month report

January 2015

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

January 2015 closed with 737 published CVEs — +27.3% YoY . 51 criticals, oracle led volume, mostly via fusion middleware. Biggest breakout: adobe systems inc. at ×9.0 their 12-month median. Top weakness class — CWE-79 (134 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

737

— MoM+27.3% YoY

Severity mix

51 / 141

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

7.3%

54 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

4070.4

n=54

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2684

n=4

Detection gap

KEV pressure, no Nuclei coverage

January 2015 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2adobe13 CVE
KEV 2adobe systems inc.9 CVE
KEV 2microsoft9 CVE
KEV 1suse12 CVE
KEV 1dlink7 CVE

Weakness × Vendor

What's spreading where in January 2015

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS 119Memory Buffer Bounds 89SQL Injection 264CWE-264 352CSRF 200Information Exposure 20Improper Input Validation 22Path Traversal 399CWE-399 17CWE-17 oracle 2 3 2 apple 10 7 5 4 1 2 opensuse 6 3 4 1 1 2 canonical 1 2 1 1 1 2 3 redhat 2 3 1 3 1 1 2 2 google 9 2 2 5 debian 4 3 1 1 cisco 4 1 2 5 4 5 fedoraproject 2 1 1 ibm 6 1 3 2 1 1 2 sun adobe 4 1 1

Breakout vendors

CVE count ≥3× their own 12-period median.

9.0×adobe systems inc.9 CVE
7.0×broadcom7 CVE
5.5×novell11 CVE
4.5×mediawiki9 CVE
3.5×dlink7 CVE
3.5×mantisbt7 CVE
3.5×openssl7 CVE
3.0×ао «ивк»6 CVE
3.0×npm3 CVE
3.0×canonical ltd.3 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#26vdgsecurity7 CVE
#27chromium6 CVE
#31ао «ивк»6 CVE
#33corel5 CVE
#39ferretcms project4 CVE
#42maianscriptworld4 CVE
#45phpjabbers4 CVE
#46pixabay images project4 CVE
#47basic-cms3 CVE
#49cherry-design3 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle—
125 CVE8 critCVSS 5.4
PoC 4
fusion middleware (20) · jre (18) · jdk (18)
2apple—
50 CVE14 critCVSS 7.4
PoC 5
mac os x (41) · iphone os (20) · tvos (16)
3opensuse—
46 CVE3 critCVSS 5.3
Nuclei 1PoC 3
opensuse (46) · evergreen (2)
4canonical—
36 CVE3 critCVSS 5.5
PoC 4
ubuntu linux (35) · ubuntu (1)
5redhat—
35 CVE5 critCVSS 4.8
PoC 2
enterprise linux workstation (10) · enterprise linux (10) · enterprise linux desktop (10)
6google—
34 CVECVSS 6.6
chrome (34) · v8 (1)
7debian—
33 CVE4 critCVSS 5.4
PoC 5
debian linux (31) · dpkg (1) · mime-support (1)
8cisco—
24 CVECVSS 5.4
webex meetings server (7) · secure access control system (3) · unified communications domain manager (3)
9fedoraproject—
19 CVECVSS 4.9
PoC 2
fedora (19)
10ibm—
19 CVE2 critCVSS 5.2
PoC 2
tririga application platform (3) · sas raid module firmware (2) · sas connectivity module firmware (2)
11sun—
14 CVECVSS 5.0
sunos (14)
12adobe—
13 CVE10 critCVSS 9.2
KEV 2PoC 1
flash player (12) · adobe air sdk and compiler (9) · adobe air (9)
13suse—
12 CVE1 critCVSS 3.7
KEV 1
linux enterprise desktop (9) · linux enterprise workstation extension (9) · linux enterprise server (8)
14novell—
11 CVE4 critCVSS 7.3
×5.5
suse linux enterprise desktop (10) · suse linux enterprise server (7)
15mozilla—
10 CVECVSS 6.6
PoC 1
firefox (10) · seamonkey (9) · firefox esr (4)
16adobe systems inc.—
9 CVE8 critCVSS 9.7
×9.0KEV 2
flash player (7) · adobe integrated runtime (2)
17emc—
9 CVECVSS 5.0
PoC 7
documentum wdk (5) · vipr srm (4) · watch4net (4)
18mediawiki—
9 CVECVSS 4.4
×4.5PoC 2
mediawiki (9)
19microsoft—
9 CVE2 critCVSS 6.8
KEV 2PoC 2
windows server 2012 (8) · windows 8.1 (7) · windows 8 (7)
20broadcom—
7 CVE1 critCVSS 5.6
×7.0PoC 4
symantec critical system protection (5) · rabbitmq server (2)
21dlink—
7 CVECVSS 5.5
×3.5KEV 1PoC 7
dap-1360 firmware (4) · dcs-2103 firmware (1) · dir-600 firmware (1)
22mantisbt—
7 CVECVSS 4.8
×3.5PoC 2
mantisbt (7)
23mariadb—
7 CVECVSS 4.4
mariadb (7)
24openssl—
7 CVECVSS 4.9
×3.5
openssl (7)
25pypi—
7 CVECVSS 5.0
PoC 3
django (4) · glance (2) · pillow (1)
26vdgsecurity—
7 CVECVSS 5.4
NEWPoC 7
vdg sense (7)
27chromium—
6 CVECVSS 6.1
NEW
chromium (6)
28sap—
6 CVE1 critCVSS 7.1
PoC 1
sap kernel (2) · enterprise resource planning (1) · hana extended application services (1)
29siemens—
6 CVECVSS 4.9
simatic wincc sm\@rtclient (3) · scalance x-300 series firmware (2) · scalance x-408 firmware (2)
30wireshark—
6 CVECVSS 5.0
wireshark (6)
31ао «ивк»—
6 CVECVSS 5.0
NEW×3.0
альт линукс спт (6)
32apache—
5 CVECVSS 4.9
cloudstack (1) · poi (1) · santuario xml security for java (1)
33corel—
5 CVECVSS 4.6
NEW
fastflick (2) · pdf fusion (1) · videostudio pro (1)
34ffmpeg—
5 CVECVSS 7.5
ffmpeg (5)
35juniper—
5 CVECVSS 6.6
junos (5)
36symantec—
5 CVE1 critCVSS 6.0
PoC 4
data center security (5)
37сообщество свободного программного обеспечения—
5 CVECVSS 7.4
PoC 3
debian gnu/linux (4) · xdg-utils (1)
38djangoproject—
4 CVECVSS 4.8
PoC 2
django (4)
39ferretcms project—
4 CVECVSS 6.5
NEWPoC 2
ferretcms (4)
40gnu—
4 CVE1 critCVSS 6.7
PoC 4
patch (1) · binutils (1) · coreutils (1)
41linux—
4 CVECVSS 4.7
linux kernel (4)
42maianscriptworld—
4 CVECVSS 5.9
NEWPoC 3
maian uploader (3) · maian weblog (1)
43openstack—
4 CVECVSS 5.0
PoC 1
image registry and delivery service \(glance\) (3) · neutron (1)
44php—
4 CVE1 critCVSS 8.0
PoC 3
php (4)
45phpjabbers—
4 CVECVSS 6.5
NEWPoC 4
appointment scheduler (2) · event booking calendar (2)
46pixabay images project—
4 CVECVSS 5.2
NEWNuclei 4PoC 4
pixabay images (4)
47basic-cms—
3 CVECVSS 5.4
NEWPoC 2
sweetrice (3)
48canonical ltd.—
3 CVECVSS 7.3
×3.0PoC 2
ubuntu (3)
49cherry-design—
3 CVECVSS 5.4
NEWPoC 2
wikipad (3)
50e107—
3 CVECVSS 5.1
PoC 3
e107 (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	125	8	·	·	PoC 4	fusion middleware (20) · jre (18) · jdk (18)	—
2	apple	50	14	·	·	PoC 5	mac os x (41) · iphone os (20) · tvos (16)	—
3	opensuse	46	3	·	1	Nuclei 1PoC 3	opensuse (46) · evergreen (2)	—
4	canonical	36	3	·	·	PoC 4	ubuntu linux (35) · ubuntu (1)	—
5	redhat	35	5	·	·	PoC 2	enterprise linux workstation (10) · enterprise linux (10) · enterprise linux desktop (10)	—
6	google	34	·	·	·		chrome (34) · v8 (1)	—
7	debian	33	4	·	·	PoC 5	debian linux (31) · dpkg (1) · mime-support (1)	—
8	cisco	24	·	·	·		webex meetings server (7) · secure access control system (3) · unified communications domain manager (3)	—
9	fedoraproject	19	·	·	·	PoC 2	fedora (19)	—
10	ibm	19	2	·	·	PoC 2	tririga application platform (3) · sas raid module firmware (2) · sas connectivity module firmware (2)	—
11	sun	14	·	·	·		sunos (14)	—
12	adobe	13	10	2	·	KEV 2PoC 1	flash player (12) · adobe air sdk and compiler (9) · adobe air (9)	—
13	suse	12	1	1	·	KEV 1	linux enterprise desktop (9) · linux enterprise workstation extension (9) · linux enterprise server (8)	—
14	novell	11	4	·	·	×5.5	suse linux enterprise desktop (10) · suse linux enterprise server (7)	—
15	mozilla	10	·	·	·	PoC 1	firefox (10) · seamonkey (9) · firefox esr (4)	—
16	adobe systems inc.	9	8	2	·	×9.0KEV 2	flash player (7) · adobe integrated runtime (2)	—
17	emc	9	·	·	·	PoC 7	documentum wdk (5) · vipr srm (4) · watch4net (4)	—
18	mediawiki	9	·	·	·	×4.5PoC 2	mediawiki (9)	—
19	microsoft	9	2	2	·	KEV 2PoC 2	windows server 2012 (8) · windows 8.1 (7) · windows 8 (7)	—
20	broadcom	7	1	·	·	×7.0PoC 4	symantec critical system protection (5) · rabbitmq server (2)	—
21	dlink	7	·	1	·	×3.5KEV 1PoC 7	dap-1360 firmware (4) · dcs-2103 firmware (1) · dir-600 firmware (1)	—
22	mantisbt	7	·	·	·	×3.5PoC 2	mantisbt (7)	—
23	mariadb	7	·	·	·		mariadb (7)	—
24	openssl	7	·	·	·	×3.5	openssl (7)	—
25	pypi	7	·	·	·	PoC 3	django (4) · glance (2) · pillow (1)	—
26	vdgsecurity	7	·	·	·	NEWPoC 7	vdg sense (7)	—
27	chromium	6	·	·	·	NEW	chromium (6)	—
28	sap	6	1	·	·	PoC 1	sap kernel (2) · enterprise resource planning (1) · hana extended application services (1)	—
29	siemens	6	·	·	·		simatic wincc sm\@rtclient (3) · scalance x-300 series firmware (2) · scalance x-408 firmware (2)	—
30	wireshark	6	·	·	·		wireshark (6)	—
31	ао «ивк»	6	·	·	·	NEW×3.0	альт линукс спт (6)	—
32	apache	5	·	·	·		cloudstack (1) · poi (1) · santuario xml security for java (1)	—
33	corel	5	·	·	·	NEW	fastflick (2) · pdf fusion (1) · videostudio pro (1)	—
34	ffmpeg	5	·	·	·		ffmpeg (5)	—
35	juniper	5	·	·	·		junos (5)	—
36	symantec	5	1	·	·	PoC 4	data center security (5)	—
37	сообщество свободного программного обеспечения	5	·	·	·	PoC 3	debian gnu/linux (4) · xdg-utils (1)	—
38	djangoproject	4	·	·	·	PoC 2	django (4)	—
39	ferretcms project	4	·	·	·	NEWPoC 2	ferretcms (4)	—
40	gnu	4	1	·	·	PoC 4	patch (1) · binutils (1) · coreutils (1)	—
41	linux	4	·	·	·		linux kernel (4)	—
42	maianscriptworld	4	·	·	·	NEWPoC 3	maian uploader (3) · maian weblog (1)	—
43	openstack	4	·	·	·	PoC 1	image registry and delivery service \(glance\) (3) · neutron (1)	—
44	php	4	1	·	·	PoC 3	php (4)	—
45	phpjabbers	4	·	·	·	NEWPoC 4	appointment scheduler (2) · event booking calendar (2)	—
46	pixabay images project	4	·	·	4	NEWNuclei 4PoC 4	pixabay images (4)	—
47	basic-cms	3	·	·	·	NEWPoC 2	sweetrice (3)	—
48	canonical ltd.	3	·	·	·	×3.0PoC 2	ubuntu (3)	—
49	cherry-design	3	·	·	·	NEWPoC 2	wikipad (3)	—
50	e107	3	·	·	·	PoC 3	e107 (3)	—