month report

December 2015

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

December 2015 closed with 567 published CVEs. 187 criticals, adobe led volume, mostly via air. Top weakness class — CWE-119 (142 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

567

— MoM— YoY

Severity mix

187 / 149

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

0.5%

3 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3732.1

n=3

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2359

n=3

Detection gap

KEV pressure, no Nuclei coverage

December 2015 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1adobe99 CVE
KEV 1adobe systems inc.99 CVE
KEV 1microsoft corp64 CVE
KEV 1microsoft58 CVE
KEV 1opensuse28 CVE
KEV 1redhat21 CVE
KEV 1hp10 CVE

Weakness × Vendor

What's spreading where in December 2015

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

119Memory Buffer Bounds 200Information Exposure 264CWE-264 20Improper Input Validation 79XSS 189CWE-189 352CSRF 399CWE-399 255CWE-255 22Path Traversal adobe 21 1 1 1 adobe systems inc.21 1 1 1 apple 40 6 6 5 1 1 1 apple inc.42 5 6 4 1 1 1 microsoft corp 39 5 7 5 3 1 1 microsoft 33 6 7 5 3 1 google 14 10 11 4 2 cisco 1 7 5 6 6 3 8 1 1 fedoraproject 11 6 2 2 6 google inc 8 10 4 1 1 opensuse 8 6 1 2 9 canonical 8 3 3 1 1 2

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#19pcre18 CVE
#29acorn computers8 CVE
#30xmlsoft8 CVE
#31фссп россии8 CVE
#34ewon6 CVE
#37joomla5 CVE
#40adcon4 CVE
#44openssl software foundation4 CVE
#47zyxel communications corp.4 CVE
#48ampedwireless3 CVE

Top vendors

Ranked by distinct CVE count this period.

1adobe—
99 CVE79 critCVSS 9.6
KEV 1PoC 22
air (98) · flash player (98) · air sdk \& compiler (98)
2adobe systems inc.—
99 CVE79 critCVSS 9.6
KEV 1PoC 22
adobe integrated runtime (98) · flash player (98) · adobe reader document cloud (1)
3apple—
76 CVE11 critCVSS 6.5
PoC 10
iphone os (54) · mac os x (51) · tvos (47)
4apple inc.—
75 CVE11 critCVSS 6.5
PoC 10
ios (51) · macos (39) · os x (16)
5microsoft corp—
64 CVE37 critCVSS 8.1
KEV 1PoC 8
internet explorer (28) · microsoft edge (14) · windows vista service pack 2 (10)
6microsoft—
58 CVE38 critCVSS 8.2
KEV 1PoC 6
internet explorer (28) · edge (13) · windows server 2008 (11)
7google—
56 CVE20 critCVSS 7.3
PoC 1
chrome (33) · android (23) · v8 (2)
8cisco—
43 CVE1 critCVSS 5.4
PoC 2
emergency responder (4) · ios xe (3) · telepresence video communication server software (3)
9fedoraproject—
32 CVE11 critCVSS 7.3
PoC 3
fedora (32)
10google inc—
32 CVE19 critCVSS 7.6
PoC 1
android (22) · google chrome (10)
11opensuse—
28 CVE6 critCVSS 6.8
KEV 1PoC 2
opensuse (28) · leap (27) · evergreen (1)
12canonical—
22 CVECVSS 6.2
PoC 4
ubuntu linux (22) · lxcfs (2)
13mozilla—
21 CVE6 critCVSS 6.9
PoC 1
firefox (21)
14mozilla corp.—
21 CVE6 critCVSS 7.1
PoC 1
firefox (21) · firefox esr (7)
15redhat—
21 CVE1 critCVSS 5.9
KEV 1PoC 4
enterprise linux workstation (18) · enterprise linux desktop (18) · enterprise linux server (18)
16debian—
20 CVE1 critCVSS 6.3
PoC 3
debian linux (19) · dpkg (1)
17canonical ltd.—
19 CVECVSS 6.2
PoC 2
ubuntu (19)
18сообщество свободного программного обеспечения—
19 CVECVSS 6.0
PoC 3
debian gnu/linux (12) · libxml2 (8) · unix (8)
19pcre—
18 CVE6 critCVSS 8.2
NEWPoC 3
perl compatible regular expression library (16) · pcre (2)
20zyxel—
11 CVE4 critCVSS 8.8
PoC 1
pmg5318-b20a firmware (4) · gs1900-10hp firmware (4) · nbg-418n firmware (2)
21hp—
10 CVECVSS 6.3
KEV 1PoC 2
icewall federation agent (8) · icewall file manager (8) · icewall sso (1)
22ibm—
10 CVECVSS 5.1
websphere portal (5) · infosphere biginsights (3) · websphere application server (1)
23php—
10 CVE6 critCVSS 8.7
php (10)
24ibm corp.—
9 CVE1 critCVSS 6.0
PoC 2
os/2 (8) · powerkvm (1)
25linux—
9 CVECVSS 4.5
PoC 1
linux kernel (9)
26oracle—
9 CVE2 critCVSS 6.0
PoC 1
linux (8) · vm virtualbox (2) · solaris (2)
27red hat inc.—
9 CVE1 critCVSS 6.4
PoC 2
red hat enterprise linux (8) · red hat jboss enterprise web server (1) · red hat software collections (1)
28ооо «русбитех-астра»—
9 CVECVSS 6.7
astra linux common edition (9)
29acorn computers—
8 CVECVSS 5.5
NEWPoC 2
risc os (8)
30xmlsoft—
8 CVECVSS 5.5
NEWPoC 2
libxml2 (8)
31фссп россии—
8 CVECVSS 5.5
NEWPoC 2
ос тд аис фссп россии (8)
32samba—
7 CVECVSS 6.5
samba (7)
33samba team—
7 CVECVSS 6.5
samba (7)
34ewon—
6 CVE1 critCVSS 7.6
NEWPoC 5
ewon firmware (6)
35maven—
6 CVE1 critCVSS 8.3
PoC 1
com.orientechnologies:orientdb-studio (2) · org.apache.hive:hive (1) · org.apache.hive:hive-exec (1)
36zte—
6 CVE1 critCVSS 7.0
PoC 5
zxhn h108n r1a firmware (6) · zxv10 w300 firmware (1)
37joomla—
5 CVECVSS 7.4
NEWNuclei 1PoC 2
joomla\! (4) · session (1)
38openssl—
5 CVECVSS 5.9
openssl (5)
39oracle corp.—
5 CVE2 critCVSS 6.9
PoC 2
api gateway (1) · exalogic infrastructure (1) · hospitality gift and loyalty (1)
40adcon—
4 CVE1 critCVSS 9.0
NEW
a840 telemetry gateway base station firmware (4)
41apache—
4 CVE1 critCVSS 7.2
PoC 1
commons collections (1) · cordova file transfer (1) · hbase (1)
42asus—
4 CVECVSS 5.3
wl-330nul firmware (3) · wl-330nul (1) · wl-33nul firmware (1)
43emc—
4 CVECVSS 7.1
PoC 2
isilon onefs (1) · networker (1) · secure remote services (1)
44openssl software foundation—
4 CVECVSS 6.2
NEW
openssl (4)
45packagist—
4 CVECVSS 7.0
PoC 4
symfony/security-http (2) · symfony/security (2) · symfony/symfony (2)
46xen—
4 CVECVSS 6.1
xen (4)
47zyxel communications corp.—
4 CVE2 critCVSS 9.4
NEWPoC 1
pmg5318 (2) · zyxel pmg5318-b20a (2) · nbg-418n (1)
48ampedwireless—
3 CVE1 critCVSS 8.0
NEW
r10000 firmware (3)
49corega—
3 CVE1 critCVSS 7.1
NEW
cg-wlbaragm firmware (1) · cg-wlbargs firmware (1) · cg-wlncm4g firmware (1)
50cyrus—
3 CVECVSS 7.5
NEW
imap (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	adobe	99	79	1	·	KEV 1PoC 22	air (98) · flash player (98) · air sdk \& compiler (98)	—
2	adobe systems inc.	99	79	1	·	KEV 1PoC 22	adobe integrated runtime (98) · flash player (98) · adobe reader document cloud (1)	—
3	apple	76	11	·	·	PoC 10	iphone os (54) · mac os x (51) · tvos (47)	—
4	apple inc.	75	11	·	·	PoC 10	ios (51) · macos (39) · os x (16)	—
5	microsoft corp	64	37	1	·	KEV 1PoC 8	internet explorer (28) · microsoft edge (14) · windows vista service pack 2 (10)	—
6	microsoft	58	38	1	·	KEV 1PoC 6	internet explorer (28) · edge (13) · windows server 2008 (11)	—
7	google	56	20	·	·	PoC 1	chrome (33) · android (23) · v8 (2)	—
8	cisco	43	1	·	·	PoC 2	emergency responder (4) · ios xe (3) · telepresence video communication server software (3)	—
9	fedoraproject	32	11	·	·	PoC 3	fedora (32)	—
10	google inc	32	19	·	·	PoC 1	android (22) · google chrome (10)	—
11	opensuse	28	6	1	·	KEV 1PoC 2	opensuse (28) · leap (27) · evergreen (1)	—
12	canonical	22	·	·	·	PoC 4	ubuntu linux (22) · lxcfs (2)	—
13	mozilla	21	6	·	·	PoC 1	firefox (21)	—
14	mozilla corp.	21	6	·	·	PoC 1	firefox (21) · firefox esr (7)	—
15	redhat	21	1	1	·	KEV 1PoC 4	enterprise linux workstation (18) · enterprise linux desktop (18) · enterprise linux server (18)	—
16	debian	20	1	·	·	PoC 3	debian linux (19) · dpkg (1)	—
17	canonical ltd.	19	·	·	·	PoC 2	ubuntu (19)	—
18	сообщество свободного программного обеспечения	19	·	·	·	PoC 3	debian gnu/linux (12) · libxml2 (8) · unix (8)	—
19	pcre	18	6	·	·	NEWPoC 3	perl compatible regular expression library (16) · pcre (2)	—
20	zyxel	11	4	·	·	PoC 1	pmg5318-b20a firmware (4) · gs1900-10hp firmware (4) · nbg-418n firmware (2)	—
21	hp	10	·	1	·	KEV 1PoC 2	icewall federation agent (8) · icewall file manager (8) · icewall sso (1)	—
22	ibm	10	·	·	·		websphere portal (5) · infosphere biginsights (3) · websphere application server (1)	—
23	php	10	6	·	·		php (10)	—
24	ibm corp.	9	1	·	·	PoC 2	os/2 (8) · powerkvm (1)	—
25	linux	9	·	·	·	PoC 1	linux kernel (9)	—
26	oracle	9	2	·	·	PoC 1	linux (8) · vm virtualbox (2) · solaris (2)	—
27	red hat inc.	9	1	·	·	PoC 2	red hat enterprise linux (8) · red hat jboss enterprise web server (1) · red hat software collections (1)	—
28	ооо «русбитех-астра»	9	·	·	·		astra linux common edition (9)	—
29	acorn computers	8	·	·	·	NEWPoC 2	risc os (8)	—
30	xmlsoft	8	·	·	·	NEWPoC 2	libxml2 (8)	—
31	фссп россии	8	·	·	·	NEWPoC 2	ос тд аис фссп россии (8)	—
32	samba	7	·	·	·		samba (7)	—
33	samba team	7	·	·	·		samba (7)	—
34	ewon	6	1	·	·	NEWPoC 5	ewon firmware (6)	—
35	maven	6	1	·	·	PoC 1	com.orientechnologies:orientdb-studio (2) · org.apache.hive:hive (1) · org.apache.hive:hive-exec (1)	—
36	zte	6	1	·	·	PoC 5	zxhn h108n r1a firmware (6) · zxv10 w300 firmware (1)	—
37	joomla	5	·	·	1	NEWNuclei 1PoC 2	joomla\! (4) · session (1)	—
38	openssl	5	·	·	·		openssl (5)	—
39	oracle corp.	5	2	·	·	PoC 2	api gateway (1) · exalogic infrastructure (1) · hospitality gift and loyalty (1)	—
40	adcon	4	1	·	·	NEW	a840 telemetry gateway base station firmware (4)	—
41	apache	4	1	·	·	PoC 1	commons collections (1) · cordova file transfer (1) · hbase (1)	—
42	asus	4	·	·	·		wl-330nul firmware (3) · wl-330nul (1) · wl-33nul firmware (1)	—
43	emc	4	·	·	·	PoC 2	isilon onefs (1) · networker (1) · secure remote services (1)	—
44	openssl software foundation	4	·	·	·	NEW	openssl (4)	—
45	packagist	4	·	·	·	PoC 4	symfony/security-http (2) · symfony/security (2) · symfony/symfony (2)	—
46	xen	4	·	·	·		xen (4)	—
47	zyxel communications corp.	4	2	·	·	NEWPoC 1	pmg5318 (2) · zyxel pmg5318-b20a (2) · nbg-418n (1)	—
48	ampedwireless	3	1	·	·	NEW	r10000 firmware (3)	—
49	corega	3	1	·	·	NEW	cg-wlbaragm firmware (1) · cg-wlbargs firmware (1) · cg-wlncm4g firmware (1)	—
50	cyrus	3	·	·	·	NEW	imap (3)	—