month report
September 2015
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
September 2015 closed with 499 published CVEs. 77 criticals, apple led volume, mostly via iphone os. Biggest breakout: microsoft corp at ×26.0 their 12-month median. Top weakness class — CWE-119 (126 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
499
— MoM— YoY
Severity mix
77 / 107
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
2.6%
13 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
3824.3
n=13
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
2373
n=2
Detection gap
KEV pressure, no Nuclei coverage
September 2015 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 2microsoft52 CVE
- KEV 2microsoft corp52 CVE
Weakness × Vendor
What's spreading where in September 2015
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
119Memory Buffer Bounds79XSS200Information Exposure264CWE-26420Improper Input Validation254CWE-254399CWE-39989SQL Injection352CSRF22Path Traversalapple51221106apple inc.501976microsoft21621151microsoft corp21621151cisco32651111google101316mozilla163115mozilla corp.16315adobe13411adobe systems inc.13411google inc36canonical211311
Breakout vendors
CVE count ≥3× their own 12-period median.
- 26.0×microsoft corp52 CVE
- 25.0×adobe systems inc.25 CVE
- 6.3×apple100 CVE
- 4.0×fortinet4 CVE
- 3.3×symantec10 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #15refbase9 CVE
- #18newphoria corporation6 CVE
- #19free software foundation, inc.5 CVE
- #21securifi5 CVE
- #22synology5 CVE
- #32ibc solar3 CVE
- #33libvdpau project3 CVE
- #35moxa3 CVE
- #37philippine long distance telephone3 CVE
- #39s9y3 CVE
Top vendors
Ranked by distinct CVE count this period.
- 100 CVE7 critCVSS 6.0×6.3PoC 1iphone os (90) · safari (43) · itunes (36)
- 92 CVE8 critCVSS 6.1PoC 1ios (88) · itunes (35) · os x server (1)
- 52 CVE25 critCVSS 7.6KEV 2PoC 15windows 8.1 (19) · windows server 2012 (19) · windows 10 (18)
- 52 CVE25 critCVSS 7.6×26.0KEV 2PoC 15windows 10 (19) · windows server 2012 r2 (19) · windows 8.1 (19)
- 32 CVE4 critCVSS 6.4PoC 2ios xe (5) · ios (4) · prime collaboration assurance (3)
- 32 CVE16 critCVSS 8.2PoC 2android (17) · chrome (15) · v8 (1)
- 29 CVE1 critCVSS 6.6PoC 1firefox (28) · bugzilla (1)
- 28 CVE1 critCVSS 6.8firefox (28) · firefox esr (17)
- 25 CVE21 critCVSS 9.1PoC 2air (23) · air sdk (23) · air sdk \& compiler (23)
- 25 CVE21 critCVSS 9.1×25.0PoC 2adobe integrated runtime (23) · flash player (23) · shockwave player (2)
- 15 CVECVSS 6.5PoC 1google chrome (15)
- 12 CVECVSS 6.4ubuntu linux (12)
- 10 CVECVSS 6.6×3.3web gateway (6) · endpoint protection (3) · ghost solutions suite (1)
- 9 CVECVSS 7.5ffmpeg (9)
- 9 CVECVSS 6.2NEWPoC 2refbase (9)
- 7 CVE1 critCVSS 5.5PoC 5rsa archer grc (3) · rsa identity management and governance (2) · atmos (1)
- 7 CVECVSS 5.1mediawiki (7)
- 6 CVECVSS 6.8NEWkoritore (1) · 1.1 (1) · applican (1)
- 5 CVECVSS 6.6NEWlibvdpau (3) · gnutls (1) · sblim-sfcb (1)
- 5 CVECVSS 4.3arcsight logger (1) · integrated lights-out 3 firmware (1) · integrated lights-out 4 firmware (1)
- 5 CVECVSS 5.5NEWalmond-2015 firmware (5) · almond firmware (5)
- 5 CVE1 critCVSS 6.7NEWPoC 5video station (3) · download station (2)
- 4 CVECVSS 7.0ubuntu (4)
- 4 CVE1 critCVSS 7.9cisco ios (3) · telepresence server (1)
- 4 CVECVSS 5.7debian linux (4)
- 4 CVECVSS 5.9×4.0PoC 4forticlient (4)
- 4 CVE1 critCVSS 6.5http server (1) · websphere commerce (1) · websphere mq (1)
- 4 CVE1 critCVSS 6.1PoC 1opensuse (4)
- 4 CVECVSS 4.3PoC 2datatables/datatables (1) · october/october (1) · phpmyadmin/phpmyadmin (1)
- 4 CVECVSS 6.1enterprise linux (1) · enterprise linux desktop (1) · enterprise linux hpc node (1)
- 3 CVECVSS 6.4glibc (1) · gnu screen (1) · gnutls (1)
- 3 CVECVSS 4.8NEWdanfoss tlx pro\+ (3) · servemaster tlp\+ (3)
- 3 CVECVSS 6.9NEWlibvdpau (3)
- 3 CVECVSS 5.3enterprise security manager (1) · enterprise security manager\/log manager (1) · enterprise security manager\/receiver (1)
- 3 CVECVSS 6.5NEWeds-405a firmware (3) · eds-408a firmware (3)
- 3 CVECVSS 6.5moxa eds-405a (3) · moxa eds-408a (3)
- 3 CVECVSS 6.3NEWkasda kw58293 firmware (3) · speedsurf 504an firmware (3)
- 3 CVECVSS 5.8PoC 1ipython (2) · notebook (2) · nova (1)
- 3 CVECVSS 5.6NEWPoC 3serendipity (3)
- 3 CVECVSS 3.9NEWopen semantic framework (3)
- 3 CVECVSS 6.2PoC 3x2crm (3)
- 2 CVE1 critCVSS 8.4PoC 1webaccess (2)
- 2 CVE1 critCVSS 7.2netscaler application delivery controller firmware (2) · netscaler gateway firmware (2)
- 2 CVECVSS 5.9NEWNuclei 2PoC 2appointment booking calendar (2)
- 2 CVECVSS 4.6NEWcms updater (2)
- 2 CVECVSS 4.4PoC 1big-ip edge gateway (2) · big-ip advanced firewall manager (2) · big-ip analytics (2)
- 2 CVECVSS 5.5PoC 1fedora (2)
- 2 CVE2 critCVSS 9.5mds pulsenet (2)
- 2 CVECVSS 5.5PoC 2openfire (2)
- 2 CVE1 critCVSS 8.9NEWimpero education pro (2)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | apple | 100 | 7 | · | · | ×6.3PoC 1 | iphone os (90) · safari (43) · itunes (36) | — | |
| 2 | apple inc. | 92 | 8 | · | · | PoC 1 | ios (88) · itunes (35) · os x server (1) | — | |
| 3 | microsoft | 52 | 25 | 2 | · | KEV 2PoC 15 | windows 8.1 (19) · windows server 2012 (19) · windows 10 (18) | — | |
| 4 | microsoft corp | 52 | 25 | 2 | · | ×26.0KEV 2PoC 15 | windows 10 (19) · windows server 2012 r2 (19) · windows 8.1 (19) | — | |
| 5 | cisco | 32 | 4 | · | · | PoC 2 | ios xe (5) · ios (4) · prime collaboration assurance (3) | — | |
| 6 | 32 | 16 | · | · | PoC 2 | android (17) · chrome (15) · v8 (1) | — | ||
| 7 | mozilla | 29 | 1 | · | · | PoC 1 | firefox (28) · bugzilla (1) | — | |
| 8 | mozilla corp. | 28 | 1 | · | · | firefox (28) · firefox esr (17) | — | ||
| 9 | adobe | 25 | 21 | · | · | PoC 2 | air (23) · air sdk (23) · air sdk \& compiler (23) | — | |
| 10 | adobe systems inc. | 25 | 21 | · | · | ×25.0PoC 2 | adobe integrated runtime (23) · flash player (23) · shockwave player (2) | — | |
| 11 | google inc | 15 | · | · | · | PoC 1 | google chrome (15) | — | |
| 12 | canonical | 12 | · | · | · | ubuntu linux (12) | — | ||
| 13 | symantec | 10 | · | · | · | ×3.3 | web gateway (6) · endpoint protection (3) · ghost solutions suite (1) | — | |
| 14 | ffmpeg | 9 | · | · | · | ffmpeg (9) | — | ||
| 15 | refbase | 9 | · | · | · | NEWPoC 2 | refbase (9) | — | |
| 16 | emc | 7 | 1 | · | · | PoC 5 | rsa archer grc (3) · rsa identity management and governance (2) · atmos (1) | — | |
| 17 | mediawiki | 7 | · | · | · | mediawiki (7) | — | ||
| 18 | newphoria corporation | 6 | · | · | · | NEW | koritore (1) · 1.1 (1) · applican (1) | — | |
| 19 | free software foundation, inc. | 5 | · | · | · | NEW | libvdpau (3) · gnutls (1) · sblim-sfcb (1) | — | |
| 20 | hp | 5 | · | · | · | arcsight logger (1) · integrated lights-out 3 firmware (1) · integrated lights-out 4 firmware (1) | — | ||
| 21 | securifi | 5 | · | · | · | NEW | almond-2015 firmware (5) · almond firmware (5) | — | |
| 22 | synology | 5 | 1 | · | · | NEWPoC 5 | video station (3) · download station (2) | — | |
| 23 | canonical ltd. | 4 | · | · | · | ubuntu (4) | — | ||
| 24 | cisco systems inc. | 4 | 1 | · | · | cisco ios (3) · telepresence server (1) | — | ||
| 25 | debian | 4 | · | · | · | debian linux (4) | — | ||
| 26 | fortinet | 4 | · | · | · | ×4.0PoC 4 | forticlient (4) | — | |
| 27 | ibm | 4 | 1 | · | · | http server (1) · websphere commerce (1) · websphere mq (1) | — | ||
| 28 | opensuse | 4 | 1 | · | · | PoC 1 | opensuse (4) | — | |
| 29 | packagist | 4 | · | · | · | PoC 2 | datatables/datatables (1) · october/october (1) · phpmyadmin/phpmyadmin (1) | — | |
| 30 | redhat | 4 | · | · | · | enterprise linux (1) · enterprise linux desktop (1) · enterprise linux hpc node (1) | — | ||
| 31 | gnu | 3 | · | · | · | glibc (1) · gnu screen (1) · gnutls (1) | — | ||
| 32 | ibc solar | 3 | · | · | · | NEW | danfoss tlx pro\+ (3) · servemaster tlp\+ (3) | — | |
| 33 | libvdpau project | 3 | · | · | · | NEW | libvdpau (3) | — | |
| 34 | mcafee | 3 | · | · | · | enterprise security manager (1) · enterprise security manager\/log manager (1) · enterprise security manager\/receiver (1) | — | ||
| 35 | moxa | 3 | · | · | · | NEW | eds-405a firmware (3) · eds-408a firmware (3) | — | |
| 36 | moxa inc. | 3 | · | · | · | moxa eds-405a (3) · moxa eds-408a (3) | — | ||
| 37 | philippine long distance telephone | 3 | · | · | · | NEW | kasda kw58293 firmware (3) · speedsurf 504an firmware (3) | — | |
| 38 | pypi | 3 | · | · | · | PoC 1 | ipython (2) · notebook (2) · nova (1) | — | |
| 39 | s9y | 3 | · | · | · | NEWPoC 3 | serendipity (3) | — | |
| 40 | structured dynamics | 3 | · | · | · | NEW | open semantic framework (3) | — | |
| 41 | x2engine | 3 | · | · | · | PoC 3 | x2crm (3) | — | |
| 42 | advantech | 2 | 1 | · | · | PoC 1 | webaccess (2) | — | |
| 43 | citrix | 2 | 1 | · | · | netscaler application delivery controller firmware (2) · netscaler gateway firmware (2) | — | ||
| 44 | codepeople | 2 | · | · | 2 | NEWNuclei 2PoC 2 | appointment booking calendar (2) | — | |
| 45 | drupaldise | 2 | · | · | · | NEW | cms updater (2) | — | |
| 46 | f5 | 2 | · | · | · | PoC 1 | big-ip edge gateway (2) · big-ip advanced firewall manager (2) · big-ip analytics (2) | — | |
| 47 | fedoraproject | 2 | · | · | · | PoC 1 | fedora (2) | — | |
| 48 | ge | 2 | 2 | · | · | mds pulsenet (2) | — | ||
| 49 | igniterealtime | 2 | · | · | · | PoC 2 | openfire (2) | — | |
| 50 | impero | 2 | 1 | · | · | NEW | impero education pro (2) | — |