month report

May 2015

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

May 2015 closed with 417 published CVEs. 99 criticals, microsoft led volume, mostly via windows. Biggest breakout: adobe systems inc. at ×6.3 their 12-month median. Top weakness class — CWE-119 (63 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

417

— MoM— YoY

Severity mix

99 / 70

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

4.3%

18 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3939.1

n=18

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2569

n=3

Detection gap

KEV pressure, no Nuclei coverage

May 2015 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1microsoft78 CVE
KEV 1microsoft corp22 CVE
KEV 1arcserve2 CVE

Weakness × Vendor

What's spreading where in May 2015

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

119Memory Buffer Bounds 79XSS 200Information Exposure 264CWE-264 399CWE-399 284CWE-284 20Improper Input Validation 89SQL Injection 352CSRF 189CWE-189 microsoft 28 11 8 14 1 adobe 16 3 4 14 1 apple 12 2 2 14 1 cisco 9 3 3 9 2 10 1 5 ibm 4 6 9 2 4 3 1 1 2 adobe systems inc.15 14 1 debian 3 3 1 2 2 1 1 1 1 microsoft corp 15 google 2 1 1 1 1 1 google inc 2 1 1 1 1 1 canonical 1 1 1 4 1 ibm corp.4 3 1 1 1 2 1

Breakout vendors

CVE count ≥3× their own 12-period median.

6.3×adobe systems inc.38 CVE
5.7×ibm corp.17 CVE
5.0×fortinet5 CVE
4.0×docker4 CVE
3.3×adobe49 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#24blue coat5 CVE
#26hp inc.5 CVE
#29docker4 CVE
#32goautodial4 CVE
#36kozos3 CVE
#37lenovo3 CVE
#38module-signature project3 CVE
#39oscmax3 CVE
#40qt3 CVE
#42thecartpress3 CVE

Top vendors

Ranked by distinct CVE count this period.

1microsoft—
78 CVE53 critCVSS 6.7
KEV 1PoC 2
windows (32) · internet explorer (23) · windows 8 (15)
2adobe—
49 CVE39 critCVSS 8.9
×3.3PoC 9
acrobat reader (32) · acrobat (32) · air (17)
3apple—
43 CVE29 critCVSS 8.1
PoC 2
mac os x (37) · iphone os (7) · safari (6)
4cisco—
41 CVE2 critCVSS 6.4
headend digital broadband delivery system (6) · headend system release (4) · wireless lan controller software (2)
5ibm—
39 CVE5 critCVSS 5.2
license metric tool (6) · security siteprotector system (6) · endpoint manager family (5)
6adobe systems inc.—
38 CVE38 critCVSS 10.0
×6.3PoC 6
adobe acrobat (18) · adobe reader (10) · flash player (5)
7debian—
32 CVE1 critCVSS 6.0
PoC 2
debian linux (32)
8microsoft corp—
22 CVE21 critCVSS 9.1
KEV 1
internet explorer (14) · windows rt (6) · windows 7 (6)
9google—
19 CVECVSS 6.7
PoC 1
chrome (19) · v8 (1)
10google inc—
18 CVECVSS 6.8
PoC 1
google chrome (17) · google v8 (1)
11canonical—
17 CVE2 critCVSS 6.0
PoC 1
ubuntu linux (17)
12ibm corp.—
17 CVE5 critCVSS 6.6
×5.7
security siteprotector system (6) · tivoli storage manager fastback (2) · ibm webshpere portal (2)
13mozilla—
14 CVECVSS 5.9
firefox (14) · thunderbird (6) · firefox esr (5)
14opensuse—
14 CVECVSS 6.3
PoC 2
opensuse (14)
15fedoraproject—
12 CVE1 critCVSS 6.0
PoC 2
fedora (12)
16oracle—
11 CVECVSS 4.6
PoC 1
solaris (9) · linux (4) · jrockit (1)
17redhat—
10 CVECVSS 6.7
PoC 2
enterprise linux server supplementary (2) · enterprise linux desktop supplementary (2) · enterprise linux server supplementary eus (2)
18cisco systems inc.—
9 CVE2 critCVSS 6.7
adaptive security appliance (1) · anyconnect secure mobility client (1) · cisco identity services engine (1)
19wireshark—
9 CVECVSS 6.2
wireshark (9)
20linux—
8 CVE1 critCVSS 5.5
linux kernel (8)
21sap—
8 CVECVSS 6.0
PoC 3
customer relationship management (2) · hana (2) · sybase unwired platform online data proxy (1)
22hp—
7 CVE2 critCVSS 7.3
hp-ux (1) · loadrunner (1) · network virtualization (1)
23arubanetworks—
6 CVE2 critCVSS 6.0
PoC 1
clearpass policy manager (6)
24blue coat—
5 CVECVSS 4.8
NEW
ssl visibility appliance sv1800 firmware (5) · ssl visibility appliance sv2800 firmware (5) · ssl visibility appliance sv3800 firmware (5)
25fortinet—
5 CVECVSS 4.3
×5.0Nuclei 1PoC 1
fortios (2) · fortiadc firmware (1) · fortianalyzer firmware (1)
26hp inc.—
5 CVE1 critCVSS 7.5
NEW
hp nonstop safegguard security (1) · hewlett-packard virtual application network software-defined networking controller (1) · hp access control (1)
27novell—
5 CVECVSS 7.2
suse linux enterprise desktop (5) · suse linux enterprise server (5) · suse linux enterprise software development kit (5)
28clamav—
4 CVECVSS 5.0
clamav (4)
29docker—
4 CVECVSS 6.6
NEW×4.0PoC 4
docker (3) · libcontainer (2)
30emc—
4 CVE1 critCVSS 7.1
PoC 3
autostart (1) · rsa identity management and governance (1) · sourceone email management (1)
31go—
4 CVECVSS 6.5
PoC 4
github.com/docker/docker (4)
32goautodial—
4 CVE3 critCVSS 9.4
NEWPoC 4
goadmin ce (4)
33huawei—
4 CVE1 critCVSS 5.5
PoC 2
seq analyst (2) · e355s mobile wifi firmware (1) · e587 mobile wifi firmware (1)
34apple inc.—
3 CVECVSS 7.6
PoC 1
os x (2) · ios (2) · itunes (1)
35digia—
3 CVECVSS 6.8
qt (3)
36kozos—
3 CVECVSS 5.0
NEW
easyctf (3)
37lenovo—
3 CVECVSS 7.5
NEW
system update (3)
38module-signature project—
3 CVE1 critCVSS 7.4
NEW
module-signature (3)
39oscmax—
3 CVECVSS 6.2
NEW
oscmax (3)
40qt—
3 CVECVSS 6.8
NEW
qt (3)
41suse—
3 CVECVSS 5.3
linux enterprise desktop (2) · linux enterprise server (2) · linux enterprise software development kit (2)
42thecartpress—
3 CVECVSS 4.2
NEWNuclei 3PoC 3
thecartpress ecommerce shopping cart (3)
43y-cam—
3 CVECVSS 5.1
NEW
ycb001 firmware (3) · ycb002 firmware (3) · ycb003 firmware (3)
44arcserve—
2 CVE1 critCVSS 8.4
NEWKEV 1
arcserve unified data protection (1) · udp (1)
45barracuda—
2 CVECVSS 4.3
NEW
web filter (2)
46canonical ltd.—
2 CVE1 critCVSS 8.8
ubuntu (2)
47concrete5—
2 CVECVSS 4.3
NEWPoC 1
concrete5 (2)
48coppermine-gallery—
2 CVECVSS 4.7
NEWPoC 2
coppermine photo gallery (2)
49f5—
2 CVECVSS 6.7
PoC 1
big-ip link controller (2) · big-ip policy enforcement manager (2) · big-ip access policy manager (2)
50fedora—
2 CVECVSS 5.5
NEWPoC 1
pacemaker configuration system (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	microsoft	78	53	1	·	KEV 1PoC 2	windows (32) · internet explorer (23) · windows 8 (15)	—
2	adobe	49	39	·	·	×3.3PoC 9	acrobat reader (32) · acrobat (32) · air (17)	—
3	apple	43	29	·	·	PoC 2	mac os x (37) · iphone os (7) · safari (6)	—
4	cisco	41	2	·	·		headend digital broadband delivery system (6) · headend system release (4) · wireless lan controller software (2)	—
5	ibm	39	5	·	·		license metric tool (6) · security siteprotector system (6) · endpoint manager family (5)	—
6	adobe systems inc.	38	38	·	·	×6.3PoC 6	adobe acrobat (18) · adobe reader (10) · flash player (5)	—
7	debian	32	1	·	·	PoC 2	debian linux (32)	—
8	microsoft corp	22	21	1	·	KEV 1	internet explorer (14) · windows rt (6) · windows 7 (6)	—
9	google	19	·	·	·	PoC 1	chrome (19) · v8 (1)	—
10	google inc	18	·	·	·	PoC 1	google chrome (17) · google v8 (1)	—
11	canonical	17	2	·	·	PoC 1	ubuntu linux (17)	—
12	ibm corp.	17	5	·	·	×5.7	security siteprotector system (6) · tivoli storage manager fastback (2) · ibm webshpere portal (2)	—
13	mozilla	14	·	·	·		firefox (14) · thunderbird (6) · firefox esr (5)	—
14	opensuse	14	·	·	·	PoC 2	opensuse (14)	—
15	fedoraproject	12	1	·	·	PoC 2	fedora (12)	—
16	oracle	11	·	·	·	PoC 1	solaris (9) · linux (4) · jrockit (1)	—
17	redhat	10	·	·	·	PoC 2	enterprise linux server supplementary (2) · enterprise linux desktop supplementary (2) · enterprise linux server supplementary eus (2)	—
18	cisco systems inc.	9	2	·	·		adaptive security appliance (1) · anyconnect secure mobility client (1) · cisco identity services engine (1)	—
19	wireshark	9	·	·	·		wireshark (9)	—
20	linux	8	1	·	·		linux kernel (8)	—
21	sap	8	·	·	·	PoC 3	customer relationship management (2) · hana (2) · sybase unwired platform online data proxy (1)	—
22	hp	7	2	·	·		hp-ux (1) · loadrunner (1) · network virtualization (1)	—
23	arubanetworks	6	2	·	·	PoC 1	clearpass policy manager (6)	—
24	blue coat	5	·	·	·	NEW	ssl visibility appliance sv1800 firmware (5) · ssl visibility appliance sv2800 firmware (5) · ssl visibility appliance sv3800 firmware (5)	—
25	fortinet	5	·	·	1	×5.0Nuclei 1PoC 1	fortios (2) · fortiadc firmware (1) · fortianalyzer firmware (1)	—
26	hp inc.	5	1	·	·	NEW	hp nonstop safegguard security (1) · hewlett-packard virtual application network software-defined networking controller (1) · hp access control (1)	—
27	novell	5	·	·	·		suse linux enterprise desktop (5) · suse linux enterprise server (5) · suse linux enterprise software development kit (5)	—
28	clamav	4	·	·	·		clamav (4)	—
29	docker	4	·	·	·	NEW×4.0PoC 4	docker (3) · libcontainer (2)	—
30	emc	4	1	·	·	PoC 3	autostart (1) · rsa identity management and governance (1) · sourceone email management (1)	—
31	go	4	·	·	·	PoC 4	github.com/docker/docker (4)	—
32	goautodial	4	3	·	·	NEWPoC 4	goadmin ce (4)	—
33	huawei	4	1	·	·	PoC 2	seq analyst (2) · e355s mobile wifi firmware (1) · e587 mobile wifi firmware (1)	—
34	apple inc.	3	·	·	·	PoC 1	os x (2) · ios (2) · itunes (1)	—
35	digia	3	·	·	·		qt (3)	—
36	kozos	3	·	·	·	NEW	easyctf (3)	—
37	lenovo	3	·	·	·	NEW	system update (3)	—
38	module-signature project	3	1	·	·	NEW	module-signature (3)	—
39	oscmax	3	·	·	·	NEW	oscmax (3)	—
40	qt	3	·	·	·	NEW	qt (3)	—
41	suse	3	·	·	·		linux enterprise desktop (2) · linux enterprise server (2) · linux enterprise software development kit (2)	—
42	thecartpress	3	·	·	3	NEWNuclei 3PoC 3	thecartpress ecommerce shopping cart (3)	—
43	y-cam	3	·	·	·	NEW	ycb001 firmware (3) · ycb002 firmware (3) · ycb003 firmware (3)	—
44	arcserve	2	1	1	·	NEWKEV 1	arcserve unified data protection (1) · udp (1)	—
45	barracuda	2	·	·	·	NEW	web filter (2)	—
46	canonical ltd.	2	1	·	·		ubuntu (2)	—
47	concrete5	2	·	·	·	NEWPoC 1	concrete5 (2)	—
48	coppermine-gallery	2	·	·	·	NEWPoC 2	coppermine photo gallery (2)	—
49	f5	2	·	·	·	PoC 1	big-ip link controller (2) · big-ip policy enforcement manager (2) · big-ip access policy manager (2)	—
50	fedora	2	·	·	·	NEWPoC 1	pacemaker configuration system (2)	—