month report

November 2009

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

November 2009 closed with 311 published CVEs. 66 criticals, sun led volume, mostly via jre. Top weakness class — CWE-79 (46 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

311

— MoM— YoY

Severity mix

66 / 69

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

0.6%

2 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

5953.1

n=2

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

4495

n=1

Detection gap

KEV pressure, no Nuclei coverage

November 2009 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1microsoft20 CVE

Weakness × Vendor

What's spreading where in November 2009

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#19pear4 CVE
#21telepark4 CVE
#25cutephp3 CVE
#27frontaccounting3 CVE
#28gforge3 CVE
#30simplog3 CVE
#32tftgallery3 CVE
#34cubecart2 CVE
#35dag.wieers2 CVE
#36dnnsoftware2 CVE

Top vendors

Ranked by distinct CVE count this period.

1sun—
32 CVE10 critCVSS 7.1
jre (23) · jdk (15) · sdk (10)
2apple—
29 CVE2 critCVSS 6.2
mac os x (22) · mac os x server (22) · safari (4)
3microsoft—
20 CVE11 critCVSS 8.6
KEV 1PoC 1
office (9) · open xml file format converter (9) · excel (8)
4linux—
12 CVECVSS 6.5
PoC 3
linux kernel (12) · kernel (1)
5ibm—
9 CVE5 critCVSS 7.9
PoC 1
tivoli storage manager (3) · lotus notes intellisync (1) · powerha (1)
6typo3—
9 CVECVSS 5.3
typo3 (9)
7hp—
7 CVE4 critCVSS 7.9
PoC 1
openview network node manager (2) · discovery\&dependency mapping inventory (1) · nonstop server (1)
8packagist—
7 CVECVSS 5.3
typo3/cms-backend (4) · typo3/cms (1) · typo3/cms-core (1)
9canonical—
6 CVE1 critCVSS 7.6
PoC 3
ubuntu linux (6)
10debian—
5 CVE1 critCVSS 7.3
PoC 2
debian linux (5)
11php—
5 CVECVSS 6.4
PoC 1
php (5)
12adobe—
4 CVE4 critCVSS 9.3
shockwave player (4)
13fedoraproject—
4 CVE1 critCVSS 7.8
PoC 1
fedora (4)
14google—
4 CVE2 critCVSS 7.4
chrome (4)
15mozilla—
4 CVE2 critCVSS 7.1
PoC 1
firefox (2) · bugzilla (1) · nss (1)
16mysql—
4 CVECVSS 5.3
PoC 1
mysql (4)
17opensuse—
4 CVECVSS 7.0
PoC 1
opensuse (4)
18oracle—
4 CVECVSS 5.3
PoC 1
mysql (4)
19pear—
4 CVE2 critCVSS 8.6
NEWPoC 1
pear (3) · mail (1)
20redhat—
4 CVECVSS 7.1
PoC 1
enterprise linux server (3) · enterprise linux desktop (3) · enterprise linux eus (3)
21telepark—
4 CVECVSS 5.9
NEWPoC 3
telepark.wiki (4)
22vmware—
4 CVECVSS 6.5
esx (4) · server (2) · esxi (2)
23apache—
3 CVE1 critCVSS 7.4
PoC 2
http server (2) · tomcat (1)
24autodesk—
3 CVE3 critCVSS 9.3
PoC 1
3ds max (1) · alias wavefront maya (1) · autodesk maya (1)
25cutephp—
3 CVECVSS 5.5
NEWPoC 1
cutenews (3)
26f5—
3 CVE1 critCVSS 6.6
PoC 2
nginx (3)
27frontaccounting—
3 CVECVSS 7.5
NEW
frontaccounting (3)
28gforge—
3 CVECVSS 5.4
NEW
gforge (3)
29novell—
3 CVECVSS 5.7
PoC 1
edirectory (1) · groupwise (1) · linux desktop (1)
30simplog—
3 CVECVSS 5.4
NEWPoC 3
simplog (3)
31suse—
3 CVECVSS 7.1
PoC 1
linux enterprise desktop (2) · linux enterprise server (2) · suse linux enterprise desktop (1)
32tftgallery—
3 CVECVSS 4.5
NEWPoC 1
tftgallery (3)
33cacti—
2 CVE1 critCVSS 6.7
PoC 1
cacti (2)
34cubecart—
2 CVECVSS 7.5
NEW
cubecart (2)
35dag.wieers—
2 CVECVSS 4.4
NEW
dstat (2)
36dnnsoftware—
2 CVECVSS 4.7
NEW
dotnetnuke (2)
37e107—
2 CVECVSS 5.9
e107 (2)
38ecouriersoftware—
2 CVECVSS 4.3
NEWPoC 1
e-courirer cms (2)
39ezra barnett gildesgame—
2 CVECVSS 4.2
NEW
og subgroups (1) · smartqueue og (1)
40gimp—
2 CVE2 critCVSS 9.3
NEW
gimp (2)
41gnu—
2 CVE1 critCVSS 8.3
PoC 1
gnutls (1) · libtool (1)
42joomla—
2 CVECVSS 5.3
joomla\! (2)
43mahara—
2 CVECVSS 5.4
NEW
mahara (2)
44martin lambers—
2 CVECVSS 5.7
NEW
mpop (1) · msmtp (1)
45mcafee—
2 CVECVSS 4.3
NEWPoC 1
intrushield network security manager (2)
46nginx—
2 CVECVSS 5.0
NEWPoC 1
nginx (2)
47novell inc.—
2 CVECVSS 7.2
PoC 1
opensuse (2)
48opera—
2 CVE1 critCVSS 7.9
opera browser (2)
49philippe jounin—
2 CVECVSS 4.7
NEWPoC 1
tftpd32 (2)
50poppler—
2 CVECVSS 6.8
NEWPoC 1
poppler (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	sun	32	10	·	·		jre (23) · jdk (15) · sdk (10)	—
2	apple	29	2	·	·		mac os x (22) · mac os x server (22) · safari (4)	—
3	microsoft	20	11	1	·	KEV 1PoC 1	office (9) · open xml file format converter (9) · excel (8)	—
4	linux	12	·	·	·	PoC 3	linux kernel (12) · kernel (1)	—
5	ibm	9	5	·	·	PoC 1	tivoli storage manager (3) · lotus notes intellisync (1) · powerha (1)	—
6	typo3	9	·	·	·		typo3 (9)	—
7	hp	7	4	·	·	PoC 1	openview network node manager (2) · discovery\&dependency mapping inventory (1) · nonstop server (1)	—
8	packagist	7	·	·	·		typo3/cms-backend (4) · typo3/cms (1) · typo3/cms-core (1)	—
9	canonical	6	1	·	·	PoC 3	ubuntu linux (6)	—
10	debian	5	1	·	·	PoC 2	debian linux (5)	—
11	php	5	·	·	·	PoC 1	php (5)	—
12	adobe	4	4	·	·		shockwave player (4)	—
13	fedoraproject	4	1	·	·	PoC 1	fedora (4)	—
14	google	4	2	·	·		chrome (4)	—
15	mozilla	4	2	·	·	PoC 1	firefox (2) · bugzilla (1) · nss (1)	—
16	mysql	4	·	·	·	PoC 1	mysql (4)	—
17	opensuse	4	·	·	·	PoC 1	opensuse (4)	—
18	oracle	4	·	·	·	PoC 1	mysql (4)	—
19	pear	4	2	·	·	NEWPoC 1	pear (3) · mail (1)	—
20	redhat	4	·	·	·	PoC 1	enterprise linux server (3) · enterprise linux desktop (3) · enterprise linux eus (3)	—
21	telepark	4	·	·	·	NEWPoC 3	telepark.wiki (4)	—
22	vmware	4	·	·	·		esx (4) · server (2) · esxi (2)	—
23	apache	3	1	·	·	PoC 2	http server (2) · tomcat (1)	—
24	autodesk	3	3	·	·	PoC 1	3ds max (1) · alias wavefront maya (1) · autodesk maya (1)	—
25	cutephp	3	·	·	·	NEWPoC 1	cutenews (3)	—
26	f5	3	1	·	·	PoC 2	nginx (3)	—
27	frontaccounting	3	·	·	·	NEW	frontaccounting (3)	—
28	gforge	3	·	·	·	NEW	gforge (3)	—
29	novell	3	·	·	·	PoC 1	edirectory (1) · groupwise (1) · linux desktop (1)	—
30	simplog	3	·	·	·	NEWPoC 3	simplog (3)	—
31	suse	3	·	·	·	PoC 1	linux enterprise desktop (2) · linux enterprise server (2) · suse linux enterprise desktop (1)	—
32	tftgallery	3	·	·	·	NEWPoC 1	tftgallery (3)	—
33	cacti	2	1	·	·	PoC 1	cacti (2)	—
34	cubecart	2	·	·	·	NEW	cubecart (2)	—
35	dag.wieers	2	·	·	·	NEW	dstat (2)	—
36	dnnsoftware	2	·	·	·	NEW	dotnetnuke (2)	—
37	e107	2	·	·	·		e107 (2)	—
38	ecouriersoftware	2	·	·	·	NEWPoC 1	e-courirer cms (2)	—
39	ezra barnett gildesgame	2	·	·	·	NEW	og subgroups (1) · smartqueue og (1)	—
40	gimp	2	2	·	·	NEW	gimp (2)	—
41	gnu	2	1	·	·	PoC 1	gnutls (1) · libtool (1)	—
42	joomla	2	·	·	·		joomla\! (2)	—
43	mahara	2	·	·	·	NEW	mahara (2)	—
44	martin lambers	2	·	·	·	NEW	mpop (1) · msmtp (1)	—
45	mcafee	2	·	·	·	NEWPoC 1	intrushield network security manager (2)	—
46	nginx	2	·	·	·	NEWPoC 1	nginx (2)	—
47	novell inc.	2	·	·	·	PoC 1	opensuse (2)	—
48	opera	2	1	·	·		opera browser (2)	—
49	philippe jounin	2	·	·	·	NEWPoC 1	tftpd32 (2)	—
50	poppler	2	·	·	·	NEWPoC 1	poppler (2)	—