month report

September 2013

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

September 2013 closed with 475 published CVEs — -27.5% YoY . 91 criticals, cisco led volume, mostly via unified computing system. Biggest breakout: apple at ×27.0 their 12-month median. Top weakness class — CWE-119 (120 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

475

— MoM-27.5% YoY

Severity mix

91 / 56

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

3.2%

15 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

4558.4

n=15

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

3731

n=2

Detection gap

KEV pressure, no Nuclei coverage

September 2013 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1microsoft48 CVE
KEV 1hp12 CVE

Weakness × Vendor

What's spreading where in September 2013

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

119Memory Buffer Bounds 20Improper Input Validation 264CWE-264 79XSS 200Information Exposure 399CWE-399 310CWE-310 255CWE-255 287Improper Authentication 94Code Injection cisco 9 22 5 7 3 2 3 2 4 apple 20 6 15 4 3 microsoft 35 4 1 2 2 2 1 ibm 2 3 4 4 1 2 2 2 1 redhat 4 2 4 2 1 3 1 mozilla 10 2 2 1 1 3 linux 8 4 1 2 1 open-xchange 1 1 4 2 1 3 1 2 adobe 12 1 pypi 1 1 5 1 1 1 2 hp 2 1 1 2 trivantis 2 1 4

Breakout vendors

CVE count ≥3× their own 12-period median.

27.0×apple54 CVE
5.3×microsoft48 CVE
5.2×cisco62 CVE
4.7×pypi14 CVE
4.5×citrix9 CVE
4.0×freebsd4 CVE
3.0×сообщество свободного программного обеспечения6 CVE
3.0×libtiff3 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#8open-xchange17 CVE
#12trivantis10 CVE
#20dahuasecurity5 CVE
#31graphite project3 CVE
#32libtiff3 CVE
#33sophos3 CVE
#34supermicro3 CVE
#37click2sell2 CVE
#42gomlab2 CVE
#45indianic2 CVE

Top vendors

Ranked by distinct CVE count this period.

1cisco—
62 CVE6 critCVSS 6.2
×5.2PoC 1
unified computing system (17) · ios (10) · ios xe (4)
2apple—
54 CVE2 critCVSS 5.8
×27.0
iphone os (44) · mac os x (11) · itunes (8)
3microsoft—
48 CVE30 critCVSS 8.0
×5.3KEV 1PoC 2
word (13) · word viewer (11) · internet explorer (11)
4ibm—
24 CVE2 critCVSS 4.9
rational requirements composer (4) · spss analytical decision management (4) · data studio web console (3)
5redhat—
22 CVE1 critCVSS 4.5
PoC 5
libvirt (10) · openstack (3) · enterprise linux (3)
6mozilla—
19 CVE9 critCVSS 7.7
firefox (19) · seamonkey (16) · thunderbird (15)
7linux—
17 CVECVSS 4.9
PoC 1
linux kernel (17)
8open-xchange—
17 CVECVSS 4.4
NEWPoC 3
open-xchange server (11) · open-xchange appsuite (10)
9adobe—
15 CVE15 critCVSS 10.0
acrobat reader (8) · acrobat (8) · air sdk (4)
10pypi—
14 CVECVSS 4.0
×4.7PoC 1
nova (3) · ansible (2) · cinder (2)
11hp—
12 CVE4 critCVSS 5.9
KEV 1PoC 1
procurve manager (5) · identity driven manager (4) · icewall sso agent option (4)
12trivantis—
10 CVE1 critCVSS 6.2
NEW
coursemill learning management system (10)
13citrix—
9 CVE8 critCVSS 9.7
×4.5
cloudportal services manager (8) · xenclient xt (1)
14canonical—
7 CVECVSS 5.4
ubuntu linux (7)
15maven—
7 CVE1 critCVSS 6.0
org.apache.struts:struts2-core (2) · org.owasp.esapi:esapi (2) · org.apache.struts:struts2-rest-plugin (1)
16openstack—
7 CVECVSS 4.5
cinder (2) · compute (2) · keystone (2)
17debian—
6 CVECVSS 5.4
PoC 1
debian linux (4) · phpbb3 (1) · txt2man (1)
18wireshark—
6 CVECVSS 4.4
PoC 1
wireshark (6)
19сообщество свободного программного обеспечения—
6 CVECVSS 5.7
×3.0PoC 1
debian gnu/linux (4) · linux (2)
20dahuasecurity—
5 CVE3 critCVSS 9.0
NEW
dvr0404hd-a (5) · dvr0404hd-l (5) · dvr0404hd-s (5)
21gentoo foundation inc.—
5 CVECVSS 4.9
PoC 1
gentoo linux (5)
22wordpress—
5 CVECVSS 5.3
Nuclei 5PoC 3
wordpress (5)
23eucalyptus—
4 CVECVSS 5.3
eucalyptus (3) · eustore (1)
24freebsd—
4 CVECVSS 5.1
×4.0
freebsd (4)
25moodle—
4 CVECVSS 6.3
PoC 1
moodle (4)
26opensuse—
4 CVECVSS 4.0
opensuse (4)
27red hat inc.—
4 CVECVSS 6.8
red hat enterprise linux (4)
28apache—
3 CVE1 critCVSS 6.4
struts (2) · subversion (1)
29cisco systems inc.—
3 CVECVSS 7.8
cisco ios (3)
30fedoraproject—
3 CVECVSS 5.5
fedora (2) · 389 directory server (1)
31graphite project—
3 CVECVSS 6.0
NEWPoC 1
graphite (3)
32libtiff—
3 CVECVSS 6.8
NEW×3.0
libtiff (3)
33sophos—
3 CVE2 critCVSS 9.1
NEWPoC 1
unified threat management software (1) · web appliance (1) · web appliance firmware (1)
34supermicro—
3 CVE3 critCVSS 10.0
NEW
h8dcl-6f (3) · h8dcl-if (3) · h8dct-hibqf (3)
35vmware—
3 CVE1 critCVSS 7.1
esx (3) · esxi (3)
36apache software foundation—
2 CVE1 critCVSS 7.9
struts (2)
37click2sell—
2 CVECVSS 5.5
NEW
click2sell suite module (2)
38digium—
2 CVECVSS 5.0
asterisk (2) · certified asterisk (2) · asterisk digiumphones (1)
39djangoproject—
2 CVECVSS 5.0
django (2)
40dlink—
2 CVECVSS 6.3
dwl-2100ap firmware (1) · des-3810 (1) · des-3810 firmware (1)
41emc—
2 CVECVSS 5.9
rsa archer egrc (2)
42gomlab—
2 CVE1 critCVSS 7.2
NEWPoC 1
gom player (2)
43google—
2 CVECVSS 6.9
android (2)
44ibm corp.—
2 CVE1 critCVSS 7.9
ibm call center for commerce (2)
45indianic—
2 CVECVSS 7.2
NEWNuclei 2PoC 2
testimonial plugin (2)
46juniper—
2 CVECVSS 5.0
NEW
ive os (1) · junos pulse access control service (1) · junos pulse secure access service (1)
47konstanty bialkowski—
2 CVECVSS 6.8
PoC 1
libmodplug (2)
48motorola—
2 CVECVSS 6.9
NEW
defy xt (2)
49oracle corp.—
2 CVE1 critCVSS 7.9
mysql enterprise monitor (2) · oracle flexcube private banking (2) · webcenter sites (2)
50owasp—
2 CVECVSS 4.2
NEW
enterprise security api (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	cisco	62	6	·	·	×5.2PoC 1	unified computing system (17) · ios (10) · ios xe (4)	—
2	apple	54	2	·	·	×27.0	iphone os (44) · mac os x (11) · itunes (8)	—
3	microsoft	48	30	1	·	×5.3KEV 1PoC 2	word (13) · word viewer (11) · internet explorer (11)	—
4	ibm	24	2	·	·		rational requirements composer (4) · spss analytical decision management (4) · data studio web console (3)	—
5	redhat	22	1	·	·	PoC 5	libvirt (10) · openstack (3) · enterprise linux (3)	—
6	mozilla	19	9	·	·		firefox (19) · seamonkey (16) · thunderbird (15)	—
7	linux	17	·	·	·	PoC 1	linux kernel (17)	—
8	open-xchange	17	·	·	·	NEWPoC 3	open-xchange server (11) · open-xchange appsuite (10)	—
9	adobe	15	15	·	·		acrobat reader (8) · acrobat (8) · air sdk (4)	—
10	pypi	14	·	·	·	×4.7PoC 1	nova (3) · ansible (2) · cinder (2)	—
11	hp	12	4	1	·	KEV 1PoC 1	procurve manager (5) · identity driven manager (4) · icewall sso agent option (4)	—
12	trivantis	10	1	·	·	NEW	coursemill learning management system (10)	—
13	citrix	9	8	·	·	×4.5	cloudportal services manager (8) · xenclient xt (1)	—
14	canonical	7	·	·	·		ubuntu linux (7)	—
15	maven	7	1	·	·		org.apache.struts:struts2-core (2) · org.owasp.esapi:esapi (2) · org.apache.struts:struts2-rest-plugin (1)	—
16	openstack	7	·	·	·		cinder (2) · compute (2) · keystone (2)	—
17	debian	6	·	·	·	PoC 1	debian linux (4) · phpbb3 (1) · txt2man (1)	—
18	wireshark	6	·	·	·	PoC 1	wireshark (6)	—
19	сообщество свободного программного обеспечения	6	·	·	·	×3.0PoC 1	debian gnu/linux (4) · linux (2)	—
20	dahuasecurity	5	3	·	·	NEW	dvr0404hd-a (5) · dvr0404hd-l (5) · dvr0404hd-s (5)	—
21	gentoo foundation inc.	5	·	·	·	PoC 1	gentoo linux (5)	—
22	wordpress	5	·	·	5	Nuclei 5PoC 3	wordpress (5)	—
23	eucalyptus	4	·	·	·		eucalyptus (3) · eustore (1)	—
24	freebsd	4	·	·	·	×4.0	freebsd (4)	—
25	moodle	4	·	·	·	PoC 1	moodle (4)	—
26	opensuse	4	·	·	·		opensuse (4)	—
27	red hat inc.	4	·	·	·		red hat enterprise linux (4)	—
28	apache	3	1	·	·		struts (2) · subversion (1)	—
29	cisco systems inc.	3	·	·	·		cisco ios (3)	—
30	fedoraproject	3	·	·	·		fedora (2) · 389 directory server (1)	—
31	graphite project	3	·	·	·	NEWPoC 1	graphite (3)	—
32	libtiff	3	·	·	·	NEW×3.0	libtiff (3)	—
33	sophos	3	2	·	·	NEWPoC 1	unified threat management software (1) · web appliance (1) · web appliance firmware (1)	—
34	supermicro	3	3	·	·	NEW	h8dcl-6f (3) · h8dcl-if (3) · h8dct-hibqf (3)	—
35	vmware	3	1	·	·		esx (3) · esxi (3)	—
36	apache software foundation	2	1	·	·		struts (2)	—
37	click2sell	2	·	·	·	NEW	click2sell suite module (2)	—
38	digium	2	·	·	·		asterisk (2) · certified asterisk (2) · asterisk digiumphones (1)	—
39	djangoproject	2	·	·	·		django (2)	—
40	dlink	2	·	·	·		dwl-2100ap firmware (1) · des-3810 (1) · des-3810 firmware (1)	—
41	emc	2	·	·	·		rsa archer egrc (2)	—
42	gomlab	2	1	·	·	NEWPoC 1	gom player (2)	—
43	google	2	·	·	·		android (2)	—
44	ibm corp.	2	1	·	·		ibm call center for commerce (2)	—
45	indianic	2	·	·	2	NEWNuclei 2PoC 2	testimonial plugin (2)	—
46	juniper	2	·	·	·	NEW	ive os (1) · junos pulse access control service (1) · junos pulse secure access service (1)	—
47	konstanty bialkowski	2	·	·	·	PoC 1	libmodplug (2)	—
48	motorola	2	·	·	·	NEW	defy xt (2)	—
49	oracle corp.	2	1	·	·		mysql enterprise monitor (2) · oracle flexcube private banking (2) · webcenter sites (2)	—
50	owasp	2	·	·	·	NEW	enterprise security api (2)	—