month report

April 2014

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

April 2014 closed with 676 published CVEs. 64 criticals, oracle led volume, mostly via jdk. Biggest breakout: oracle corp. at ×19.0 their 12-month median. Top weakness class — CWE-20 (77 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

676

— MoM— YoY

Severity mix

64 / 142

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

3.6%

24 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

4348.3

n=24

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2912

n=3

Detection gap

KEV pressure, no Nuclei coverage

April 2014 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1microsoft17 CVE
KEV 1microsoft corp16 CVE

Weakness × Vendor

What's spreading where in April 2014

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

20Improper Input Validation 264CWE-264 79XSS 119Memory Buffer Bounds 200Information Exposure 22Path Traversal 352CSRF 287Improper Authentication 399CWE-399 89SQL Injection oracle 1 1 1 oracle corp.1 2 canonical 3 1 1 1 1 cisco 17 3 2 3 1 1 2 3 4 debian 1 2 1 1 1 1 redhat 3 5 1 1 1 apple 4 3 1 14 2 1 fedoraproject 3 1 2 1 ibm 4 1 5 1 opensuse 2 2 2 1 1 sap 8 2 2 1 1 1 google 3 1 5

Breakout vendors

CVE count ≥3× their own 12-period median.

19.0×oracle corp.57 CVE
17.0×google inc17 CVE
16.0×microsoft corp16 CVE
13.0×juniper13 CVE
12.5×fedoraproject25 CVE
8.0×sap24 CVE
5.8×canonical46 CVE
5.0×tibco5 CVE
4.3×gentoo foundation inc.13 CVE
4.0×pypi16 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#16paperthin16 CVE
#22mozilla corp.13 CVE
#25advantech10 CVE
#36horde5 CVE
#38zyxel5 CVE
#47asus3 CVE
#48clip-bucket3 CVE
#49ddsn3 CVE
#53gopivotal3 CVE
#56igniterealtime3 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle—
105 CVE10 critCVSS 5.8
PoC 6
jdk (34) · jre (34) · fusion middleware (18)
2oracle corp.—
57 CVE9 critCVSS 6.2
×19.0PoC 1
java runtime environment (19) · mysql (14) · java development kit (13)
3canonical—
46 CVE15 critCVSS 7.1
×5.8KEV 1Nuclei 1PoC 3
ubuntu linux (46) · update-manager (2) · accountsservice (1)
4cisco—
45 CVECVSS 5.6
ios (19) · adaptive security appliance software (6) · asr 1004 (4)
5debian—
38 CVE8 critCVSS 7.3
×3.8KEV 1Nuclei 1PoC 4
debian linux (36) · dpkg (1) · ppthtml (1)
6redhat—
33 CVE2 critCVSS 6.0
KEV 1Nuclei 1PoC 4
enterprise linux desktop (18) · enterprise linux server (18) · enterprise linux server tus (17)
7apple—
27 CVE2 critCVSS 6.1
PoC 1
safari (14) · mac os x (12) · iphone os (3)
8fedoraproject—
25 CVE6 critCVSS 7.0
×12.5KEV 1Nuclei 1PoC 5
fedora (25)
9ibm—
25 CVE6 critCVSS 5.7
forms viewer (12) · messagesight (4) · messagesight jms client (4)
10opensuse—
24 CVE7 critCVSS 7.1
KEV 1Nuclei 1PoC 3
opensuse (23) · evergreen (1)
11sap—
24 CVECVSS 5.7
×8.0PoC 1
enterprise portal (2) · print and output management (1) · profile maintenance (1)
12google—
22 CVECVSS 7.1
chrome (20) · android (2)
13google inc—
17 CVECVSS 7.2
×17.0
google chrome (17)
14microsoft—
17 CVE12 critCVSS 8.0
KEV 1PoC 2
internet explorer (11) · word (2) · windows xp (1)
15microsoft corp—
16 CVE13 critCVSS 8.3
×16.0KEV 1PoC 1
internet explorer (12) · microsoft publisher (1) · microsoft word 2003 (1)
16paperthin—
16 CVE5 critCVSS 7.0
NEW
commonspot content server (16)
17pypi—
16 CVE2 critCVSS 5.5
×4.0PoC 2
django (3) · pillow (3) · roundup (3)
18mozilla—
15 CVE6 critCVSS 8.3
PoC 3
firefox (14) · seamonkey (12) · thunderbird (7)
19suse—
14 CVE2 critCVSS 6.4
×3.5PoC 1
suse linux enterprise server (9) · studio onsite (4) · studio extension for system z (4)
20gentoo foundation inc.—
13 CVE2 critCVSS 6.6
×4.3KEV 1Nuclei 1PoC 3
gentoo linux (13)
21juniper—
13 CVE4 critCVSS 6.3
×13.0
junos (6) · junos space (6) · screenos (1)
22mozilla corp.—
13 CVE6 critCVSS 8.5
NEWPoC 3
firefox (6) · firefox esr (3) · seamonkey (3)
23linux—
11 CVECVSS 5.2
PoC 3
linux kernel (11)
24maven—
11 CVECVSS 6.3
×3.1PoC 2
org.apache.struts:struts2-core (2) · org.igniterealtime.openfire:parent (1) · org.jboss.fuse:jboss-fuse (1)
25advantech—
10 CVECVSS 7.3
NEW
advantech webaccess (10) · webaccess (10)
26xen—
10 CVECVSS 5.1
xen (10)
27hp—
9 CVE2 critCVSS 5.2
universal configuration management database (2) · array diagnostics utility (1) · database and middleware automation (1)
28mariadb—
9 CVECVSS 4.0
mariadb (9)
29apache—
8 CVECVSS 6.5
PoC 1
struts (3) · harmony (1) · archiva (1)
30openstack—
7 CVE1 critCVSS 6.2
icehouse (2) · keystone (2) · horizon (1)
31сообщество свободного программного обеспечения—
7 CVECVSS 6.1
PoC 1
debian gnu/linux (6) · linux (1)
32siemens—
6 CVE1 critCVSS 5.9
×3.0KEV 1Nuclei 2PoC 2
sinema server (3) · simatic s7 cpu 1215c (2) · simatic s7 cpu 1200 firmware (2)
33adobe—
5 CVE3 critCVSS 6.8
PoC 1
flash player (4) · adobe air (3) · adobe air sdk (3)
34emc—
5 CVECVSS 5.4
cloud tiering appliance (2) · cloud tiering appliance software (2) · rsa adaptive authentication on-premise (2)
35fortinet—
5 CVE1 critCVSS 4.9
fortiweb (3) · fortiadc-300e (1) · fortiadc-1000e (1)
36horde—
5 CVECVSS 4.7
NEW
groupware (4) · imp (2) · kronolith h4 (2)
37tibco—
5 CVECVSS 6.1
×5.0
messaging appliance (3) · substantiation es (3) · rendezvous (3)
38zyxel—
5 CVECVSS 7.6
NEW
n300 netusb nbg-419n (4) · n300 netusb nbg-419n firmware (4) · p-660h-61 (1)
39cacti—
4 CVECVSS 7.1
cacti (4)
40cisco systems inc.—
4 CVECVSS 7.3
adaptive security appliance (4)
41digium—
4 CVECVSS 5.0
asterisk (4) · certified asterisk (2)
42python—
4 CVE1 critCVSS 5.9
PoC 2
pillow (3) · python (1)
43rubygems—
4 CVECVSS 5.7
PoC 4
bio-basespace-sdk (1) · sfpagent (1) · show_in_browser (1)
44uclouvain—
4 CVE2 critCVSS 7.8
openjpeg (4)
45vmware—
4 CVE1 critCVSS 6.3
vsphere client (2) · spring framework (1) · player (1)
46apache software foundation—
3 CVECVSS 7.5
PoC 1
struts (2) · xalan-java (1)
47asus—
3 CVECVSS 6.3
NEWPoC 2
rt-ac68u (3) · rt-ac68u firmware (3) · rt-n14u firmware (1)
48clip-bucket—
3 CVECVSS 5.4
NEWPoC 1
clipbucket (3)
49ddsn—
3 CVECVSS 5.6
NEWPoC 3
cm3 acora content management system (3)
50djangoproject—
3 CVE1 critCVSS 6.7
django (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	105	10	·	·	PoC 6	jdk (34) · jre (34) · fusion middleware (18)	—
2	oracle corp.	57	9	·	·	×19.0PoC 1	java runtime environment (19) · mysql (14) · java development kit (13)	—
3	canonical	46	15	1	1	×5.8KEV 1Nuclei 1PoC 3	ubuntu linux (46) · update-manager (2) · accountsservice (1)	—
4	cisco	45	·	·	·		ios (19) · adaptive security appliance software (6) · asr 1004 (4)	—
5	debian	38	8	1	1	×3.8KEV 1Nuclei 1PoC 4	debian linux (36) · dpkg (1) · ppthtml (1)	—
6	redhat	33	2	1	1	KEV 1Nuclei 1PoC 4	enterprise linux desktop (18) · enterprise linux server (18) · enterprise linux server tus (17)	—
7	apple	27	2	·	·	PoC 1	safari (14) · mac os x (12) · iphone os (3)	—
8	fedoraproject	25	6	1	1	×12.5KEV 1Nuclei 1PoC 5	fedora (25)	—
9	ibm	25	6	·	·		forms viewer (12) · messagesight (4) · messagesight jms client (4)	—
10	opensuse	24	7	1	1	KEV 1Nuclei 1PoC 3	opensuse (23) · evergreen (1)	—
11	sap	24	·	·	·	×8.0PoC 1	enterprise portal (2) · print and output management (1) · profile maintenance (1)	—
12	google	22	·	·	·		chrome (20) · android (2)	—
13	google inc	17	·	·	·	×17.0	google chrome (17)	—
14	microsoft	17	12	1	·	KEV 1PoC 2	internet explorer (11) · word (2) · windows xp (1)	—
15	microsoft corp	16	13	1	·	×16.0KEV 1PoC 1	internet explorer (12) · microsoft publisher (1) · microsoft word 2003 (1)	—
16	paperthin	16	5	·	·	NEW	commonspot content server (16)	—
17	pypi	16	2	·	·	×4.0PoC 2	django (3) · pillow (3) · roundup (3)	—
18	mozilla	15	6	·	·	PoC 3	firefox (14) · seamonkey (12) · thunderbird (7)	—
19	suse	14	2	·	·	×3.5PoC 1	suse linux enterprise server (9) · studio onsite (4) · studio extension for system z (4)	—
20	gentoo foundation inc.	13	2	1	1	×4.3KEV 1Nuclei 1PoC 3	gentoo linux (13)	—
21	juniper	13	4	·	·	×13.0	junos (6) · junos space (6) · screenos (1)	—
22	mozilla corp.	13	6	·	·	NEWPoC 3	firefox (6) · firefox esr (3) · seamonkey (3)	—
23	linux	11	·	·	·	PoC 3	linux kernel (11)	—
24	maven	11	·	·	·	×3.1PoC 2	org.apache.struts:struts2-core (2) · org.igniterealtime.openfire:parent (1) · org.jboss.fuse:jboss-fuse (1)	—
25	advantech	10	·	·	·	NEW	advantech webaccess (10) · webaccess (10)	—
26	xen	10	·	·	·		xen (10)	—
27	hp	9	2	·	·		universal configuration management database (2) · array diagnostics utility (1) · database and middleware automation (1)	—
28	mariadb	9	·	·	·		mariadb (9)	—
29	apache	8	·	·	·	PoC 1	struts (3) · harmony (1) · archiva (1)	—
30	openstack	7	1	·	·		icehouse (2) · keystone (2) · horizon (1)	—
31	сообщество свободного программного обеспечения	7	·	·	·	PoC 1	debian gnu/linux (6) · linux (1)	—
32	siemens	6	1	1	2	×3.0KEV 1Nuclei 2PoC 2	sinema server (3) · simatic s7 cpu 1215c (2) · simatic s7 cpu 1200 firmware (2)	—
33	adobe	5	3	·	·	PoC 1	flash player (4) · adobe air (3) · adobe air sdk (3)	—
34	emc	5	·	·	·		cloud tiering appliance (2) · cloud tiering appliance software (2) · rsa adaptive authentication on-premise (2)	—
35	fortinet	5	1	·	·		fortiweb (3) · fortiadc-300e (1) · fortiadc-1000e (1)	—
36	horde	5	·	·	·	NEW	groupware (4) · imp (2) · kronolith h4 (2)	—
37	tibco	5	·	·	·	×5.0	messaging appliance (3) · substantiation es (3) · rendezvous (3)	—
38	zyxel	5	·	·	·	NEW	n300 netusb nbg-419n (4) · n300 netusb nbg-419n firmware (4) · p-660h-61 (1)	—
39	cacti	4	·	·	·		cacti (4)	—
40	cisco systems inc.	4	·	·	·		adaptive security appliance (4)	—
41	digium	4	·	·	·		asterisk (4) · certified asterisk (2)	—
42	python	4	1	·	·	PoC 2	pillow (3) · python (1)	—
43	rubygems	4	·	·	·	PoC 4	bio-basespace-sdk (1) · sfpagent (1) · show_in_browser (1)	—
44	uclouvain	4	2	·	·		openjpeg (4)	—
45	vmware	4	1	·	·		vsphere client (2) · spring framework (1) · player (1)	—
46	apache software foundation	3	·	·	·	PoC 1	struts (2) · xalan-java (1)	—
47	asus	3	·	·	·	NEWPoC 2	rt-ac68u (3) · rt-ac68u firmware (3) · rt-n14u firmware (1)	—
48	clip-bucket	3	·	·	·	NEWPoC 1	clipbucket (3)	—
49	ddsn	3	·	·	·	NEWPoC 3	cm3 acora content management system (3)	—
50	djangoproject	3	1	·	·		django (3)	—