month report

April 2009

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

April 2009 closed with 570 published CVEs. 89 criticals, oracle led volume, mostly via application server. Top weakness class — CWE-79 (77 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

570

— MoM— YoY

Severity mix

89 / 147

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

0.5%

3 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

6156.2

n=3

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

6123

n=1

Detection gap

KEV pressure, no Nuclei coverage

April 2009 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1microsoft23 CVE

Weakness × Vendor

What's spreading where in April 2009

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#7foolabs13 CVE
#8glyphandcog13 CVE
#13poppler10 CVE
#22mini-stream7 CVE
#24peterselie6 CVE
#25quickersite6 CVE
#26razorcms6 CVE
#27viart6 CVE
#28webbdomain6 CVE
#29china-on-site5 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle—
43 CVE3 critCVSS 5.5
PoC 1
application server (12) · database 10g (11) · database 11g (11)
2microsoft—
23 CVE12 critCVSS 8.3
KEV 1PoC 1
windows xp (8) · windows 2000 (6) · windows vista (6)
3apple—
20 CVE2 critCVSS 6.5
PoC 5
cups (13) · mac os x (6) · mac os x server (5)
4novell inc.—
19 CVE2 critCVSS 5.9
PoC 2
suse linux enterprise (13) · opensuse (6)
5ibm—
14 CVE2 critCVSS 6.2
PoC 3
websphere portal (3) · advanced management module (3) · bladecenter (2)
6mozilla—
14 CVE1 critCVSS 5.0
PoC 3
firefox (13) · seamonkey (10) · thunderbird (8)
7foolabs—
13 CVE1 critCVSS 6.0
NEW
xpdf (13)
8glyphandcog—
13 CVE1 critCVSS 6.0
NEW
xpdfreader (13)
9sun—
11 CVECVSS 4.5
PoC 3
opensolaris (4) · solaris (3) · openjdk (2)
10сообщество свободного программного обеспечения—
11 CVE2 critCVSS 6.4
PoC 2
debian gnu/linux (11)
11apache—
10 CVE1 critCVSS 4.8
PoC 3
struts (3) · geronimo (3) · mod jk (1)
12gentoo foundation inc.—
10 CVE1 critCVSS 6.2
PoC 4
gentoo linux (10)
13poppler—
10 CVECVSS 5.5
NEW
poppler (10)
14avaya—
9 CVE4 critCVSS 8.0
communication manager (9) · sip enablement services (4)
15hp—
9 CVE3 critCVSS 7.1
storageworks storage mirroring (3) · hp-ux (1) · openview network node manager (1)
16linux—
9 CVECVSS 5.5
PoC 2
linux kernel (9)
17cisco—
8 CVECVSS 6.4
pix (6) · adaptive security appliance 5500 (6) · ios (1)
18debian—
8 CVE2 critCVSS 7.2
PoC 1
debian linux (5) · advanced package tool (2) · apt (1)
19maven—
8 CVE1 critCVSS 5.7
PoC 3
org.apache.geronimo.plugins:console (3) · org.apache.struts:struts2-core (1) · org.apache.struts:struts2-dojo-plugin (1)
20vmware—
8 CVE1 critCVSS 6.1
PoC 1
ace (6) · workstation (5) · player (5)
21canonical—
7 CVE1 critCVSS 6.4
PoC 1
ubuntu linux (7)
22mini-stream—
7 CVE7 critCVSS 9.3
NEWPoC 7
wm downloader (1) · asx to mp3 converter (1) · easy rm to mp3 converter (1)
23symantec—
7 CVE4 critCVSS 7.9
PoC 1
endpoint protection (5) · antivirus (5) · client security (4)
24peterselie—
6 CVECVSS 5.8
NEWPoC 5
yourplace (6)
25quickersite—
6 CVECVSS 6.1
NEWPoC 2
quickersite (6)
26razorcms—
6 CVECVSS 5.7
NEWPoC 3
razorcms (6)
27viart—
6 CVECVSS 5.0
NEWPoC 2
viart shop (6)
28webbdomain—
6 CVECVSS 7.0
NEWPoC 6
petition (1) · polls (1) · post card (1)
29china-on-site—
5 CVE2 critCVSS 7.9
NEWPoC 5
flexphpdirectory (2) · flexphplink (2) · flexcustomer0.0.6 (1)
30clamav—
5 CVE1 critCVSS 7.1
NEW
clamav (5)
31gnu—
5 CVECVSS 4.7
PoC 2
gnutls (3) · gnu screen (1) · screen (1)
32lightneasy—
5 CVECVSS 5.9
NEWPoC 3
lightneasy (5)
33wireshark—
5 CVE2 critCVSS 6.9
PoC 1
wireshark (5)
34dnnsoftware—
4 CVECVSS 4.3
NEWPoC 1
dotnetnuke (4)
35drupal—
4 CVECVSS 4.3
cck comment reference (1) · feedapi mapper (1) · localization client (1)
36fedoraproject—
4 CVE1 critCVSS 6.0
PoC 1
fedora (4)
37ghostscript—
4 CVE2 critCVSS 7.8
NEWPoC 2
ghostscript (4)
38nortel—
4 CVE2 critCVSS 8.2
cs1000 (4)
39novell—
4 CVE1 critCVSS 5.3
teaming (2) · access manager (1) · netidentity client1.2.3 (1)
40opensuse—
4 CVECVSS 5.4
PoC 1
opensuse (4)
41red hat inc.—
4 CVE1 critCVSS 7.8
PoC 1
red hat enterprise linux (4)
42simple machines—
4 CVECVSS 6.0
NEWPoC 4
simple machines forum (4)
43sqlite—
4 CVECVSS 6.1
NEWPoC 2
sqlite (4)
44stalker-game—
4 CVE1 critCVSS 6.3
NEWPoC 2
s.t.a.l.k.e.r.\ (4)
45typo3—
4 CVECVSS 6.3
NEW
nd antispam (1) · pmk rssnewsexport extension (1) · tjs reslib (1)
46abweb—
3 CVECVSS 7.3
NEWPoC 3
minimal-ablog (2) · minimal ablog (1)
47bluevirus-design—
3 CVECVSS 6.4
NEWPoC 3
sma-db (3)
48ezbsystems—
3 CVE3 critCVSS 9.3
NEWPoC 1
ultraiso (3)
49glfusion—
3 CVECVSS 6.2
NEWPoC 2
glfusion (3)
50google—
3 CVECVSS 5.5
PoC 1
chrome (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	43	3	·	·	PoC 1	application server (12) · database 10g (11) · database 11g (11)	—
2	microsoft	23	12	1	·	KEV 1PoC 1	windows xp (8) · windows 2000 (6) · windows vista (6)	—
3	apple	20	2	·	·	PoC 5	cups (13) · mac os x (6) · mac os x server (5)	—
4	novell inc.	19	2	·	·	PoC 2	suse linux enterprise (13) · opensuse (6)	—
5	ibm	14	2	·	·	PoC 3	websphere portal (3) · advanced management module (3) · bladecenter (2)	—
6	mozilla	14	1	·	·	PoC 3	firefox (13) · seamonkey (10) · thunderbird (8)	—
7	foolabs	13	1	·	·	NEW	xpdf (13)	—
8	glyphandcog	13	1	·	·	NEW	xpdfreader (13)	—
9	sun	11	·	·	·	PoC 3	opensolaris (4) · solaris (3) · openjdk (2)	—
10	сообщество свободного программного обеспечения	11	2	·	·	PoC 2	debian gnu/linux (11)	—
11	apache	10	1	·	·	PoC 3	struts (3) · geronimo (3) · mod jk (1)	—
12	gentoo foundation inc.	10	1	·	·	PoC 4	gentoo linux (10)	—
13	poppler	10	·	·	·	NEW	poppler (10)	—
14	avaya	9	4	·	·		communication manager (9) · sip enablement services (4)	—
15	hp	9	3	·	·		storageworks storage mirroring (3) · hp-ux (1) · openview network node manager (1)	—
16	linux	9	·	·	·	PoC 2	linux kernel (9)	—
17	cisco	8	·	·	·		pix (6) · adaptive security appliance 5500 (6) · ios (1)	—
18	debian	8	2	·	·	PoC 1	debian linux (5) · advanced package tool (2) · apt (1)	—
19	maven	8	1	·	·	PoC 3	org.apache.geronimo.plugins:console (3) · org.apache.struts:struts2-core (1) · org.apache.struts:struts2-dojo-plugin (1)	—
20	vmware	8	1	·	·	PoC 1	ace (6) · workstation (5) · player (5)	—
21	canonical	7	1	·	·	PoC 1	ubuntu linux (7)	—
22	mini-stream	7	7	·	·	NEWPoC 7	wm downloader (1) · asx to mp3 converter (1) · easy rm to mp3 converter (1)	—
23	symantec	7	4	·	·	PoC 1	endpoint protection (5) · antivirus (5) · client security (4)	—
24	peterselie	6	·	·	·	NEWPoC 5	yourplace (6)	—
25	quickersite	6	·	·	·	NEWPoC 2	quickersite (6)	—
26	razorcms	6	·	·	·	NEWPoC 3	razorcms (6)	—
27	viart	6	·	·	·	NEWPoC 2	viart shop (6)	—
28	webbdomain	6	·	·	·	NEWPoC 6	petition (1) · polls (1) · post card (1)	—
29	china-on-site	5	2	·	·	NEWPoC 5	flexphpdirectory (2) · flexphplink (2) · flexcustomer0.0.6 (1)	—
30	clamav	5	1	·	·	NEW	clamav (5)	—
31	gnu	5	·	·	·	PoC 2	gnutls (3) · gnu screen (1) · screen (1)	—
32	lightneasy	5	·	·	·	NEWPoC 3	lightneasy (5)	—
33	wireshark	5	2	·	·	PoC 1	wireshark (5)	—
34	dnnsoftware	4	·	·	·	NEWPoC 1	dotnetnuke (4)	—
35	drupal	4	·	·	·		cck comment reference (1) · feedapi mapper (1) · localization client (1)	—
36	fedoraproject	4	1	·	·	PoC 1	fedora (4)	—
37	ghostscript	4	2	·	·	NEWPoC 2	ghostscript (4)	—
38	nortel	4	2	·	·		cs1000 (4)	—
39	novell	4	1	·	·		teaming (2) · access manager (1) · netidentity client1.2.3 (1)	—
40	opensuse	4	·	·	·	PoC 1	opensuse (4)	—
41	red hat inc.	4	1	·	·	PoC 1	red hat enterprise linux (4)	—
42	simple machines	4	·	·	·	NEWPoC 4	simple machines forum (4)	—
43	sqlite	4	·	·	·	NEWPoC 2	sqlite (4)	—
44	stalker-game	4	1	·	·	NEWPoC 2	s.t.a.l.k.e.r.\ (4)	—
45	typo3	4	·	·	·	NEW	nd antispam (1) · pmk rssnewsexport extension (1) · tjs reslib (1)	—
46	abweb	3	·	·	·	NEWPoC 3	minimal-ablog (2) · minimal ablog (1)	—
47	bluevirus-design	3	·	·	·	NEWPoC 3	sma-db (3)	—
48	ezbsystems	3	3	·	·	NEWPoC 1	ultraiso (3)	—
49	glfusion	3	·	·	·	NEWPoC 2	glfusion (3)	—
50	google	3	·	·	·	PoC 1	chrome (3)	—