month report

September 2012

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

September 2012 closed with 655 published CVEs. 76 criticals, apple led volume, mostly via itunes. Biggest breakout: libav at ×23.0 their 12-month median. Top weakness class — CWE-79 (113 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

655

— MoM— YoY

Severity mix

76 / 83

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

2.1%

14 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

4918.3

n=14

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

3547

n=2

Detection gap

KEV pressure, no Nuclei coverage

September 2012 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1microsoft9 CVE
KEV 1adobe7 CVE

Weakness × Vendor

What's spreading where in September 2012

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS 119Memory Buffer Bounds 264CWE-264 89SQL Injection 352CSRF 399CWE-399 200Information Exposure 20Improper Input Validation 22Path Traversal 310CWE-310 apple 1 12 11 3 6 1 4 google 5 8 4 7 2 3 2 ffmpeg 1 1 cisco 3 1 11 1 4 ibm 3 1 1 3 1 2 1 2 1 libav 1 opensuse 1 6 4 2 packagist 5 2 2 joomla 4 1 2 1 hp 2 1 owncloud 4 1 3 1 silverstripe 2 2 3 1 1 1

Breakout vendors

CVE count ≥3× their own 12-period median.

23.0×libav23 CVE
14.0×opensuse14 CVE
9.7×ffmpeg29 CVE
6.0×moodle6 CVE
6.0×realnetworks6 CVE
5.0×wordpress5 CVE
4.0×joomla12 CVE
3.7×packagist13 CVE
3.0×cybozu3 CVE
3.0×openstack3 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#11owncloud11 CVE
#12silverstripe10 CVE
#16trevor mckay8 CVE
#18cyberlink7 CVE
#23moodle6 CVE
#25siemens6 CVE
#27condor project5 CVE
#28wikkawiki5 CVE
#31flatnux4 CVE
#32gentoo4 CVE

Top vendors

Ranked by distinct CVE count this period.

1apple—
87 CVE6 critCVSS 6.2
itunes (51) · iphone os (32) · mac os x (8)
2google—
35 CVE1 critCVSS 6.0
PoC 1
chrome (33) · mod pagespeed (2)
3ffmpeg—
29 CVE28 critCVSS 9.8
×9.7
ffmpeg (29)
4cisco—
28 CVE2 critCVSS 6.4
ios (14) · ios xe (4) · intrusion prevention system (2)
5ibm—
23 CVE3 critCVSS 5.8
maximo service desk (10) · smartcloud control desk (10) · tivoli asset management for it (10)
6libav—
23 CVE23 critCVSS 10.0
×23.0
libav (23)
7opensuse—
14 CVECVSS 6.6
×14.0
opensuse (14)
8packagist—
13 CVECVSS 4.8
×3.7PoC 1
typo3/cms (9) · matomo/matomo (1) · piwik/piwik (1)
9joomla—
12 CVECVSS 5.2
×4.0PoC 1
joomla\! (11) · com weblinks (1)
10hp—
11 CVE6 critCVSS 8.0
sitescope (6) · business availability center (3) · network node manager i (1)
11owncloud—
11 CVECVSS 5.4
NEWPoC 4
owncloud server (11) · owncloud (10)
12silverstripe—
10 CVECVSS 5.7
NEWPoC 2
silverstripe (10)
13microsoft—
9 CVE4 critCVSS 7.4
KEV 1
internet explorer (5) · system center configuration manager (1) · systems management server (1)
14typo3—
9 CVECVSS 4.3
typo3 (9)
15redhat—
8 CVECVSS 5.4
PoC 2
enterprise mrg (8)
16trevor mckay—
8 CVECVSS 5.4
NEWPoC 2
cumin (8)
17adobe—
7 CVE1 critCVSS 7.7
KEV 1
audition (1) · coldfusion (1) · device central cs4 (1)
18cyberlink—
7 CVE1 critCVSS 7.2
NEWPoC 1
power2go (2) · powerdirector (2) · labelprint (1)
19novell—
7 CVE3 critCVSS 6.7
groupwise (7)
20debian—
6 CVECVSS 4.7
PoC 1
debian linux (6)
21gentoo foundation inc.—
6 CVECVSS 4.8
PoC 2
gentoo linux (6)
22mediawiki—
6 CVECVSS 5.5
PoC 1
mediawiki (6)
23moodle—
6 CVECVSS 4.7
NEW×6.0
moodle (6)
24realnetworks—
6 CVECVSS 7.2
×6.0
realplayer sp (6) · realplayer (5)
25siemens—
6 CVECVSS 5.0
NEW
wincc (5) · simatic pcs7 (5) · simatic s7-1200 cpu 1212c firmware (1)
26apache—
5 CVECVSS 5.1
struts (2) · cxf (1) · wicket (1)
27condor project—
5 CVE2 critCVSS 7.2
NEW
condor (5)
28wikkawiki—
5 CVECVSS 6.4
NEWPoC 2
wikkawiki (5)
29wordpress—
5 CVECVSS 5.0
×5.0Nuclei 3PoC 2
wordpress (4) · lanoba social plugin (1)
30cisco systems inc.—
4 CVECVSS 7.7
cisco ios (4) · cisco ios xe (1) · unified communications manager (1)
31flatnux—
4 CVECVSS 5.1
NEWNuclei 1PoC 1
flatnux (4)
32gentoo—
4 CVECVSS 6.1
NEW
webmin (4)
33mozilla—
4 CVECVSS 3.8
PoC 1
bugzilla (2) · firefox (2)
34pypi—
4 CVECVSS 4.7
keystone (2) · beaker (1) · moin (1)
35acdsee—
3 CVECVSS 6.7
NEW
fotoslate (1) · photo editor 2008 (1) · picture frame manager (1)
36altova—
3 CVECVSS 6.9
NEW
databasespy 2011 (1) · diffdog 2011 (1) · mapforce (1)
37bananadance—
3 CVECVSS 6.4
NEWPoC 2
banana dance (3)
38canonical—
3 CVECVSS 5.5
ubuntu linux (3)
39cybozu—
3 CVE1 critCVSS 6.0
×3.0
kunai (2) · kunai browser for remote service (1)
40dell—
3 CVECVSS 5.5
PoC 1
crowbar (2) · sonicwall viewpoint (1)
41limesurvey—
3 CVECVSS 6.1
NEWPoC 1
limesurvey (3)
42maven—
3 CVECVSS 5.4
org.apache.cxf:cxf (1) · org.apache.struts:struts2-core (1) · org.apache.struts.xwork:xwork-core (1)
43open-emr—
3 CVECVSS 6.2
NEWPoC 3
openemr (3)
44openstack—
3 CVECVSS 4.6
NEW×3.0
horizon (2) · keystone (1) · essex (1)
45osclass—
3 CVECVSS 6.1
NEW
osclass (3)
46pkp—
3 CVECVSS 5.6
NEWPoC 1
open journal systems (3)
47public knowledge project—
3 CVECVSS 6.8
NEWPoC 3
open conference systems (1) · open harvester systems (1) · open journal systems (1)
48scott wheeler—
3 CVECVSS 4.3
NEWPoC 2
taglib (3)
49sony—
3 CVECVSS 6.9
NEW
dvd architect pro (1) · dvd architect studio (1) · moviez hd (1)
503ds—
2 CVECVSS 6.9
NEW
3dvia composer (1) · 3d xml player (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	apple	87	6	·	·		itunes (51) · iphone os (32) · mac os x (8)	—
2	google	35	1	·	·	PoC 1	chrome (33) · mod pagespeed (2)	—
3	ffmpeg	29	28	·	·	×9.7	ffmpeg (29)	—
4	cisco	28	2	·	·		ios (14) · ios xe (4) · intrusion prevention system (2)	—
5	ibm	23	3	·	·		maximo service desk (10) · smartcloud control desk (10) · tivoli asset management for it (10)	—
6	libav	23	23	·	·	×23.0	libav (23)	—
7	opensuse	14	·	·	·	×14.0	opensuse (14)	—
8	packagist	13	·	·	·	×3.7PoC 1	typo3/cms (9) · matomo/matomo (1) · piwik/piwik (1)	—
9	joomla	12	·	·	·	×4.0PoC 1	joomla\! (11) · com weblinks (1)	—
10	hp	11	6	·	·		sitescope (6) · business availability center (3) · network node manager i (1)	—
11	owncloud	11	·	·	·	NEWPoC 4	owncloud server (11) · owncloud (10)	—
12	silverstripe	10	·	·	·	NEWPoC 2	silverstripe (10)	—
13	microsoft	9	4	1	·	KEV 1	internet explorer (5) · system center configuration manager (1) · systems management server (1)	—
14	typo3	9	·	·	·		typo3 (9)	—
15	redhat	8	·	·	·	PoC 2	enterprise mrg (8)	—
16	trevor mckay	8	·	·	·	NEWPoC 2	cumin (8)	—
17	adobe	7	1	1	·	KEV 1	audition (1) · coldfusion (1) · device central cs4 (1)	—
18	cyberlink	7	1	·	·	NEWPoC 1	power2go (2) · powerdirector (2) · labelprint (1)	—
19	novell	7	3	·	·		groupwise (7)	—
20	debian	6	·	·	·	PoC 1	debian linux (6)	—
21	gentoo foundation inc.	6	·	·	·	PoC 2	gentoo linux (6)	—
22	mediawiki	6	·	·	·	PoC 1	mediawiki (6)	—
23	moodle	6	·	·	·	NEW×6.0	moodle (6)	—
24	realnetworks	6	·	·	·	×6.0	realplayer sp (6) · realplayer (5)	—
25	siemens	6	·	·	·	NEW	wincc (5) · simatic pcs7 (5) · simatic s7-1200 cpu 1212c firmware (1)	—
26	apache	5	·	·	·		struts (2) · cxf (1) · wicket (1)	—
27	condor project	5	2	·	·	NEW	condor (5)	—
28	wikkawiki	5	·	·	·	NEWPoC 2	wikkawiki (5)	—
29	wordpress	5	·	·	3	×5.0Nuclei 3PoC 2	wordpress (4) · lanoba social plugin (1)	—
30	cisco systems inc.	4	·	·	·		cisco ios (4) · cisco ios xe (1) · unified communications manager (1)	—
31	flatnux	4	·	·	1	NEWNuclei 1PoC 1	flatnux (4)	—
32	gentoo	4	·	·	·	NEW	webmin (4)	—
33	mozilla	4	·	·	·	PoC 1	bugzilla (2) · firefox (2)	—
34	pypi	4	·	·	·		keystone (2) · beaker (1) · moin (1)	—
35	acdsee	3	·	·	·	NEW	fotoslate (1) · photo editor 2008 (1) · picture frame manager (1)	—
36	altova	3	·	·	·	NEW	databasespy 2011 (1) · diffdog 2011 (1) · mapforce (1)	—
37	bananadance	3	·	·	·	NEWPoC 2	banana dance (3)	—
38	canonical	3	·	·	·		ubuntu linux (3)	—
39	cybozu	3	1	·	·	×3.0	kunai (2) · kunai browser for remote service (1)	—
40	dell	3	·	·	·	PoC 1	crowbar (2) · sonicwall viewpoint (1)	—
41	limesurvey	3	·	·	·	NEWPoC 1	limesurvey (3)	—
42	maven	3	·	·	·		org.apache.cxf:cxf (1) · org.apache.struts:struts2-core (1) · org.apache.struts.xwork:xwork-core (1)	—
43	open-emr	3	·	·	·	NEWPoC 3	openemr (3)	—
44	openstack	3	·	·	·	NEW×3.0	horizon (2) · keystone (1) · essex (1)	—
45	osclass	3	·	·	·	NEW	osclass (3)	—
46	pkp	3	·	·	·	NEWPoC 1	open journal systems (3)	—
47	public knowledge project	3	·	·	·	NEWPoC 3	open conference systems (1) · open harvester systems (1) · open journal systems (1)	—
48	scott wheeler	3	·	·	·	NEWPoC 2	taglib (3)	—
49	sony	3	·	·	·	NEW	dvd architect pro (1) · dvd architect studio (1) · moviez hd (1)	—
50	3ds	2	·	·	·	NEW	3dvia composer (1) · 3d xml player (1)	—