | n8n (28) | ↑67 | ||
| 32 | flowiseai | 27 | 6 | · | · | ×4.5 | flowise (27) | — | |
| 33 | acer | 26 | 8 | · | · | NEW | connect m6e 5g firmware (26) · connect m6e 5g portable wifi router (26) | ↑72 | |
| 34 | codeastro | 26 | · | · | · | human resource management system (7) · leave management system (5) · student attendance management system (5) | ↑105 | ||
| 35 | frappe | 26 | · | · | · | frappe framework (12) · frappe (11) · erpnext (2) | ↑53 | ||
| 36 | nextcloud | 26 | · | · | · | security-advisories (26) · nextcloud server (8) · tables (3) | — | ||
| 37 | gitlab | 25 | · | · | · | gitlab (25) | ↑3 | ||
| 38 | netty | 25 | 1 | · | · | netty (22) · netty-incubator-codec-ohttp (3) | ↑55 | ||
| 39 | gogs | 24 | 2 | · | 1 | Nuclei 1 | gogs (24) | — | |
| 40 | qnap | 24 | 4 | · | · | quts hero (13) · qts (12) · file station 5 (6) | — | ||
| 41 | qualcomm | 24 | 1 | · | · | wcd9380 firmware (22) · fastconnect 7800 firmware (22) · wcd9385 firmware (22) | ↑95 | ||
| 42 | flowise | 23 | 7 | · | · | NEW | flowise (23) · flowise components (1) | — | |
| 43 | qualcomm, inc. | 22 | · | · | · | snapdragon (22) | ↑94 | ||
| 44 | zephyrproject | 22 | · | · | · | NEW | zephyr (22) | — | |
| 45 | n8n-io | 21 | 7 | · | · | n8n (21) | ↑54 | ||
| 46 | mattermost | 20 | · | · | · | mattermost (18) · mattermost server (15) · mattermost desktop (2) | ↓13 | ||
| 47 | nodejs | 20 | 1 | · | · | node (12) · node.js (10) · undici (8) | — | ||
| 48 | geovision inc. | 19 | 12 | · | · | NEW | gv-lpclpc2011/2211 (10) · gv-i/o box 4e (8) · geovision (1) | ↑61 | |
| 49 | openssl | 18 | 1 | · | · | openssl (18) | — | ||
| 50 | packagist | 18 | · | · | · | web-token/jwt-library (4) · web-token/jwt-framework (3) · spomky-labs/otphp (2) | ↓24 |
Top weaknesses
CWE classes by distinct CVE count.
Sectors
Solution categories ranked by distinct CVE count this period.
- OSS Libraries1,505 CVE111 crit326 vendorsCVSS 7.7capgo (73) · imagemagick (41) · wolfssl (32)
- Web & CMS Plugins1,477 CVE172 crit4 KEV705 vendorsCVSS 7.9jetengine (10) · eventprime (5) · classified listing (4)
- Consumer Software1,401 CVE128 crit2 KEV97 vendorsCVSS 7.5chrome (965) · firefox (47) · google chrome (43)
- Operating Systems1,163 CVE256 crit2 KEV62 vendorsCVSS 7.4linux (517) · red hat enterprise linux 8 (81) · red hat enterprise linux 9 (81)
- Enterprise Software925 CVE198 crit4 KEV185 vendorsCVSS 8.3microsoft sharepoint server 2019 (31) · microsoft sharepoint enterprise server 2016 (30) · openproject (17)
- Cloud & SaaS397 CVE61 crit101 vendorsCVSS 7.8nocodb (29) · n8n (28) · microsoft 365 (26)
- Networking Infrastructure374 CVE133 crit18 KEV102 vendorsCVSS 7.7connect m6e 5g firmware (26) · connect m6e 5g portable wifi router (26) · ew-7478apc (9)
- Security Products302 CVE56 crit12 KEV103 vendorsCVSS 7.8misp (40) · ghidra (30) · openbullet2 (5)
- Databases261 CVE108 crit1 KEV51 vendorsCVSS 8.5webcenter content (32) · pgadmin 4 (11) · webcenter enterprise capture (10)
- AI / ML259 CVE46 crit99 vendorsCVSS 7.6flowise (50) · open-webui (17) · open webui (16)
- DevTools & CI236 CVE30 crit50 vendorsCVSS 7.6gitlab (25) · gogs (24) · jenkins (16)
- ICS / OT / IoT206 CVE59 crit2 KEV68 vendorsCVSS 8.3double-a profibus (11) · double-a x-link (11) · double-x can (11)
- Hardware Firmware186 CVE31 crit51 vendorsCVSS 8.6quts hero (24) · qts (23) · fastconnect 7800 firmware (22)
- Communications156 CVE20 crit37 vendorsCVSS 8.0librechat (25) · mattermost (18) · mattermost server (15)
- Mobile Apps23 CVE3 crit17 vendorsCVSS 7.2setracker2 parental control app (android) package com.tgelec.setracker (4) · hippoo mobile app for woocommerce (2) · samsung assistant (2)
- Unclassified203 CVE39 crit1 KEV112 vendorsCVSS 7.4oracle enterprise command center framework (8) · windows app client for windows desktop (7) · collegemanagementsystem (5)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| OSS Libraries▸ 10 | 1,505 | 111 | · | 326 | 584 | 7.7 | capgo (73) · imagemagick (41) · wolfssl (32) |
| Web & CMS Plugins▸ 6 | 1,477 | 172 | 4 | 705 | 990 | 7.9 | jetengine (10) · eventprime (5) · classified listing (4) |
| Consumer Software▸ 5 | 1,401 | 128 | 2 | 97 | 190 | 7.5 | chrome (965) · firefox (47) · google chrome (43) |
| Operating Systems▸ 5 | 1,163 | 256 | 2 | 62 | 153 | 7.4 | linux (517) · red hat enterprise linux 8 (81) · red hat enterprise linux 9 (81) |
| Enterprise Software▸ 7 | 925 | 198 | 4 | 185 | 380 | 8.3 | microsoft sharepoint server 2019 (31) · microsoft sharepoint enterprise server 2016 (30) · openproject (17) |
| Cloud & SaaS▸ 5 | 397 | 61 | · | 101 | 159 | 7.8 | nocodb (29) · n8n (28) · microsoft 365 (26) |
| Networking Infrastructure▸ 6 | 374 | 133 | 18 | 102 | 432 | 7.7 | connect m6e 5g firmware (26) · connect m6e 5g portable wifi router (26) · ew-7478apc (9) |
| Security Products▸ 6 | 302 | 56 | 12 | 103 | 192 | 7.8 | misp (40) · ghidra (30) · openbullet2 (5) |
| Databases▸ 5 | 261 | 108 | 1 | 51 | 78 | 8.5 | webcenter content (32) · pgadmin 4 (11) · webcenter enterprise capture (10) |
| AI / ML▸ 5 | 259 | 46 | · | 99 | 105 | 7.6 | flowise (50) · open-webui (17) · open webui (16) |
| DevTools & CI▸ 5 | 236 | 30 | · | 50 | 99 | 7.6 | gitlab (25) · gogs (24) · jenkins (16) |
| ICS / OT / IoT▸ 5 | 206 | 59 | 2 | 68 | 2,965 | 8.3 | double-a profibus (11) · double-a x-link (11) · double-x can (11) |
| Hardware Firmware▸ 5 | 186 | 31 | · | 51 | 728 | 8.6 | quts hero (24) · qts (23) · fastconnect 7800 firmware (22) |
| Communications▸ 4 | 156 | 20 | · | 37 | 43 | 8.0 | librechat (25) · mattermost (18) · mattermost server (15) |
| Mobile Apps▸ 3 | 23 | 3 | · | 17 | 18 | 7.2 | setracker2 parental control app (android) package com.tgelec.setracker (4) · hippoo mobile app for woocommerce (2) · samsung assistant (2) |
| Unclassified | 203 | 39 | 1 | 112 | 146 | 7.4 | oracle enterprise command center framework (8) · windows app client for windows desktop (7) · collegemanagementsystem (5) |
Which weaknesses hit which solution categories in June 2026
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.