month report

February 2008

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

February 2008 closed with 539 published CVEs — -14.8% YoY . 79 criticals, joomla led volume, mostly via joomla. Biggest breakout: joomla at ×13.0 their 12-month median. Top weakness class — CWE-89 (121 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

539

— MoM-14.8% YoY

Severity mix

79 / 184

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

2.8%

15 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

6597.9

n=15

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

5233

n=2

Detection gap

KEV pressure, no Nuclei coverage

February 2008 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2adobe10 CVE

Weakness × Vendor

What's spreading where in February 2008

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

13.0×joomla39 CVE
7.7×mambo23 CVE
4.0×cacti4 CVE
3.3×adobe10 CVE
3.0×aeries3 CVE
3.0×liferay6 CVE
3.0×kerio3 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#6bea systems12 CVE
#15double-take software7 CVE
#21shoppingtree6 CVE
#25cacti4 CVE
#26dmsguestbook project4 CVE
#29itechscripts4 CVE
#35caroline3 CVE
#42radio toolbox3 CVE
#43spyce3 CVE
#44tintin3 CVE

Top vendors

Ranked by distinct CVE count this period.

1joomla—
39 CVECVSS 7.5
×13.0PoC 29
joomla (3) · com astatspro (2) · com downloads (2)
2mambo—
23 CVECVSS 7.5
×7.7PoC 17
mambo (3) · com downloads (2) · com detail (1)
3ibm—
20 CVE4 critCVSS 6.8
aix (6) · db2 (5) · websphere application server (2)
4microsoft—
18 CVE13 critCVSS 8.9
PoC 2
office (7) · works (3) · internet explorer (3)
5mozilla—
14 CVE4 critCVSS 6.2
firefox (13) · seamonkey (11) · thunderbird (8)
6bea systems—
12 CVECVSS 5.4
NEW
weblogic portal (5) · weblogic server (3) · aqualogic interaction (2)
7apple—
11 CVE2 critCVSS 6.6
PoC 3
mac os x (5) · iphoto (2) · quicktime (1)
8adobe—
10 CVE5 critCVSS 8.5
×3.3KEV 2
acrobat reader (6) · acrobat (5) · connect enterprise server (3)
9bea—
10 CVECVSS 5.4
weblogic server (9) · weblogic workshop (2)
10wordpress—
10 CVECVSS 6.4
Nuclei 10PoC 6
sniplets plugin (3) · wordspew (1) · dean logan wp-people plugin (1)
11xoops—
10 CVECVSS 6.5
PoC 6
xoops (3) · tiny event module (1) · xm-memberstats (1)
12sun—
8 CVE1 critCVSS 6.6
PoC 1
solaris (6) · jre (2) · jdk (2)
13symantec—
8 CVE4 critCVSS 7.3
PoC 2
symantec antivirus filtering domino mpe (2) · backup exec for windows server (2) · scan engine (2)
14cisco—
7 CVE4 critCVSS 8.8
session initiation protocol \(sip\) firmware (6) · skinny client control protocol \(sccp\) firmware (6) · unified callmanager (1)
15double-take software—
7 CVECVSS 5.4
NEW
double-take (7)
16drupal—
7 CVE2 critCVSS 6.6
project issue tracking module (2) · secure site module (1) · userpoints module (1)
17hp—
7 CVE1 critCVSS 7.2
storageworks double-take (3) · storage essentials srm standard (1) · virtual rooms (1)
18liferay—
6 CVECVSS 4.0
×3.0
liferay enterprise portal (6)
19novell—
6 CVE3 critCVSS 6.7
client (2) · challenge response client (1) · groupwise (1)
20phpnuke—
6 CVECVSS 7.1
PoC 5
book (1) · easycontent module (1) · kose yazilari module (1)
21shoppingtree—
6 CVECVSS 6.5
NEWPoC 5
candypress store (6)
22сообщество свободного программного обеспечения—
6 CVE1 critCVSS 6.1
PoC 2
debian gnu/linux (6)
23apache—
5 CVECVSS 4.9
PoC 1
tomcat (3) · mod jk (1) · geronimo (1)
24linux—
5 CVECVSS 4.6
PoC 4
linux kernel (5)
25cacti—
4 CVECVSS 5.3
NEW×4.0PoC 1
cacti (4)
26dmsguestbook project—
4 CVECVSS 4.8
NEWNuclei 4PoC 3
dmsguestbook (4)
27gentoo foundation inc.—
4 CVE1 critCVSS 7.9
PoC 2
gentoo linux (4)
28ipswitch—
4 CVECVSS 4.5
PoC 2
instant messaging (3) · imserver (2) · ws ftp (1)
29itechscripts—
4 CVECVSS 6.7
NEWPoC 2
itechbids (2) · itechclassifieds (2)
30maven—
4 CVECVSS 4.8
PoC 1
org.apache.tomcat:tomcat (3) · org.opencms:opencms-core (1)
31mplayer—
4 CVE1 critCVSS 7.0
PoC 1
mplayer (4)
32oracle—
4 CVECVSS 5.5
weblogic portal (4)
33php-nuke—
4 CVECVSS 7.5
PoC 4
inhalt module (1) · manuales (1) · nukec module (1)
34aeries—
3 CVECVSS 6.4
×3.0PoC 2
aeries student information system (3)
35caroline—
3 CVE1 critCVSS 7.3
NEW
caroline (3)
36kerio—
3 CVE1 critCVSS 8.1
×3.0
kerio mailserver (3) · avg plugin (1)
37moinmoin—
3 CVECVSS 4.5
PoC 1
moinmoin (3)
38netwin—
3 CVECVSS 7.0
surgemail (2) · webmail (1) · surgeftp (1)
39openbsd—
3 CVECVSS 6.6
PoC 1
openbsd (3)
40opera—
3 CVECVSS 6.0
opera browser (3)
41pypi—
3 CVECVSS 4.5
PoC 1
moin (3)
42radio toolbox—
3 CVE1 critCVSS 6.7
NEWPoC 1
steamcast (3)
43spyce—
3 CVECVSS 5.5
NEWPoC 1
spyce (3)
44tintin—
3 CVE1 critCVSS 7.5
NEW
tintin\+\+ (3) · wintin\+\+ (3)
45wireshark—
3 CVECVSS 4.7
wireshark (3)
46yahoo—
3 CVECVSS 4.3
PoC 3
music jukebox (3)
47a-blog—
2 CVECVSS 5.9
PoC 2
a-blog (2)
48all club cms—
2 CVECVSS 7.2
NEWPoC 2
all club cms (2)
49artmedic webdesign—
2 CVECVSS 4.3
PoC 1
artmedic weblog (2)
50astats—
2 CVECVSS 7.5
NEWPoC 1
astatspro (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	joomla	39	·	·	·	×13.0PoC 29	joomla (3) · com astatspro (2) · com downloads (2)	—
2	mambo	23	·	·	·	×7.7PoC 17	mambo (3) · com downloads (2) · com detail (1)	—
3	ibm	20	4	·	·		aix (6) · db2 (5) · websphere application server (2)	—
4	microsoft	18	13	·	·	PoC 2	office (7) · works (3) · internet explorer (3)	—
5	mozilla	14	4	·	·		firefox (13) · seamonkey (11) · thunderbird (8)	—
6	bea systems	12	·	·	·	NEW	weblogic portal (5) · weblogic server (3) · aqualogic interaction (2)	—
7	apple	11	2	·	·	PoC 3	mac os x (5) · iphoto (2) · quicktime (1)	—
8	adobe	10	5	2	·	×3.3KEV 2	acrobat reader (6) · acrobat (5) · connect enterprise server (3)	—
9	bea	10	·	·	·		weblogic server (9) · weblogic workshop (2)	—
10	wordpress	10	·	·	10	Nuclei 10PoC 6	sniplets plugin (3) · wordspew (1) · dean logan wp-people plugin (1)	—
11	xoops	10	·	·	·	PoC 6	xoops (3) · tiny event module (1) · xm-memberstats (1)	—
12	sun	8	1	·	·	PoC 1	solaris (6) · jre (2) · jdk (2)	—
13	symantec	8	4	·	·	PoC 2	symantec antivirus filtering domino mpe (2) · backup exec for windows server (2) · scan engine (2)	—
14	cisco	7	4	·	·		session initiation protocol \(sip\) firmware (6) · skinny client control protocol \(sccp\) firmware (6) · unified callmanager (1)	—
15	double-take software	7	·	·	·	NEW	double-take (7)	—
16	drupal	7	2	·	·		project issue tracking module (2) · secure site module (1) · userpoints module (1)	—
17	hp	7	1	·	·		storageworks double-take (3) · storage essentials srm standard (1) · virtual rooms (1)	—
18	liferay	6	·	·	·	×3.0	liferay enterprise portal (6)	—
19	novell	6	3	·	·		client (2) · challenge response client (1) · groupwise (1)	—
20	phpnuke	6	·	·	·	PoC 5	book (1) · easycontent module (1) · kose yazilari module (1)	—
21	shoppingtree	6	·	·	·	NEWPoC 5	candypress store (6)	—
22	сообщество свободного программного обеспечения	6	1	·	·	PoC 2	debian gnu/linux (6)	—
23	apache	5	·	·	·	PoC 1	tomcat (3) · mod jk (1) · geronimo (1)	—
24	linux	5	·	·	·	PoC 4	linux kernel (5)	—
25	cacti	4	·	·	·	NEW×4.0PoC 1	cacti (4)	—
26	dmsguestbook project	4	·	·	4	NEWNuclei 4PoC 3	dmsguestbook (4)	—
27	gentoo foundation inc.	4	1	·	·	PoC 2	gentoo linux (4)	—
28	ipswitch	4	·	·	·	PoC 2	instant messaging (3) · imserver (2) · ws ftp (1)	—
29	itechscripts	4	·	·	·	NEWPoC 2	itechbids (2) · itechclassifieds (2)	—
30	maven	4	·	·	·	PoC 1	org.apache.tomcat:tomcat (3) · org.opencms:opencms-core (1)	—
31	mplayer	4	1	·	·	PoC 1	mplayer (4)	—
32	oracle	4	·	·	·		weblogic portal (4)	—
33	php-nuke	4	·	·	·	PoC 4	inhalt module (1) · manuales (1) · nukec module (1)	—
34	aeries	3	·	·	·	×3.0PoC 2	aeries student information system (3)	—
35	caroline	3	1	·	·	NEW	caroline (3)	—
36	kerio	3	1	·	·	×3.0	kerio mailserver (3) · avg plugin (1)	—
37	moinmoin	3	·	·	·	PoC 1	moinmoin (3)	—
38	netwin	3	·	·	·		surgemail (2) · webmail (1) · surgeftp (1)	—
39	openbsd	3	·	·	·	PoC 1	openbsd (3)	—
40	opera	3	·	·	·		opera browser (3)	—
41	pypi	3	·	·	·	PoC 1	moin (3)	—
42	radio toolbox	3	1	·	·	NEWPoC 1	steamcast (3)	—
43	spyce	3	·	·	·	NEWPoC 1	spyce (3)	—
44	tintin	3	1	·	·	NEW	tintin\+\+ (3) · wintin\+\+ (3)	—
45	wireshark	3	·	·	·		wireshark (3)	—
46	yahoo	3	·	·	·	PoC 3	music jukebox (3)	—
47	a-blog	2	·	·	·	PoC 2	a-blog (2)	—
48	all club cms	2	·	·	·	NEWPoC 2	all club cms (2)	—
49	artmedic webdesign	2	·	·	·	PoC 1	artmedic weblog (2)	—
50	astats	2	·	·	·	NEWPoC 1	astatspro (2)	—