month report

April 2015

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

April 2015 closed with 558 published CVEs — -17.5% YoY . 61 criticals, oracle led volume, mostly via mysql. Biggest breakout: adobe systems inc. at ×20.0 their 12-month median. Top weakness class — CWE-79 (61 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

558

— MoM-17.5% YoY

Severity mix

61 / 96

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

1.4%

8 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3983.3

n=8

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2508

n=7

Detection gap

KEV pressure, no Nuclei coverage

April 2015 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1apple76 CVE
KEV 1opensuse48 CVE
KEV 1redhat39 CVE
KEV 1cisco38 CVE
KEV 1adobe23 CVE
KEV 1adobe systems inc.20 CVE
KEV 1novell10 CVE

Weakness × Vendor

What's spreading where in April 2015

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS 200Information Exposure 264CWE-264 352CSRF 119Memory Buffer Bounds 20Improper Input Validation 399CWE-399 17CWE-17 22Path Traversal 284CWE-284 oracle 1 2 1 apple 19 4 5 15 1 2 1 3 canonical 1 8 10 1 6 2 2 debian 3 7 11 1 3 1 2 opensuse 3 5 5 1 2 5 1 oracle corp.redhat 2 1 2 1 1 1 1 cisco 5 1 3 3 6 8 1 2 suse 2 1 1 microsoft 3 6 1 8 adobe 1 3 1 ibm 2 4 4 1 3 1 1 1

Breakout vendors

CVE count ≥3× their own 12-period median.

20.0×adobe systems inc.20 CVE
6.0×mediawiki12 CVE
5.0×novell10 CVE
4.6×adobe23 CVE
4.0×citrix4 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#26inductiveautomation6 CVE
#29magento5 CVE
#33hospira4 CVE
#34lenovo4 CVE
#39arj software3 CVE
#42ericsson3 CVE
#44insite3 CVE
#48node invite project3 CVE
#51sqlite3 CVE
#52blue coat2 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle—
87 CVE7 critCVSS 5.1
PoC 2
mysql (22) · solaris (15) · jre (13)
2apple—
76 CVE1 critCVSS 5.5
KEV 1PoC 7
iphone os (43) · mac os x (41) · tvos (23)
3canonical—
51 CVE2 critCVSS 6.0
PoC 4
ubuntu linux (51)
4debian—
51 CVE3 critCVSS 5.8
PoC 5
debian linux (50) · dbd-firebird (1) · dpkg (1)
5opensuse—
48 CVE21 critCVSS 7.6
KEV 1PoC 7
opensuse (48) · evergreen (1)
6oracle corp.—
40 CVE6 critCVSS 5.2
mysql (21) · java platform (13) · database (4)
7redhat—
39 CVE19 critCVSS 6.9
KEV 1PoC 4
enterprise linux server supplementary (18) · enterprise linux desktop supplementary (18) · enterprise linux server supplementary eus (18)
8cisco—
38 CVE2 critCVSS 6.3
KEV 1
ios xe (5) · unity connection (5) · unified meetingplace (4)
9suse—
36 CVE18 critCVSS 6.4
PoC 1
suse linux enterprise desktop (20) · suse linux workstation extension (17) · linux enterprise server (13)
10microsoft—
27 CVE14 critCVSS 7.8
KEV 3Nuclei 1PoC 3
internet explorer (10) · windows server 2008 (6) · windows 7 (6)
11adobe—
23 CVE19 critCVSS 9.1
×4.6KEV 1PoC 2
flash player (22) · coldfusion (1)
12ibm—
23 CVE5 critCVSS 6.3
PoC 1
websphere application server (4) · domino (4) · tivoli storage manager fastback (3)
13microsoft corp—
23 CVE13 critCVSS 7.7
KEV 3Nuclei 1PoC 3
internet explorer (9) · windows server 2008 r2 service pack 1 (6) · windows 7 service pack 1 (6)
14adobe systems inc.—
20 CVE20 critCVSS 10.0
×20.0KEV 1PoC 2
flash player (20)
15google—
20 CVECVSS 6.0
PoC 2
chrome (19) · v8 (2) · bionic (1)
16mozilla—
19 CVECVSS 6.2
PoC 2
firefox (19) · thunderbird (5) · firefox esr (2)
17google inc—
15 CVECVSS 5.9
google chrome (15)
18mozilla corp.—
15 CVECVSS 6.4
PoC 2
firefox (11) · thunderbird (3) · firefox esr (1)
19fedoraproject—
12 CVE1 critCVSS 6.1
fedora (12)
20mediawiki—
12 CVECVSS 5.3
×6.0PoC 1
mediawiki (10) · checkuser (1) · scribunto (1)
21hp—
10 CVE3 critCVSS 6.6
system management homepage (3) · easy tools (2) · capture and route software (1)
22novell—
10 CVE2 critCVSS 4.8
×5.0KEV 1PoC 1
suse linux enterprise desktop (8) · suse linux enterprise server (4) · suse linux enterprise software development kit (3)
23sap—
10 CVECVSS 5.5
PoC 8
netweaver (2) · afaria (2) · mobile platform (2)
24mariadb—
8 CVECVSS 4.2
mariadb (8)
25apache—
7 CVECVSS 5.8
PoC 1
subversion (3) · openoffice (1) · cassandra (1)
26inductiveautomation—
6 CVECVSS 4.5
NEW
ignition (6)
27gnu—
5 CVE2 critCVSS 8.3
PoC 2
glibc (2) · mailman (1) · libtasn1 (1)
28juniper—
5 CVECVSS 5.7
junos (4) · junos space (1)
29magento—
5 CVECVSS 6.2
NEWPoC 2
magento (5)
30xen—
5 CVECVSS 4.4
xen (5)
31citrix—
4 CVECVSS 5.1
×4.0PoC 4
netscaler (4)
32haxx—
4 CVE1 critCVSS 6.6
curl (4) · libcurl (4)
33hospira—
4 CVE2 critCVSS 8.4
NEW
mednet (3) · lifecare pcainfusion firmware (1) · lifecare pca3 (1)
34lenovo—
4 CVECVSS 4.7
NEW
thinkserver system manager baseboard management controller firmware (2) · thinkserver td350 (1) · thinkserver td350 firmware (1)
35pypi—
4 CVECVSS 4.8
django-markupfield (1) · keystonemiddleware (1) · nova (1)
36searchblox—
4 CVECVSS 6.4
searchblox (4)
37siemens—
4 CVECVSS 5.0
simatic step 7 (2) · wincc (2)
38сообщество свободного программного обеспечения—
4 CVE2 critCVSS 8.0
debian gnu/linux (3) · openstack (1)
39arj software—
3 CVECVSS 6.4
NEW
arj archiver (3)
40canonical ltd.—
3 CVE1 critCVSS 7.3
ubuntu (3)
41cisco systems inc.—
3 CVECVSS 7.7
adaptive security appliance (3)
42ericsson—
3 CVECVSS 5.0
NEWNuclei 1PoC 3
drutt mobile service delivery platform (3)
43ibm corp.—
3 CVE3 critCVSS 10.0
ibm domino (3)
44insite—
3 CVECVSS 5.0
NEW
node basket (3)
45linux—
3 CVECVSS 5.7
linux kernel (3)
46maven—
3 CVECVSS 6.8
PoC 1
org.apache.cassandra:apache-cassandra (1) · mysql:mysql-connector-java (1) · org.drools:drools-core (1)
47mcafee—
3 CVECVSS 4.5
advanced threat defense (3)
48node invite project—
3 CVECVSS 5.4
NEW
node invite (3)
49openstack—
3 CVECVSS 4.8
python-keystoneclient (1) · swift (1) · keystonemiddleware (1)
50php—
3 CVECVSS 7.5
php (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	87	7	·	·	PoC 2	mysql (22) · solaris (15) · jre (13)	—
2	apple	76	1	1	·	KEV 1PoC 7	iphone os (43) · mac os x (41) · tvos (23)	—
3	canonical	51	2	·	·	PoC 4	ubuntu linux (51)	—
4	debian	51	3	·	·	PoC 5	debian linux (50) · dbd-firebird (1) · dpkg (1)	—
5	opensuse	48	21	1	·	KEV 1PoC 7	opensuse (48) · evergreen (1)	—
6	oracle corp.	40	6	·	·		mysql (21) · java platform (13) · database (4)	—
7	redhat	39	19	1	·	KEV 1PoC 4	enterprise linux server supplementary (18) · enterprise linux desktop supplementary (18) · enterprise linux server supplementary eus (18)	—
8	cisco	38	2	1	·	KEV 1	ios xe (5) · unity connection (5) · unified meetingplace (4)	—
9	suse	36	18	·	·	PoC 1	suse linux enterprise desktop (20) · suse linux workstation extension (17) · linux enterprise server (13)	—
10	microsoft	27	14	3	1	KEV 3Nuclei 1PoC 3	internet explorer (10) · windows server 2008 (6) · windows 7 (6)	—
11	adobe	23	19	1	·	×4.6KEV 1PoC 2	flash player (22) · coldfusion (1)	—
12	ibm	23	5	·	·	PoC 1	websphere application server (4) · domino (4) · tivoli storage manager fastback (3)	—
13	microsoft corp	23	13	3	1	KEV 3Nuclei 1PoC 3	internet explorer (9) · windows server 2008 r2 service pack 1 (6) · windows 7 service pack 1 (6)	—
14	adobe systems inc.	20	20	1	·	×20.0KEV 1PoC 2	flash player (20)	—
15	google	20	·	·	·	PoC 2	chrome (19) · v8 (2) · bionic (1)	—
16	mozilla	19	·	·	·	PoC 2	firefox (19) · thunderbird (5) · firefox esr (2)	—
17	google inc	15	·	·	·		google chrome (15)	—
18	mozilla corp.	15	·	·	·	PoC 2	firefox (11) · thunderbird (3) · firefox esr (1)	—
19	fedoraproject	12	1	·	·		fedora (12)	—
20	mediawiki	12	·	·	·	×6.0PoC 1	mediawiki (10) · checkuser (1) · scribunto (1)	—
21	hp	10	3	·	·		system management homepage (3) · easy tools (2) · capture and route software (1)	—
22	novell	10	2	1	·	×5.0KEV 1PoC 1	suse linux enterprise desktop (8) · suse linux enterprise server (4) · suse linux enterprise software development kit (3)	—
23	sap	10	·	·	·	PoC 8	netweaver (2) · afaria (2) · mobile platform (2)	—
24	mariadb	8	·	·	·		mariadb (8)	—
25	apache	7	·	·	·	PoC 1	subversion (3) · openoffice (1) · cassandra (1)	—
26	inductiveautomation	6	·	·	·	NEW	ignition (6)	—
27	gnu	5	2	·	·	PoC 2	glibc (2) · mailman (1) · libtasn1 (1)	—
28	juniper	5	·	·	·		junos (4) · junos space (1)	—
29	magento	5	·	·	·	NEWPoC 2	magento (5)	—
30	xen	5	·	·	·		xen (5)	—
31	citrix	4	·	·	·	×4.0PoC 4	netscaler (4)	—
32	haxx	4	1	·	·		curl (4) · libcurl (4)	—
33	hospira	4	2	·	·	NEW	mednet (3) · lifecare pcainfusion firmware (1) · lifecare pca3 (1)	—
34	lenovo	4	·	·	·	NEW	thinkserver system manager baseboard management controller firmware (2) · thinkserver td350 (1) · thinkserver td350 firmware (1)	—
35	pypi	4	·	·	·		django-markupfield (1) · keystonemiddleware (1) · nova (1)	—
36	searchblox	4	·	·	·		searchblox (4)	—
37	siemens	4	·	·	·		simatic step 7 (2) · wincc (2)	—
38	сообщество свободного программного обеспечения	4	2	·	·		debian gnu/linux (3) · openstack (1)	—
39	arj software	3	·	·	·	NEW	arj archiver (3)	—
40	canonical ltd.	3	1	·	·		ubuntu (3)	—
41	cisco systems inc.	3	·	·	·		adaptive security appliance (3)	—
42	ericsson	3	·	·	1	NEWNuclei 1PoC 3	drutt mobile service delivery platform (3)	—
43	ibm corp.	3	3	·	·		ibm domino (3)	—
44	insite	3	·	·	·	NEW	node basket (3)	—
45	linux	3	·	·	·		linux kernel (3)	—
46	maven	3	·	·	·	PoC 1	org.apache.cassandra:apache-cassandra (1) · mysql:mysql-connector-java (1) · org.drools:drools-core (1)	—
47	mcafee	3	·	·	·		advanced threat defense (3)	—
48	node invite project	3	·	·	·	NEW	node invite (3)	—
49	openstack	3	·	·	·		python-keystoneclient (1) · swift (1) · keystonemiddleware (1)	—
50	php	3	·	·	·		php (3)	—