This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2026-42581 to perform request smuggling, CVE-2026-49268 to bypass LDAP authentication, or CVE-2025-67030 to overwrite critical files via directory traversal, potentially leading to unauthorized access, data compromise, or remote code execution. Note that CVE-2026-49268 is only exploitable if the LDAP authentication realm is enabled. Upgrading Netty to 4.1.135.Final/4.2.13.Final, Shiro to 2.2.1, and Plexus-Utils to a patched version would remediate these vulnerabilities.
| CVE ID | Adjusted Severity | Package | Exploit Probability | Risk Context |
|---|---|---|---|---|
| CVE-2026-42581 | HIGH8.33 | io.netty:netty-codec-http 4.2.10.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-49268 | HIGH7.73 | org.apache.shiro:shiro-core 1.13.0 fixed in 2.2.1, 3.0.0-alpha-2 | 0.5% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2025-67030 | HIGH7.48 | org.codehaus.plexus:plexus-utils 3.5.1 fixed in 4.0.3, 3.6.1 | 0.7% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-45674 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-47691 | MEDIUM6.8 | io.netty:netty-resolver-dns 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-41254 | MEDIUM6.38 | lcms2 2.17-r0 fixed in 2.19-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-28388 | MEDIUM6.38 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-28388 | MEDIUM6.38 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.9% Theoretical Threat | Directly Exposed |
| CVE-2026-28389 | MEDIUM6.38 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-28390 | MEDIUM6.38 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Directly Exposed |
| CVE-2026-34183 | MEDIUM6.38 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-27135 | MEDIUM6.38 | nghttp2-libs 1.68.0-r0 fixed in 1.68.1 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-22016 | MEDIUM6.38 | openjdk21 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-34282 | MEDIUM6.38 | openjdk21 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22016 | MEDIUM6.38 | openjdk21-demos 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.4% Theoretical Threat | Directly ExposedContext importance: HIGH |
| CVE-2026-34282 | MEDIUM6.38 | openjdk21-demos 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22016 | MEDIUM6.38 | openjdk21-jdk 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34282 | MEDIUM6.38 | openjdk21-jdk 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22016 | MEDIUM6.38 | openjdk21-jmods 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34282 | MEDIUM6.38 | openjdk21-jmods 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22016 | MEDIUM6.38 | openjdk21-jre 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34282 | MEDIUM6.38 | openjdk21-jre 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22016 | MEDIUM6.38 | openjdk21-jre-headless 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34282 | MEDIUM6.38 | openjdk21-jre-headless 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.10.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-42585 | MEDIUM6.38 | io.netty:netty-codec-http 4.2.10.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-33871 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.10.Final fixed in 4.1.132.Final, 4.2.11.Final | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42587 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.10.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-48043 | MEDIUM6.38 | io.netty:netty-codec-http2 4.2.10.Final fixed in 4.1.135.Final, 4.2.15.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45416 | MEDIUM6.38 | io.netty:netty-handler 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50010 | MEDIUM6.38 | io.netty:netty-handler 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42578 | MEDIUM6.38 | io.netty:netty-handler-proxy 4.2.10.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-45292 | MEDIUM6.38 | io.opentelemetry:opentelemetry-api 1.47.0 fixed in 1.62.0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-3505 | MEDIUM6.38 | org.bouncycastle:bcpg-jdk15to18 1.81 fixed in 1.84 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-5588 | MEDIUM6.38 | org.bouncycastle:bcpkix-jdk15to18 1.81 fixed in 1.84 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-5588 | MEDIUM6.38 | org.bouncycastle:bcpkix-jdk18on 1.81 fixed in 1.84 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42198 | MEDIUM6.38 | org.postgresql:postgresql 42.7.2 fixed in 42.7.11 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-34182 | MEDIUM6.29 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42579 | MEDIUM6.18 | io.netty:netty-codec-dns 4.2.10.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.5% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-42584 | MEDIUM6.18 | io.netty:netty-codec-http 4.2.10.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-40973 | MEDIUM5.95 | org.springframework.boot:spring-boot 3.5.12 fixed in 4.0.6, 3.5.14 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-45673 | MEDIUM5.78 | io.netty:netty-resolver-dns 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-2673 | MEDIUM5.52 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-41417 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.10.Final fixed in 4.1.133.Final, 4.2.13.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42580 | MEDIUM5.52 | io.netty:netty-codec-http 4.2.10.Final fixed in 4.2.13.Final, 4.1.133.Final | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-0636 | MEDIUM5.52 | org.bouncycastle:bcprov-jdk15to18 1.81 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-0636 | MEDIUM5.52 | org.bouncycastle:bcprov-jdk18on 1.81 fixed in 1.84 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-44249 | MEDIUM5.5 | io.netty:netty-handler 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.4% Theoretical Threat | Directly ExposedContext importance: MEDIUM |
| CVE-2026-34181 | MEDIUM5.35 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-34181 | MEDIUM5.35 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42768 | MEDIUM5.35 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 1.0% Theoretical Threat | Directly Exposed |
| CVE-2026-42764 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.7% Theoretical Threat | Directly Exposed |
| CVE-2026-42769 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42770 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-9076 | MEDIUM5.02 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-31789 | MEDIUM5 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-31789 | MEDIUM5 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-7383 | MEDIUM4.67 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2026-6042 | MEDIUM4.67 | musl 1.2.5-r21 fixed in 1.2.5-r22 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-27171 | MEDIUM4.67 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-42766 | MEDIUM4.5 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.6% Theoretical Threat | Directly Exposed |
| CVE-2026-42767 | MEDIUM4.5 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22013 | MEDIUM4.5 | openjdk21 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22021 | MEDIUM4.5 | openjdk21 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-23865 | MEDIUM4.5 | openjdk21 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22013 | MEDIUM4.5 | openjdk21-demos 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22021 | MEDIUM4.5 | openjdk21-demos 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-23865 | MEDIUM4.5 | openjdk21-demos 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22013 | MEDIUM4.5 | openjdk21-jdk 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22021 | MEDIUM4.5 | openjdk21-jdk 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-23865 | MEDIUM4.5 | openjdk21-jdk 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22013 | MEDIUM4.5 | openjdk21-jmods 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22021 | MEDIUM4.5 | openjdk21-jmods 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-23865 | MEDIUM4.5 | openjdk21-jmods 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22013 | MEDIUM4.5 | openjdk21-jre 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22021 | MEDIUM4.5 | openjdk21-jre 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-23865 | MEDIUM4.5 | openjdk21-jre 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22013 | MEDIUM4.5 | openjdk21-jre-headless 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22021 | MEDIUM4.5 | openjdk21-jre-headless 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-23865 | MEDIUM4.5 | openjdk21-jre-headless 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-50020 | MEDIUM4.5 | io.netty:netty-codec-http 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-47244 | MEDIUM4.5 | io.netty:netty-codec-http2 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-50560 | MEDIUM4.5 | io.netty:netty-codec-http2 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-23903 | MEDIUM4.5 | org.apache.shiro:shiro-spring 1.13.0 fixed in 2.1.0 | 0.4% Theoretical Threat | Directly Exposed |
| CVE-2024-47554 | MEDIUM4.3 | commons-io:commons-io 2.8.0 fixed in 2.14.0 | 1.2% Low-Moderate Risk | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-34180 | MEDIUM4.25 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Directly Exposed |
| CVE-2026-1225 | MEDIUM4.25 | ch.qos.logback:logback-core 1.5.19 fixed in 1.5.25 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-22751 | MEDIUM4.08 | org.springframework.security:spring-security-core 6.5.9 fixed in 6.5.10, 7.0.5 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34757 | LOW3.74 | libpng 1.6.56-r0 fixed in 1.6.57-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-1965 | LOW3.47 | curl 8.17.0-r1 fixed in 8.19.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-1965 | LOW3.47 | libcurl 8.17.0-r1 fixed in 8.19.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-14819 | LOW3.47 | libcurl 8.17.0-r1 fixed in 8.19.0-r0 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-epoll 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-45536 | LOW3.4 | io.netty:netty-transport-native-kqueue 4.2.10.Final fixed in 4.2.15.Final, 4.1.135.Final | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-3784 | LOW3.31 | curl 8.17.0-r1 fixed in 8.19.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-14524 | LOW3.31 | curl 8.17.0-r1 fixed in 8.19.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-3784 | LOW3.31 | libcurl 8.17.0-r1 fixed in 8.19.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2025-14524 | LOW3.31 | libcurl 8.17.0-r1 fixed in 8.19.0-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-2673 | LOW3.31 | openssl 3.5.5-r0 fixed in 3.5.6-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-3805 | LOW3.21 | curl 8.17.0-r1 fixed in 8.19.0-r0 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-3805 | LOW3.21 | libcurl 8.17.0-r1 fixed in 8.19.0-r0 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-34181 | LOW3.21 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-42768 | LOW3.21 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-45446 | LOW3.15 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-45446 | LOW3.15 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-22018 | LOW3.15 | openjdk21 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22018 | LOW3.15 | openjdk21-demos 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22018 | LOW3.15 | openjdk21-jdk 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22018 | LOW3.15 | openjdk21-jmods 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22018 | LOW3.15 | openjdk21-jre 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22018 | LOW3.15 | openjdk21-jre-headless 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Directly Exposed |
| CVE-2026-22746 | LOW3.15 | org.springframework.security:spring-security-core 6.5.9 fixed in 6.5.10, 7.0.5 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2026-31790 | LOW3.01 | openssl 3.5.5-r0 fixed in 3.5.6-r0 | 1.0% Theoretical Threat | Post-Exploit |
| CVE-2026-42764 | LOW3.01 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-42769 | LOW3.01 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42770 | LOW3.01 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-9076 | LOW3.01 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-31789 | LOW3 | openssl 3.5.5-r0 fixed in 3.5.6-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-45447 | LOW2.92 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 2.3% Low-Moderate Risk | Post-Exploit |
| CVE-2026-3783 | LOW2.91 | curl 8.17.0-r1 fixed in 8.19.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-3783 | LOW2.91 | libcurl 8.17.0-r1 fixed in 8.19.0-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-7383 | LOW2.8 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.4% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libcrypto3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | libssl3 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-45445 | LOW2.78 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-42766 | LOW2.7 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-42767 | LOW2.7 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.3% Theoretical Threat | Post-Exploit |
| CVE-2026-34180 | LOW2.55 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | libcrypto3 3.5.5-r0 fixed in 3.5.6-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | libssl3 3.5.5-r0 fixed in 3.5.6-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-28387 | LOW2.48 | openssl 3.5.5-r0 fixed in 3.5.6-r0 | 0.6% Theoretical Threat | Post-Exploit |
| CVE-2026-22007 | LOW2.46 | openjdk21 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34268 | LOW2.46 | openjdk21 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22007 | LOW2.46 | openjdk21-demos 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34268 | LOW2.46 | openjdk21-demos 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22007 | LOW2.46 | openjdk21-jdk 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34268 | LOW2.46 | openjdk21-jdk 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22007 | LOW2.46 | openjdk21-jmods 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34268 | LOW2.46 | openjdk21-jmods 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22007 | LOW2.46 | openjdk21-jre 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34268 | LOW2.46 | openjdk21-jre 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-22007 | LOW2.46 | openjdk21-jre-headless 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2026-34268 | LOW2.46 | openjdk21-jre-headless 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Directly Exposed |
| CVE-2025-14017 | LOW2.45 | curl 8.17.0-r1 fixed in 8.19.0-r0 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2025-14017 | LOW2.45 | libcurl 8.17.0-r1 fixed in 8.19.0-r0 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-40200 | LOW2.39 | musl 1.2.5-r21 fixed in 1.2.5-r23 | 0.1% Theoretical Threat | Post-Exploit |
| CVE-2026-22184 | LOW2.39 | zlib 1.3.1-r2 fixed in 1.3.2-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-28388 | LOW2.29 | openssl 3.5.5-r0 fixed in 3.5.6-r0 | 0.9% Theoretical Threat | Post-Exploit |
| CVE-2026-28389 | LOW2.29 | openssl 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-28390 | LOW2.29 | openssl 3.5.5-r0 fixed in 3.5.6-r0 | 0.8% Theoretical Threat | Post-Exploit |
| CVE-2026-34183 | LOW2.29 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.5% Theoretical Threat | Post-Exploit |
| CVE-2026-34182 | LOW2.26 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-23901 | LOW2.12 | org.apache.shiro:shiro-core 1.13.0 fixed in 2.1.0 | 0.2% Theoretical Threat | Directly Exposed |
| CVE-2025-14819 | LOW2.08 | curl 8.17.0-r1 fixed in 8.19.0-r0 | 0.7% Theoretical Threat | Post-Exploit |
| CVE-2026-45446 | LOW1.89 | openssl 3.5.5-r0 fixed in 3.5.7-r0 | 0.2% Theoretical Threat | Post-Exploit |
| CVE-2026-40200 | NONE0 | musl-utils 1.2.5-r21 fixed in 1.2.5-r23 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-22016 | NONE0 | openjdk21-doc 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-34282 | NONE0 | openjdk21-doc 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-6042 | NONE0 | musl-utils 1.2.5-r21 fixed in 1.2.5-r22 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-22013 | NONE0 | openjdk21-doc 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-22021 | NONE0 | openjdk21-doc 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-23865 | NONE0 | openjdk21-doc 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-22018 | NONE0 | openjdk21-doc 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.3% Theoretical Threat | Not Applicable |
| CVE-2026-22007 | NONE0 | openjdk21-doc 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-34268 | NONE0 | openjdk21-doc 21.0.10_p7-r0 fixed in 21.0.11_p10-r0 | 0.1% Theoretical Threat | Not Applicable |
| CVE-2026-40930 | NONE0 | libpng 1.6.56-r0 fixed in 1.6.58-r1 | 0.2% Theoretical Threat | Not Applicable |
| CVE-2026-42583 | NONE0 | io.netty:netty-codec-compression 4.2.10.Final fixed in 4.2.13.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-42577 | NONE0 | io.netty:netty-transport-native-epoll 4.2.10.Final fixed in 4.2.13.Final | 0.4% Theoretical Threat | Not Applicable |
| CVE-2026-8149 | NONE0 | org.bouncycastle:bc-fips 2.1.2 No fix yet | 0.2% Theoretical Threat | Not Applicable |