month report

November 2015

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

November 2015 closed with 368 published CVEs — -27.1% YoY . 75 criticals, microsoft led volume, mostly via internet explorer. Biggest breakout: microsoft corp at ×25.0 their 12-month median. Top weakness class — CWE-119 (68 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

368

— MoM-27.1% YoY

Severity mix

75 / 73

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

1.9%

7 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3770.4

n=7

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2451

n=2

Detection gap

KEV pressure, no Nuclei coverage

November 2015 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1redhat17 CVE
KEV 1maven16 CVE
KEV 1jenkins12 CVE
KEV 1oracle11 CVE
KEV 1oracle corp.3 CVE

Weakness × Vendor

What's spreading where in November 2015

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

119Memory Buffer Bounds 200Information Exposure 264CWE-264 20Improper Input Validation 79XSS 399CWE-399 254CWE-254 284CWE-284 352CSRF 189CWE-189 microsoft 30 6 5 3 3 1 1 microsoft corp 30 6 5 3 3 1 1 cisco 5 2 5 3 7 1 3 canonical 6 2 3 1 4 3 ibm 7 6 1 1 1 1 1 debian 7 3 4 1 1 mozilla 9 4 1 2 4 1 adobe 1 1 1 2 mozilla corp.9 4 1 2 4 1 adobe systems inc.1 1 1 2 redhat 1 4 3 1 1 1 maven 4 4 1 1 1

Breakout vendors

CVE count ≥3× their own 12-period median.

25.0×microsoft corp50 CVE
21.0×adobe systems inc.21 CVE
6.0×novell inc.6 CVE
4.5×hp9 CVE
3.5×huawei7 CVE
3.0×citrix3 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#38csl dualcom4 CVE
#39ffmpeg team4 CVE
#40lenovo4 CVE
#43nvidia corp.4 CVE
#44the document foundation4 CVE
#45xmlsoft4 CVE
#50samsung3 CVE
#52the linux foundation3 CVE
#54arista2 CVE
#55arm2 CVE

Top vendors

Ranked by distinct CVE count this period.

1microsoft—
50 CVE33 critCVSS 7.2
PoC 8
internet explorer (25) · windows 7 (11) · windows vista (11)
2microsoft corp—
50 CVE32 critCVSS 7.1
×25.0PoC 8
internet explorer (25) · windows 7 service pack 1 (11) · windows server 2012 r2 (11)
3cisco—
30 CVE1 critCVSS 6.0
PoC 1
firepower extensible operating system (8) · web security appliance (4) · ios (3)
4canonical—
28 CVE1 critCVSS 5.7
PoC 3
ubuntu linux (28)
5ibm—
26 CVECVSS 5.2
security qradar incident forensics (7) · system networking switch center (4) · maximo asset management (2)
6debian—
24 CVE1 critCVSS 6.0
PoC 3
debian linux (24)
7mozilla—
23 CVE1 critCVSS 6.6
PoC 3
firefox (23) · network security services (3)
8adobe—
22 CVE17 critCVSS 9.0
PoC 3
air sdk \& compiler (17) · air (17) · air sdk (17)
9mozilla corp.—
22 CVE1 critCVSS 6.7
PoC 3
firefox (22) · firefox esr (13)
10adobe systems inc.—
21 CVE16 critCVSS 8.8
×21.0PoC 3
adobe integrated runtime (17) · flash player (17) · coldfusion (3)
11redhat—
17 CVE1 critCVSS 6.1
KEV 1PoC 2
openshift (11) · enterprise linux workstation (2) · enterprise linux server aus (2)
12maven—
16 CVE1 critCVSS 5.8
KEV 1PoC 1
org.jenkins-ci.main:jenkins-core (11) · org.apache.ambari:ambari (2) · org.apache.cxf:cxf-rt-rs-security-sso-saml (1)
13opensuse—
14 CVE1 critCVSS 5.7
PoC 2
opensuse (14) · leap (8)
14apache—
13 CVECVSS 5.1
PoC 2
ambari (6) · openoffice (4) · cordova (2)
15google—
13 CVE8 critCVSS 8.3
PoC 2
android (10) · picasa (2) · chrome (1)
16jenkins—
12 CVE1 critCVSS 6.2
KEV 1PoC 1
jenkins (12)
17google inc—
11 CVE6 critCVSS 8.0
android (10) · google chrome (1)
18oracle—
11 CVE4 critCVSS 7.6
KEV 1PoC 2
solaris (5) · linux (2) · virtual desktop infrastructure (2)
19cisco systems inc.—
10 CVECVSS 5.5
cisco firepower extensible operating system (8) · adaptive security appliance (1) · cisco ios (1)
20canonical ltd.—
9 CVECVSS 4.8
PoC 1
ubuntu (9)
21hp—
9 CVECVSS 6.3
×4.5PoC 1
arcsight logger (3) · arcsight smartconnectors (2) · arcsight connectors (1)
22сообщество свободного программного обеспечения—
9 CVECVSS 5.7
PoC 2
debian gnu/linux (7) · libxml2 (2) · linux (1)
23apple—
8 CVECVSS 5.0
PoC 1
mac os x (7) · iphone os (6) · tvos (3)
24fedoraproject—
8 CVECVSS 6.6
fedora (8)
25ffmpeg—
7 CVECVSS 7.1
ffmpeg (7)
26huawei—
7 CVECVSS 5.5
×3.5PoC 1
espace firmware (3) · ne router software (1) · vp 9660 firmware (1)
27linux—
7 CVE1 critCVSS 5.5
PoC 1
linux kernel (7)
28sap—
7 CVE1 critCVSS 6.7
PoC 7
sap hana (5) · hana (5) · plant connectivity (1)
29novell inc.—
6 CVECVSS 4.5
×6.0
opensuse (5) · suse linux enterprise desktop (1)
30suse—
6 CVECVSS 5.7
linux enterprise desktop (6) · linux enterprise server (6) · linux enterprise software development kit (4)
31wordpress—
6 CVECVSS 5.4
Nuclei 6
wordpress (6)
32ibm corp.—
5 CVECVSS 6.0
ibm maximo asset management (1) · ibm smartcloud control desk (1) · ibm sterling b2b integrator (1)
33mediawiki—
5 CVECVSS 5.2
mediawiki (5)
34nvidia—
5 CVE1 critCVSS 7.6
PoC 1
gpu driver (5)
35ооо «русбитех-астра»—
5 CVECVSS 5.9
PoC 1
astra linux common edition (4) · astra linux special edition (3) · astra linux special edition для «эльбрус» (1)
36apache software foundation—
4 CVECVSS 6.2
openoffice (4)
37arris—
4 CVE1 critCVSS 6.2
PoC 1
na model 862 gw mono firmware (4)
38csl dualcom—
4 CVECVSS 6.0
NEWPoC 2
gprs cs2300-r firmware (4)
39ffmpeg team—
4 CVECVSS 7.3
NEW
ffmpeg (4)
40lenovo—
4 CVECVSS 6.6
NEW
switch center (4)
41libreoffice—
4 CVECVSS 6.2
libreoffice (4)
42mit—
4 CVECVSS 6.2
kerberos 5 (4)
43nvidia corp.—
4 CVE1 critCVSS 7.9
NEWPoC 1
nvidia gpu (4)
44the document foundation—
4 CVECVSS 6.2
NEW
libreoffice (4)
45xmlsoft—
4 CVECVSS 4.7
NEWPoC 1
libxml2 (3) · libxslt (1)
46citrix—
3 CVECVSS 4.8
×3.0
netscaler gateway firmware (3) · netscaler application delivery controller firmware (3) · netscaler service delivery appliance service vm (3)
47oracle corp.—
3 CVE2 critCVSS 9.6
KEV 1PoC 1
communications application session controller (1) · communications performance intelligence center (pic) software (1) · communications webrtc session controller (1)
48pypi—
3 CVECVSS 5.8
ipsilon (2) · ironic-inspector (1) · python-ironic-inspector-client (1)
49qemu—
3 CVECVSS 6.6
qemu (3)
50samsung—
3 CVECVSS 7.0
NEWPoC 1
smartviewer (2) · galaxy s6 (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	microsoft	50	33	·	·	PoC 8	internet explorer (25) · windows 7 (11) · windows vista (11)	—
2	microsoft corp	50	32	·	·	×25.0PoC 8	internet explorer (25) · windows 7 service pack 1 (11) · windows server 2012 r2 (11)	—
3	cisco	30	1	·	·	PoC 1	firepower extensible operating system (8) · web security appliance (4) · ios (3)	—
4	canonical	28	1	·	·	PoC 3	ubuntu linux (28)	—
5	ibm	26	·	·	·		security qradar incident forensics (7) · system networking switch center (4) · maximo asset management (2)	—
6	debian	24	1	·	·	PoC 3	debian linux (24)	—
7	mozilla	23	1	·	·	PoC 3	firefox (23) · network security services (3)	—
8	adobe	22	17	·	·	PoC 3	air sdk \& compiler (17) · air (17) · air sdk (17)	—
9	mozilla corp.	22	1	·	·	PoC 3	firefox (22) · firefox esr (13)	—
10	adobe systems inc.	21	16	·	·	×21.0PoC 3	adobe integrated runtime (17) · flash player (17) · coldfusion (3)	—
11	redhat	17	1	1	·	KEV 1PoC 2	openshift (11) · enterprise linux workstation (2) · enterprise linux server aus (2)	—
12	maven	16	1	1	·	KEV 1PoC 1	org.jenkins-ci.main:jenkins-core (11) · org.apache.ambari:ambari (2) · org.apache.cxf:cxf-rt-rs-security-sso-saml (1)	—
13	opensuse	14	1	·	·	PoC 2	opensuse (14) · leap (8)	—
14	apache	13	·	·	·	PoC 2	ambari (6) · openoffice (4) · cordova (2)	—
15	google	13	8	·	·	PoC 2	android (10) · picasa (2) · chrome (1)	—
16	jenkins	12	1	1	·	KEV 1PoC 1	jenkins (12)	—
17	google inc	11	6	·	·		android (10) · google chrome (1)	—
18	oracle	11	4	1	·	KEV 1PoC 2	solaris (5) · linux (2) · virtual desktop infrastructure (2)	—
19	cisco systems inc.	10	·	·	·		cisco firepower extensible operating system (8) · adaptive security appliance (1) · cisco ios (1)	—
20	canonical ltd.	9	·	·	·	PoC 1	ubuntu (9)	—
21	hp	9	·	·	·	×4.5PoC 1	arcsight logger (3) · arcsight smartconnectors (2) · arcsight connectors (1)	—
22	сообщество свободного программного обеспечения	9	·	·	·	PoC 2	debian gnu/linux (7) · libxml2 (2) · linux (1)	—
23	apple	8	·	·	·	PoC 1	mac os x (7) · iphone os (6) · tvos (3)	—
24	fedoraproject	8	·	·	·		fedora (8)	—
25	ffmpeg	7	·	·	·		ffmpeg (7)	—
26	huawei	7	·	·	·	×3.5PoC 1	espace firmware (3) · ne router software (1) · vp 9660 firmware (1)	—
27	linux	7	1	·	·	PoC 1	linux kernel (7)	—
28	sap	7	1	·	·	PoC 7	sap hana (5) · hana (5) · plant connectivity (1)	—
29	novell inc.	6	·	·	·	×6.0	opensuse (5) · suse linux enterprise desktop (1)	—
30	suse	6	·	·	·		linux enterprise desktop (6) · linux enterprise server (6) · linux enterprise software development kit (4)	—
31	wordpress	6	·	·	6	Nuclei 6	wordpress (6)	—
32	ibm corp.	5	·	·	·		ibm maximo asset management (1) · ibm smartcloud control desk (1) · ibm sterling b2b integrator (1)	—
33	mediawiki	5	·	·	·		mediawiki (5)	—
34	nvidia	5	1	·	·	PoC 1	gpu driver (5)	—
35	ооо «русбитех-астра»	5	·	·	·	PoC 1	astra linux common edition (4) · astra linux special edition (3) · astra linux special edition для «эльбрус» (1)	—
36	apache software foundation	4	·	·	·		openoffice (4)	—
37	arris	4	1	·	·	PoC 1	na model 862 gw mono firmware (4)	—
38	csl dualcom	4	·	·	·	NEWPoC 2	gprs cs2300-r firmware (4)	—
39	ffmpeg team	4	·	·	·	NEW	ffmpeg (4)	—
40	lenovo	4	·	·	·	NEW	switch center (4)	—
41	libreoffice	4	·	·	·		libreoffice (4)	—
42	mit	4	·	·	·		kerberos 5 (4)	—
43	nvidia corp.	4	1	·	·	NEWPoC 1	nvidia gpu (4)	—
44	the document foundation	4	·	·	·	NEW	libreoffice (4)	—
45	xmlsoft	4	·	·	·	NEWPoC 1	libxml2 (3) · libxslt (1)	—
46	citrix	3	·	·	·	×3.0	netscaler gateway firmware (3) · netscaler application delivery controller firmware (3) · netscaler service delivery appliance service vm (3)	—
47	oracle corp.	3	2	1	·	KEV 1PoC 1	communications application session controller (1) · communications performance intelligence center (pic) software (1) · communications webrtc session controller (1)	—
48	pypi	3	·	·	·		ipsilon (2) · ironic-inspector (1) · python-ironic-inspector-client (1)	—
49	qemu	3	·	·	·		qemu (3)	—
50	samsung	3	·	·	·	NEWPoC 1	smartviewer (2) · galaxy s6 (1)	—