CVE Tools
Sign in
month report

December 2008

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

December 2008 closed with 530 published CVEs+18.0% YoY . 129 criticals, microsoft led volume, mostly via internet explorer. Biggest breakout: mozilla at ×15.0 their 12-month median. Top weakness class — CWE-89 (101 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
530
— MoM+18.0% YoY
Severity mix
129 / 176
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
0.6%
3 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
6286.1
n=3
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
n=0
Weakness × Vendor

What's spreading where in December 2008

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

89SQL Injection399CWE-39920Improper Input Validation79XSS264CWE-264119Memory Buffer Bounds59CWE-5922Path Traversal94Code Injection189CWE-189microsoft1861623sun365112ibm332apple4111114mozilla3224canonical21221debian1122111activewebsoftwares10typo3541linux421opera211adobe211

Breakout vendors

CVE count ≥3× their own 12-period median.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1microsoft
    39 CVE21 critCVSS 8.8
    PoC 8
    internet explorer (12) · office (11) · open xml file format converter (11)
  • 2sun
    36 CVE13 critCVSS 7.3
    PoC 1
    jdk (23) · jre (23) · sdk (19)
  • 3ibm
    17 CVE3 critCVSS 6.5
    rational clearquest (7) · websphere application server (4) · aix (4)
  • 4apple
    15 CVE7 critCVSS 8.3
    PoC 2
    mac os x server (11) · mac os x (10) · cups (2)
  • 5mozilla
    15 CVE1 critCVSS 5.5
    ×15.0PoC 1
    firefox (14) · seamonkey (11) · thunderbird (10)
  • 6canonical
    11 CVE1 critCVSS 5.9
    ×3.7
    ubuntu linux (11)
  • 7debian
    11 CVE1 critCVSS 6.1
    ×3.7PoC 1
    debian linux (10) · shadow (1)
  • 8activewebsoftwares
    10 CVECVSS 7.5
    NEWPoC 10
    activevotes (2) · active force matrix (1) · active membership (1)
  • 9typo3
    10 CVE1 critCVSS 6.6
    NEW
    typo3 (2) · wir ber uns extension (2) · eluna page comments extension (2)
  • 10linux
    7 CVECVSS 4.8
    PoC 1
    linux kernel (7)
  • 11opera
    6 CVE2 critCVSS 6.5
    PoC 1
    opera browser (4) · opera (2)
  • 12adobe
    5 CVE1 critCVSS 5.3
    air (3) · flash player (3) · acrobat (1)
  • 13aspapps
    5 CVECVSS 6.0
    NEWPoC 5
    asp autodealer (2) · aspportal (2) · aspticker (1)
  • 14gentoo foundation inc.
    5 CVECVSS 6.9
    PoC 2
    gentoo linux (5)
  • 15mediawiki
    5 CVECVSS 4.6
    mediawiki (5)
  • 16netcat
    5 CVECVSS 5.5
    NEWPoC 5
    netcat (5)
  • 17php
    5 CVE1 critCVSS 7.5
    ×5.0PoC 3
    php (5)
  • 18eset
    4 CVE2 critCVSS 7.5
    NEWPoC 1
    nod32 antivirus (2) · smart security (2)
  • 19e-topbiz
    4 CVECVSS 7.5
    NEWPoC 4
    online store (2) · number links 1 php script (1) · domain shop (1)
  • 20myiosoft
    4 CVECVSS 7.5
    NEWPoC 3
    easybookmarker (3) · easycalendar (1)
  • 21scripts4you
    4 CVECVSS 6.5
    NEWPoC 4
    clean cms (2) · faq manager (2)
  • 22symantec
    4 CVE3 critCVSS 8.0
    backup exec for windows server (2) · antivirus (1) · norton internet security 2008 (1)
  • 23textpattern
    4 CVECVSS 4.9
    NEWPoC 1
    textpattern (4)
  • 24сообщество свободного программного обеспечения
    4 CVECVSS 7.2
    PoC 4
    debian gnu/linux (4)
  • 25alstrasoft
    3 CVE1 critCVSS 8.3
    PoC 3
    article manager pro (1) · web email script enterprise (1) · webhost directory (1)
  • 26asterisk
    3 CVECVSS 5.8
    ×3.0
    zaptel (2) · open source (1) · asterisk business edition (1)
  • 27bdigital web solutions
    3 CVECVSS 7.5
    NEWPoC 3
    webstudio ehotel (1) · webstudio cms (1) · webstudio ecatalogue (1)
  • 28cerulean studios
    3 CVE3 critCVSS 10.0
    trillian (3) · trillian pro (3)
  • 29ceruleanstudios
    3 CVE3 critCVSS 10.0
    NEW
    trillian (3) · trillian pro (3)
  • 30deltascripts
    3 CVECVSS 7.5
    NEWPoC 3
    php classifieds (2) · php shop (1)
  • 31dotnetindex
    3 CVECVSS 5.8
    NEWPoC 3
    professional download assistant (2) · ikon admanager (1)
  • 32gpsdrive
    3 CVECVSS 6.9
    NEW
    gpsdrive (3)
  • 33hp
    3 CVECVSS 4.8
    hp-ux (2) · decnet plus for openvms (1)
  • 34joomla
    3 CVECVSS 7.5
    PoC 1
    com books (1) · joomla (1) · joomla\! (1)
  • 35mini-pub
    3 CVECVSS 6.7
    NEWPoC 3
    mini-pub (3)
  • 36netart media
    3 CVECVSS 7.5
    PoC 3
    real estate portal (1) · blog system (1) · car portal (1)
  • 37octeth
    3 CVECVSS 5.5
    NEW
    oempro (3)
  • 38packagist
    3 CVE1 critCVSS 6.2
    PoC 1
    phpmailer/phpmailer (1) · typo3/cms-backend (1) · typo3/cms-felogin (1)
  • 39phparanoid
    3 CVECVSS 6.7
    NEW
    phparanoid (3)
  • 40punbb
    3 CVECVSS 5.0
    punbb (3)
  • 41qemu
    3 CVECVSS 6.7
    ×3.0
    qemu (3)
  • 42recly
    3 CVECVSS 7.3
    NEWPoC 3
    clickheat-heatmap (1) · competitions (1) · interactive feederator (1)
  • 43scssboard
    3 CVECVSS 7.5
    NEWPoC 3
    scssboard (3)
  • 44trend micro
    3 CVE3 critCVSS 9.3
    housecall (2) · trend micro antivirus (1)
  • 45v3chat
    3 CVE1 critCVSS 8.3
    NEWPoC 3
    v3 chat profiles dating script (2) · v3 chat live support (1)
  • 462500mhz
    2 CVE1 critCVSS 7.2
    NEWPoC 2
    worksimple (2)
  • 475e5
    2 CVECVSS 5.0
    NEW
    teamtek universal ftp server (2)
  • 48apertoblog
    2 CVECVSS 7.5
    NEWPoC 2
    apertoblog (2)
  • 49aspsiteware
    2 CVECVSS 7.5
    NEWPoC 2
    homebuilder (1) · realtylistings (1)
  • 50avaya
    2 CVE1 critCVSS 7.0
    communication manager (2)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-89101
2CWE-39957
3CWE-2050
4CWE-7948
5CWE-26446
6CWE-11944
7CWE-5925
8CWE-2223
9CWE-9423
10CWE-18915
11CWE-20014
12CWE-28714
13CWE-35210
14CWE-2557
15CWE-3106
16CWE-163
17CWE-3192
18CWE-3622
19CWE-782
20CWE-1341