month report
December 2013
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
December 2013 closed with 495 published CVEs — +83.3% YoY . 60 criticals, ibm led volume, mostly via sterling b2b integrator. Biggest breakout: fedoraproject at ×18.0 their 12-month median. Top weakness class — CWE-79 (93 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
495
— MoM+83.3% YoY
Severity mix
60 / 70
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
1.2%
6 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
4459.8
n=6
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
2952
n=1
Detection gap
KEV pressure, no Nuclei coverage
December 2013 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1microsoft24 CVE
Weakness × Vendor
What's spreading where in December 2013
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS119Memory Buffer Bounds20Improper Input Validation264CWE-26489SQL Injection94Code Injection200Information Exposure310CWE-310352CSRF287Improper Authenticationibm1624616213ffmpeg197cisco711416131cybozu181121microsoft275111сообщество свободного программного обеспечения46231redhat31151111opensuse1113122canonical121111fedoraproject111131suse111111mozilla1111
Breakout vendors
CVE count ≥3× their own 12-period median.
- 18.0×fedoraproject18 CVE
- 15.3×ffmpeg46 CVE
- 12.0×cybozu24 CVE
- 8.0×сообщество свободного программного обеспечения24 CVE
- 5.0×novell10 CVE
- 4.0×mediawiki4 CVE
- 3.3×packagist10 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #25hot6 CVE
- #33op54 CVE
- #41cooperindustries3 CVE
- #43d-link corp.3 CVE
- #44esri3 CVE
- #45etoshop3 CVE
- #47idleman3 CVE
- #52cru-inc2 CVE
- #56iscripts2 CVE
- #57livezilla2 CVE
Top vendors
Ranked by distinct CVE count this period.
- 48 CVECVSS 4.2PoC 2sterling b2b integrator (6) · sterling file gateway (6) · spss collaboration and deployment services (5)
- 46 CVE16 critCVSS 7.4×15.3PoC 6ffmpeg (46)
- 38 CVECVSS 5.0PoC 3webex training center (10) · webex meeting center (5) · ios xe (4)
- 24 CVECVSS 4.5×12.0garoon (23) · dezie (1)
- 24 CVE8 critCVSS 6.4KEV 1PoC 1internet explorer (9) · windows 7 (5) · windows server 2008 (5)
- 24 CVE6 critCVSS 6.7×8.0PoC 2debian gnu/linux (21) · linux (3)
- 23 CVE6 critCVSS 7.6PoC 2enterprise linux desktop (8) · enterprise linux workstation (8) · enterprise linux server (8)
- 21 CVE7 critCVSS 7.0PoC 2opensuse (20) · zypper (1)
- 18 CVE7 critCVSS 7.0PoC 1ubuntu linux (18)
- 18 CVE7 critCVSS 6.8×18.0PoC 2fedora (18)
- 15 CVE7 critCVSS 7.6PoC 3linux enterprise server (8) · linux enterprise desktop (7) · suse linux enterprise software development kit (7)
- 13 CVE7 critCVSS 8.1PoC 1firefox (13) · seamonkey (12) · thunderbird (7)
- 12 CVE1 critCVSS 6.6safari (9) · itunes (7) · webkit (7)
- 12 CVECVSS 5.5PoC 11actionpack (5) · sup (2) · webbynode (1)
- 11 CVECVSS 5.0PoC 2linux kernel (11)
- 10 CVE1 critCVSS 5.6×5.0PoC 1suse lifecycle management server (3) · suse manager (1) · client (1)
- 10 CVECVSS 4.9×3.3PoC 1typo3/cms (3) · typo3/cms-core (3) · joomla/joomla-cms (1)
- 9 CVE1 critCVSS 5.1service manager web tier (2) · service manager (2) · operations orchestration (2)
- 9 CVECVSS 4.8PoC 1typo3 (8) · flow (1)
- 8 CVECVSS 4.8PoC 1solr (4) · roller (2) · subversion (2)
- 8 CVECVSS 5.7gentoo linux (8)
- 8 CVECVSS 7.2chrome (7) · v8 (3) · android (1)
- 7 CVE1 critCVSS 5.4solaris (6) · fusion middleware (1)
- 6 CVE1 critCVSS 6.5debian linux (5) · adequate (1)
- 6 CVECVSS 4.5NEWPoC 6hotbox router (6) · hotbox router firmware (6)
- 6 CVECVSS 5.5PoC 1org.apache.solr:solr-core (4) · org.jenkins-ci.main:jenkins-core (1) · org.jenkins-ci.plugins:sonar (1)
- 5 CVECVSS 4.8drupal (5)
- 5 CVE1 critCVSS 6.2PoC 3connectrix manager (1) · replication manager (1) · rsa archer egrc (1)
- 5 CVECVSS 4.9PoC 5rails (5) · ruby on rails (4)
- 4 CVE4 critCVSS 9.5air (2) · air sdk (2) · flash player (2)
- 4 CVECVSS 4.9×4.0mediawiki (4)
- 4 CVE1 critCVSS 7.9PoC 2raidiator (2) · prosafe firmware (2) · prosafe gs510tp (2)
- 4 CVE3 critCVSS 9.0NEWPoC 2monitor (4) · system-op5config (1) · system-portal (1)
- 4 CVECVSS 3.2PoC 1heat (2) · folsom (1) · havana (1)
- 4 CVECVSS 5.2red hat enterprise linux (4)
- 4 CVE1 critCVSS 7.5customer relationship management (1) · emr unwired (1) · netweaver (1)
- 4 CVE1 critCVSS 9.6ruggedcom rugged operating system (2) · sinamics g110 (1) · sinamics g110d (1)
- 4 CVECVSS 6.1centos (4)
- 4 CVECVSS 6.3openjpeg (4)
- 4 CVECVSS 5.7xen (4)
- 3 CVECVSS 6.1NEWsmp 4 gateway \(data concentrator\) (2) · smp 16 gateway \(data concentrator\) (2) · smp 4\/dp gateway \(data concentrator\) (2)
- 3 CVE1 critCVSS 7.6PoC 3dsr-1000 (3) · dsr-1000 firmware (3) · dsr-1000n (3)
- 3 CVE1 critCVSS 7.6NEWPoC 3dsr-500 (2) · dsr-1000 (1)
- 3 CVECVSS 4.8NEWarcgis server (3)
- 3 CVECVSS 7.5NEWPoC 3c2c forward auction creator (1) · classifieds creator (1) · dynamic biz website builder quickweb (1)
- 3 CVECVSS 5.5PoC 1libmicrohttpd (2) · glibc (1)
- 3 CVECVSS 6.4NEWPoC 1leed (3)
- 3 CVECVSS 5.1idp250 (1) · idp75 (1) · idp800 (1)
- 3 CVE2 critCVSS 8.2PoC 3email gateway (3)
- 3 CVECVSS 6.2PoC 2opensuse (1) · opensuse leap (1) · suse linux enterprise debuginfo (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | ibm | 48 | · | · | · | PoC 2 | sterling b2b integrator (6) · sterling file gateway (6) · spss collaboration and deployment services (5) | — | |
| 2 | ffmpeg | 46 | 16 | · | · | ×15.3PoC 6 | ffmpeg (46) | — | |
| 3 | cisco | 38 | · | · | · | PoC 3 | webex training center (10) · webex meeting center (5) · ios xe (4) | — | |
| 4 | cybozu | 24 | · | · | · | ×12.0 | garoon (23) · dezie (1) | — | |
| 5 | microsoft | 24 | 8 | 1 | · | KEV 1PoC 1 | internet explorer (9) · windows 7 (5) · windows server 2008 (5) | — | |
| 6 | сообщество свободного программного обеспечения | 24 | 6 | · | · | ×8.0PoC 2 | debian gnu/linux (21) · linux (3) | — | |
| 7 | redhat | 23 | 6 | · | · | PoC 2 | enterprise linux desktop (8) · enterprise linux workstation (8) · enterprise linux server (8) | — | |
| 8 | opensuse | 21 | 7 | · | · | PoC 2 | opensuse (20) · zypper (1) | — | |
| 9 | canonical | 18 | 7 | · | · | PoC 1 | ubuntu linux (18) | — | |
| 10 | fedoraproject | 18 | 7 | · | · | ×18.0PoC 2 | fedora (18) | — | |
| 11 | suse | 15 | 7 | · | · | PoC 3 | linux enterprise server (8) · linux enterprise desktop (7) · suse linux enterprise software development kit (7) | — | |
| 12 | mozilla | 13 | 7 | · | · | PoC 1 | firefox (13) · seamonkey (12) · thunderbird (7) | — | |
| 13 | apple | 12 | 1 | · | · | safari (9) · itunes (7) · webkit (7) | — | ||
| 14 | rubygems | 12 | · | · | · | PoC 11 | actionpack (5) · sup (2) · webbynode (1) | — | |
| 15 | linux | 11 | · | · | · | PoC 2 | linux kernel (11) | — | |
| 16 | novell | 10 | 1 | · | · | ×5.0PoC 1 | suse lifecycle management server (3) · suse manager (1) · client (1) | — | |
| 17 | packagist | 10 | · | · | · | ×3.3PoC 1 | typo3/cms (3) · typo3/cms-core (3) · joomla/joomla-cms (1) | — | |
| 18 | hp | 9 | 1 | · | · | service manager web tier (2) · service manager (2) · operations orchestration (2) | — | ||
| 19 | typo3 | 9 | · | · | · | PoC 1 | typo3 (8) · flow (1) | — | |
| 20 | apache | 8 | · | · | · | PoC 1 | solr (4) · roller (2) · subversion (2) | — | |
| 21 | gentoo foundation inc. | 8 | · | · | · | gentoo linux (8) | — | ||
| 22 | 8 | · | · | · | chrome (7) · v8 (3) · android (1) | — | |||
| 23 | oracle | 7 | 1 | · | · | solaris (6) · fusion middleware (1) | — | ||
| 24 | debian | 6 | 1 | · | · | debian linux (5) · adequate (1) | — | ||
| 25 | hot | 6 | · | · | · | NEWPoC 6 | hotbox router (6) · hotbox router firmware (6) | — | |
| 26 | maven | 6 | · | · | · | PoC 1 | org.apache.solr:solr-core (4) · org.jenkins-ci.main:jenkins-core (1) · org.jenkins-ci.plugins:sonar (1) | — | |
| 27 | drupal | 5 | · | · | · | drupal (5) | — | ||
| 28 | emc | 5 | 1 | · | · | PoC 3 | connectrix manager (1) · replication manager (1) · rsa archer egrc (1) | — | |
| 29 | rubyonrails | 5 | · | · | · | PoC 5 | rails (5) · ruby on rails (4) | — | |
| 30 | adobe | 4 | 4 | · | · | air (2) · air sdk (2) · flash player (2) | — | ||
| 31 | mediawiki | 4 | · | · | · | ×4.0 | mediawiki (4) | — | |
| 32 | netgear | 4 | 1 | · | · | PoC 2 | raidiator (2) · prosafe firmware (2) · prosafe gs510tp (2) | — | |
| 33 | op5 | 4 | 3 | · | · | NEWPoC 2 | monitor (4) · system-op5config (1) · system-portal (1) | — | |
| 34 | openstack | 4 | · | · | · | PoC 1 | heat (2) · folsom (1) · havana (1) | — | |
| 35 | red hat inc. | 4 | · | · | · | red hat enterprise linux (4) | — | ||
| 36 | sap | 4 | 1 | · | · | customer relationship management (1) · emr unwired (1) · netweaver (1) | — | ||
| 37 | siemens | 4 | 1 | · | · | ruggedcom rugged operating system (2) · sinamics g110 (1) · sinamics g110d (1) | — | ||
| 38 | the centos project | 4 | · | · | · | centos (4) | — | ||
| 39 | uclouvain | 4 | · | · | · | openjpeg (4) | — | ||
| 40 | xen | 4 | · | · | · | xen (4) | — | ||
| 41 | cooperindustries | 3 | · | · | · | NEW | smp 4 gateway \(data concentrator\) (2) · smp 16 gateway \(data concentrator\) (2) · smp 4\/dp gateway \(data concentrator\) (2) | — | |
| 42 | dlink | 3 | 1 | · | · | PoC 3 | dsr-1000 (3) · dsr-1000 firmware (3) · dsr-1000n (3) | — | |
| 43 | d-link corp. | 3 | 1 | · | · | NEWPoC 3 | dsr-500 (2) · dsr-1000 (1) | — | |
| 44 | esri | 3 | · | · | · | NEW | arcgis server (3) | — | |
| 45 | etoshop | 3 | · | · | · | NEWPoC 3 | c2c forward auction creator (1) · classifieds creator (1) · dynamic biz website builder quickweb (1) | — | |
| 46 | gnu | 3 | · | · | · | PoC 1 | libmicrohttpd (2) · glibc (1) | — | |
| 47 | idleman | 3 | · | · | · | NEWPoC 1 | leed (3) | — | |
| 48 | juniper | 3 | · | · | · | idp250 (1) · idp75 (1) · idp800 (1) | — | ||
| 49 | mcafee | 3 | 2 | · | · | PoC 3 | email gateway (3) | — | |
| 50 | novell inc. | 3 | · | · | · | PoC 2 | opensuse (1) · opensuse leap (1) · suse linux enterprise debuginfo (1) | — |