month report
June 2026
Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
June 2026 closed with 811 published CVEs. 38 criticals, 4 added to CISA KEV. google led volume, mostly via android. Top weakness class — CWE-79 (66 CVE). 10 vendors cracked the top-100 for the first time.
Projected total
2,703
-62.7% MoM-30.2% YoY· proj
Severity mix
38 / 274
critical / high
KEV added
4
0 ransomware-linked
Nuclei coverage
0.6%
5 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
—
n=0
Within 7 days
—%
Within 30 days
—%
Days → KEV (median)
1
n=1
Detection gap
KEV pressure, no Nuclei coverage
June 2026 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1google61 CVE
Weakness × Vendor
What's spreading where in June 2026
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS20Improper Input Validation416Use After Free89SQL Injection74Injection284CWE-28422Path Traversal125Out-of-bounds Read200Information Exposure94Code Injectiongoogle49911311912975apache software foundation2321132linux1sourcecodester81213118apache12132acer14nextcloud2613red hat141itsourcecode319193qualcomm1qualcomm, inc.1arista networks121
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #5acer26 CVE
- #10dräger16 CVE
- #12mbs11 CVE
- #13open-telemetry10 CVE
- #14opentelemetry10 CVE
- #15accellion9 CVE
- #17kiteworks9 CVE
- #18cloud foundry foundation7 CVE
- #19djangoproject7 CVE
- #20glpi-project7 CVE
Top vendors
Ranked by distinct CVE count this period.
- 61 CVECVSS 6.6KEV 1android (60) · android xr (1)
- 33 CVECVSS 7.8linux (33)
- 31 CVE2 critCVSS 6.7apache airflow (17) · apache activemq (6) · apache activemq broker (4)
- 30 CVE1 critCVSS 6.6airflow (17) · activemq (6) · activemq broker (4)
- 26 CVENEWconnect m6e 5g portable wifi router (26)
- 26 CVECVSS 5.4security-advisories (26) · nextcloud server (5) · approval (2)
- 22 CVECVSS 7.3wcd9380 firmware (22) · fastconnect 7800 firmware (22) · wcd9385 firmware (22)
- 22 CVECVSS 7.3snapdragon (22)
- 18 CVECVSS 5.4pharmacy sales and inventory system (6) · pizzafy ecommerce system (2) · water billing management system (2)
- 16 CVECVSS 6.9NEWsc6802xl (2) · infinity acute care system (2) · infinity delta (2)
- 15 CVECVSS 6.5fees management system (5) · content management system (5) · online house rental system (3)
- 11 CVE1 critCVSS 8.5NEWdouble-a profibus (11) · double-a x-link (11) · double-x can (11)
- 10 CVECVSS 6.0NEWopentelemetry-ebpf-instrumentation (10)
- 10 CVECVSS 6.0NEWebpf instrumentation (10)
- 9 CVECVSS 6.2NEWkiteworks (9)
- 9 CVECVSS 6.5online hospital management system (3) · hotel and tourism reservation system (3) · smart parking system (1)
- 9 CVECVSS 6.2NEWsecure data forms (8) · security-advisories (1)
- 7 CVE1 critCVSS 8.4NEWbosh (3) · cf deployment (2) · uaa_release (1)
- 7 CVECVSS 3.5NEWdjango (5) · daphne (2)
- 7 CVENEWglpi (7)
- 7 CVECVSS 7.5NEWflexric (7)
- 7 CVECVSS 4.8NEWnameless (7)
- 7 CVE1 critCVSS 6.3NEWotrs (7) · ((otrs)) community edition (4)
- 7 CVECVSS 6.4red hat enterprise linux 7 (4) · red hat enterprise linux 8 (4) · red hat enterprise linux 9 (4)
- 7 CVECVSS 6.1NEWrlottie (7)
- 7 CVENEWsecurly chrome extension (7)
- 7 CVENEWsoplanning (7)
- 6 CVE2 critCVSS 9.1NEWauthentik (6)
- 6 CVECVSS 5.9NEWgoclaw (6)
- 6 CVECVSS 6.2NEWhermes-agent (6)
- 6 CVECVSS 7.4NEWreact-router (6) · @remix-run/server-runtime (1) · turbo-stream (1)
- 6 CVECVSS 7.3NEWfd8136 firmware (6)
- 5 CVECVSS 8.1NEWNuclei 1fermentio (1) · racquet (1) · spin (1)
- 5 CVENEWtesla (5)
- 5 CVE3 critCVSS 8.9websphere application server (4) · i access family (1)
- 5 CVECVSS 7.0NEWmt6883 firmware (3) · mt6761 firmware (3) · mt6765 firmware (3)
- 5 CVECVSS 6.9mediatek chipset (5)
- 5 CVE2 critCVSS 9.2NEWsitefinity (5)
- 5 CVECVSS 6.0hyper backup (2) · synology active backup for business recovery media creator (1) · synology hyper backup explorer (1)
- 4 CVE1 critCVSS 8.5NEWt-mac plus (4)
- 4 CVECVSS 7.3NEWacronis devicelock dlp (4)
- 4 CVECVSS 6.1NEWastrbot (4)
- 4 CVECVSS 6.8NEWonline job portal (2) · ingredients stock management system (1) · payroll system (1)
- 4 CVE1 critCVSS 7.7NEWlibrechat (4)
- 4 CVENEWmint (4)
- 4 CVECVSS 5.6firefox (4) · firefox for ios (2)
- 4 CVE1 critCVSS 6.6NEWironic (3) · mistral (1)
- 4 CVECVSS 6.3NEWstudent_management_system_by_php (4)
- 3 CVECVSS 5.4NEWblender-mcp (3)
- 3 CVE1 critCVSS 7.9NEWarmember premium – membership plugin, content restriction, member levels, user profile & user signup (3)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | 61 | · | 1 | · | KEV 1 | android (60) · android xr (1) | — | ||
| 2 | linux | 33 | · | · | · | linux (33) | — | ||
| 3 | apache software foundation | 31 | 2 | · | · | apache airflow (17) · apache activemq (6) · apache activemq broker (4) | — | ||
| 4 | apache | 30 | 1 | · | · | airflow (17) · activemq (6) · activemq broker (4) | — | ||
| 5 | acer | 26 | · | · | · | NEW | connect m6e 5g portable wifi router (26) | — | |
| 6 | nextcloud | 26 | · | · | · | security-advisories (26) · nextcloud server (5) · approval (2) | — | ||
| 7 | qualcomm | 22 | · | · | · | wcd9380 firmware (22) · fastconnect 7800 firmware (22) · wcd9385 firmware (22) | — | ||
| 8 | qualcomm, inc. | 22 | · | · | · | snapdragon (22) | — | ||
| 9 | sourcecodester | 18 | · | · | · | pharmacy sales and inventory system (6) · pizzafy ecommerce system (2) · water billing management system (2) | — | ||
| 10 | dräger | 16 | · | · | · | NEW | sc6802xl (2) · infinity acute care system (2) · infinity delta (2) | — | |
| 11 | itsourcecode | 15 | · | · | · | fees management system (5) · content management system (5) · online house rental system (3) | — | ||
| 12 | mbs | 11 | 1 | · | · | NEW | double-a profibus (11) · double-a x-link (11) · double-x can (11) | — | |
| 13 | open-telemetry | 10 | · | · | · | NEW | opentelemetry-ebpf-instrumentation (10) | — | |
| 14 | opentelemetry | 10 | · | · | · | NEW | ebpf instrumentation (10) | — | |
| 15 | accellion | 9 | · | · | · | NEW | kiteworks (9) | — | |
| 16 | code-projects | 9 | · | · | · | online hospital management system (3) · hotel and tourism reservation system (3) · smart parking system (1) | — | ||
| 17 | kiteworks | 9 | · | · | · | NEW | secure data forms (8) · security-advisories (1) | — | |
| 18 | cloud foundry foundation | 7 | 1 | · | · | NEW | bosh (3) · cf deployment (2) · uaa_release (1) | — | |
| 19 | djangoproject | 7 | · | · | · | NEW | django (5) · daphne (2) | — | |
| 20 | glpi-project | 7 | · | · | · | NEW | glpi (7) | — | |
| 21 | mosaic5g | 7 | · | · | · | NEW | flexric (7) | — | |
| 22 | namelessmc | 7 | · | · | · | NEW | nameless (7) | — | |
| 23 | otrs ag | 7 | 1 | · | · | NEW | otrs (7) · ((otrs)) community edition (4) | — | |
| 24 | red hat | 7 | · | · | · | red hat enterprise linux 7 (4) · red hat enterprise linux 8 (4) · red hat enterprise linux 9 (4) | — | ||
| 25 | samsung open source | 7 | · | · | · | NEW | rlottie (7) | — | |
| 26 | securly | 7 | · | · | · | NEW | securly chrome extension (7) | — | |
| 27 | soplanning | 7 | · | · | · | NEW | soplanning (7) | — | |
| 28 | goauthentik | 6 | 2 | · | · | NEW | authentik (6) | — | |
| 29 | nextlevelbuilder | 6 | · | · | · | NEW | goclaw (6) | — | |
| 30 | nousresearch | 6 | · | · | · | NEW | hermes-agent (6) | — | |
| 31 | remix-run | 6 | · | · | · | NEW | react-router (6) · @remix-run/server-runtime (1) · turbo-stream (1) | — | |
| 32 | vivotek | 6 | · | · | · | NEW | fd8136 firmware (6) | — | |
| 33 | axiomthemes | 5 | · | · | 1 | NEWNuclei 1 | fermentio (1) · racquet (1) · spin (1) | — | |
| 34 | elixir-tesla | 5 | · | · | · | NEW | tesla (5) | — | |
| 35 | ibm | 5 | 3 | · | · | websphere application server (4) · i access family (1) | — | ||
| 36 | mediatek | 5 | · | · | · | NEW | mt6883 firmware (3) · mt6761 firmware (3) · mt6765 firmware (3) | — | |
| 37 | mediatek, inc. | 5 | · | · | · | mediatek chipset (5) | — | ||
| 38 | progress software | 5 | 2 | · | · | NEW | sitefinity (5) | — | |
| 39 | synology | 5 | · | · | · | hyper backup (2) · synology active backup for business recovery media creator (1) · synology hyper backup explorer (1) | — | ||
| 40 | abb | 4 | 1 | · | · | NEW | t-mac plus (4) | — | |
| 41 | acronis | 4 | · | · | · | NEW | acronis devicelock dlp (4) | — | |
| 42 | astrbotdevs | 4 | · | · | · | NEW | astrbot (4) | — | |
| 43 | codeastro | 4 | · | · | · | NEW | online job portal (2) · ingredients stock management system (1) · payroll system (1) | — | |
| 44 | danny-avila | 4 | 1 | · | · | NEW | librechat (4) | — | |
| 45 | elixir-mint | 4 | · | · | · | NEW | mint (4) | — | |
| 46 | mozilla | 4 | · | · | · | firefox (4) · firefox for ios (2) | — | ||
| 47 | openstack | 4 | 1 | · | · | NEW | ironic (3) · mistral (1) | — | |
| 48 | raisulislamg4 | 4 | · | · | · | NEW | student_management_system_by_php (4) | — | |
| 49 | ahujasid | 3 | · | · | · | NEW | blender-mcp (3) | — | |
| 50 | armember | 3 | 1 | · | · | NEW | armember premium – membership plugin, content restriction, member levels, user profile & user signup (3) | — |