month report

February 2016

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

February 2016 closed with 394 published CVEs. 42 criticals, debian led volume, mostly via debian linux. Biggest breakout: apple inc. at ×16.0 their 12-month median. Top weakness class — CWE-119 (63 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

394

— MoM— YoY

Severity mix

42 / 159

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

0.5%

2 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3674.1

n=2

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2296

n=5

Detection gap

KEV pressure, no Nuclei coverage

February 2016 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1debian40 CVE
KEV 1microsoft36 CVE
KEV 1microsoft corp36 CVE
KEV 1adobe systems inc.28 CVE
KEV 1opensuse25 CVE
KEV 1rubygems9 CVE
KEV 1rubyonrails9 CVE
KEV 1redhat8 CVE

Weakness × Vendor

What's spreading where in February 2016

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

119Memory Buffer Bounds 200Information Exposure 264CWE-264 79XSS 20Improper Input Validation 787Out-of-bounds Write 254CWE-254 284CWE-284 255CWE-255 352CSRF debian 10 2 8 1 2 1 microsoft 17 3 5 1 4 1 microsoft corp 17 3 5 1 4 1 adobe 3 2 1 1 15 1 1 ibm 3 7 3 9 1 1 2 1 1 adobe systems inc.3 1 15 1 1 canonical 6 1 3 2 1 opensuse 4 3 5 2 3 google 5 1 12 2 google inc 5 1 13 2 1 moodle 7 11 6 2 2 packagist 7 9 7 4 1 2

Breakout vendors

CVE count ≥3× their own 12-period median.

16.0×apple inc.16 CVE
9.0×rubygems9 CVE
7.0×apache software foundation7 CVE
6.0×ffmpeg6 CVE
5.3×maven16 CVE
4.7×ibm corp.14 CVE
4.0×cisco systems inc.12 CVE
4.0×linux12 CVE
4.0×huawei4 CVE
4.0×symantec4 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#13мартин догиамас23 CVE
#34ffmpeg team6 CVE
#36rails core team6 CVE
#37ipswitch5 CVE
#48qnap4 CVE
#50sil4 CVE
#51sil international4 CVE
#53squid software foundation4 CVE
#56tollgrade4 CVE
#57zzinc4 CVE

Top vendors

Ranked by distinct CVE count this period.

1debian—
40 CVE2 critCVSS 7.1
KEV 1PoC 9
debian linux (40)
2microsoft—
36 CVECVSS 7.6
KEV 1PoC 4
internet explorer (13) · windows server 2012 (12) · windows 8.1 (10)
3microsoft corp—
36 CVECVSS 7.6
KEV 1PoC 4
internet explorer (13) · windows server 2012 r2 (11) · windows server 2012 gold (10)
4adobe—
32 CVE4 critCVSS 8.8
KEV 1Nuclei 1PoC 11
air desktop runtime (22) · air sdk (22) · air sdk \& compiler (22)
5ibm—
31 CVE4 critCVSS 6.5
websphere portal (8) · qradar security information and event manager (4) · security access manager for web 8.0 firmware (3)
6adobe systems inc.—
28 CVE4 critCVSS 8.9
KEV 1PoC 10
adobe integrated runtime (22) · flash player (22) · adobe bridge cc (3)
7canonical—
26 CVE4 critCVSS 7.6
PoC 6
ubuntu linux (26)
8opensuse—
25 CVE5 critCVSS 7.2
KEV 1PoC 3
opensuse (20) · leap (18)
9google—
23 CVE4 critCVSS 7.9
PoC 2
android (14) · chrome (8) · sketchup (1)
10google inc—
23 CVE5 critCVSS 8.0
PoC 1
android (13) · google chrome (8) · kubernetes (2)
11moodle—
23 CVECVSS 5.4
moodle (23)
12packagist—
23 CVECVSS 5.7
moodle/moodle (20) · phpmyadmin/phpmyadmin (3)
13мартин догиамас—
23 CVECVSS 5.4
NEW
moodle (23)
14apple—
20 CVE2 critCVSS 8.1
PoC 10
iphone os (14) · watchos (12) · mac os x (10)
15cisco—
20 CVE2 critCVSS 7.0
PoC 1
spark (3) · application policy infrastructure controller enterprise module (2) · nx-os (2)
16fedoraproject—
18 CVECVSS 6.2
PoC 2
fedora (18)
17apple inc.—
16 CVE1 critCVSS 7.9
×16.0PoC 10
ios (13) · os x (9) · safari (6)
18cybozu—
16 CVECVSS 6.0
office (16)
19maven—
16 CVE1 critCVSS 7.0
×5.3PoC 5
org.apache.tomcat:tomcat (7) · org.jenkins-ci.main:jenkins-core (4) · org.apache.solr:solr-core (2)
20apache—
14 CVE2 critCVSS 6.9
PoC 5
tomcat (7) · solr (3) · cloudstack (2)
21ibm corp.—
14 CVE4 critCVSS 7.1
×4.7
ibm webshpere portal (8) · ibm tivoli storage manager fastback (3) · business process manager (1)
22cisco systems inc.—
12 CVE2 critCVSS 6.8
×4.0PoC 1
unified communications manager (3) · nx-os (3) · cisco ios (2)
23linux—
12 CVE1 critCVSS 6.5
×4.0PoC 2
linux kernel (12)
24wireshark—
12 CVECVSS 6.0
wireshark (12)
25сообщество свободного программного обеспечения—
11 CVE2 critCVSS 8.1
PoC 1
debian gnu/linux (7) · linux (2) · libxml2 (1)
26phpmyadmin—
9 CVECVSS 5.8
phpmyadmin (9)
27rubygems—
9 CVECVSS 6.3
×9.0KEV 1PoC 6
actionpack (4) · rails-html-sanitizer (3) · actionview (1)
28rubyonrails—
9 CVECVSS 6.0
KEV 1PoC 6
rails (6) · html sanitizer (3) · ruby on rails (3)
29oracle—
8 CVECVSS 6.6
PoC 1
linux (3) · solaris (2) · exalogic infrastructure (2)
30redhat—
8 CVECVSS 7.0
KEV 1PoC 2
enterprise linux server (3) · enterprise linux desktop (3) · openshift (3)
31apache software foundation—
7 CVECVSS 6.6
×7.0PoC 4
tomcat (7)
32canonical ltd.—
6 CVE3 critCVSS 8.9
ubuntu (6)
33ffmpeg—
6 CVECVSS 8.4
×6.0
ffmpeg (6)
34ffmpeg team—
6 CVECVSS 8.4
NEW
ffmpeg (6)
35novell inc.—
6 CVE3 critCVSS 8.8
×3.0PoC 1
opensuse leap (4) · opensuse (3) · zenworks configuration management (1)
36rails core team—
6 CVECVSS 6.1
NEWKEV 1PoC 6
ruby on rails (6)
37ipswitch—
5 CVECVSS 6.3
NEWPoC 5
moveit dmz (3) · moveit mobile (3)
38mozilla—
5 CVECVSS 8.1
PoC 1
firefox (5) · thunderbird (4)
39mozilla corp.—
5 CVECVSS 8.2
PoC 1
thunderbird (4) · firefox esr (4) · firefox (2)
40pypi—
5 CVE2 critCVSS 7.6
radicale (3) · keystone (1) · django (1)
41sap—
5 CVE1 critCVSS 7.4
KEV 2Nuclei 1PoC 4
sap netweaver (4) · netweaver (2) · netweaver application server java (2)
42sun—
5 CVECVSS 6.5
opensolaris (5)
43zyxel—
5 CVECVSS 6.3
gs1900-10hp firmware (5)
44f5—
4 CVE1 critCVSS 8.0
PoC 1
nginx (3) · big-ip advanced firewall manager (1) · big-ip analytics (1)
45hp—
4 CVE1 critCVSS 7.9
PoC 2
server migration pack (2) · helion openstack (1) · continuous delivery automation (1)
46huawei—
4 CVE1 critCVSS 7.2
×4.0PoC 1
mt882 firmware (2) · e5151 firmware (1) · agile controller-campus (1)
47jenkins—
4 CVECVSS 7.6
jenkins (4)
48qnap—
4 CVE1 critCVSS 8.5
NEW
signage station (3) · iartist lite (2) · sinage station (1)
49samsung—
4 CVECVSS 6.8
x14j firmware (4)
50sil—
4 CVECVSS 8.1
NEWPoC 1
graphite2 (4)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	debian	40	2	1	·	KEV 1PoC 9	debian linux (40)	—
2	microsoft	36	·	1	·	KEV 1PoC 4	internet explorer (13) · windows server 2012 (12) · windows 8.1 (10)	—
3	microsoft corp	36	·	1	·	KEV 1PoC 4	internet explorer (13) · windows server 2012 r2 (11) · windows server 2012 gold (10)	—
4	adobe	32	4	1	1	KEV 1Nuclei 1PoC 11	air desktop runtime (22) · air sdk (22) · air sdk \& compiler (22)	—
5	ibm	31	4	·	·		websphere portal (8) · qradar security information and event manager (4) · security access manager for web 8.0 firmware (3)	—
6	adobe systems inc.	28	4	1	·	KEV 1PoC 10	adobe integrated runtime (22) · flash player (22) · adobe bridge cc (3)	—
7	canonical	26	4	·	·	PoC 6	ubuntu linux (26)	—
8	opensuse	25	5	1	·	KEV 1PoC 3	opensuse (20) · leap (18)	—
9	google	23	4	·	·	PoC 2	android (14) · chrome (8) · sketchup (1)	—
10	google inc	23	5	·	·	PoC 1	android (13) · google chrome (8) · kubernetes (2)	—
11	moodle	23	·	·	·		moodle (23)	—
12	packagist	23	·	·	·		moodle/moodle (20) · phpmyadmin/phpmyadmin (3)	—
13	мартин догиамас	23	·	·	·	NEW	moodle (23)	—
14	apple	20	2	·	·	PoC 10	iphone os (14) · watchos (12) · mac os x (10)	—
15	cisco	20	2	·	·	PoC 1	spark (3) · application policy infrastructure controller enterprise module (2) · nx-os (2)	—
16	fedoraproject	18	·	·	·	PoC 2	fedora (18)	—
17	apple inc.	16	1	·	·	×16.0PoC 10	ios (13) · os x (9) · safari (6)	—
18	cybozu	16	·	·	·		office (16)	—
19	maven	16	1	·	·	×5.3PoC 5	org.apache.tomcat:tomcat (7) · org.jenkins-ci.main:jenkins-core (4) · org.apache.solr:solr-core (2)	—
20	apache	14	2	·	·	PoC 5	tomcat (7) · solr (3) · cloudstack (2)	—
21	ibm corp.	14	4	·	·	×4.7	ibm webshpere portal (8) · ibm tivoli storage manager fastback (3) · business process manager (1)	—
22	cisco systems inc.	12	2	·	·	×4.0PoC 1	unified communications manager (3) · nx-os (3) · cisco ios (2)	—
23	linux	12	1	·	·	×4.0PoC 2	linux kernel (12)	—
24	wireshark	12	·	·	·		wireshark (12)	—
25	сообщество свободного программного обеспечения	11	2	·	·	PoC 1	debian gnu/linux (7) · linux (2) · libxml2 (1)	—
26	phpmyadmin	9	·	·	·		phpmyadmin (9)	—
27	rubygems	9	·	1	·	×9.0KEV 1PoC 6	actionpack (4) · rails-html-sanitizer (3) · actionview (1)	—
28	rubyonrails	9	·	1	·	KEV 1PoC 6	rails (6) · html sanitizer (3) · ruby on rails (3)	—
29	oracle	8	·	·	·	PoC 1	linux (3) · solaris (2) · exalogic infrastructure (2)	—
30	redhat	8	·	1	·	KEV 1PoC 2	enterprise linux server (3) · enterprise linux desktop (3) · openshift (3)	—
31	apache software foundation	7	·	·	·	×7.0PoC 4	tomcat (7)	—
32	canonical ltd.	6	3	·	·		ubuntu (6)	—
33	ffmpeg	6	·	·	·	×6.0	ffmpeg (6)	—
34	ffmpeg team	6	·	·	·	NEW	ffmpeg (6)	—
35	novell inc.	6	3	·	·	×3.0PoC 1	opensuse leap (4) · opensuse (3) · zenworks configuration management (1)	—
36	rails core team	6	·	1	·	NEWKEV 1PoC 6	ruby on rails (6)	—
37	ipswitch	5	·	·	·	NEWPoC 5	moveit dmz (3) · moveit mobile (3)	—
38	mozilla	5	·	·	·	PoC 1	firefox (5) · thunderbird (4)	—
39	mozilla corp.	5	·	·	·	PoC 1	thunderbird (4) · firefox esr (4) · firefox (2)	—
40	pypi	5	2	·	·		radicale (3) · keystone (1) · django (1)	—
41	sap	5	1	2	1	KEV 2Nuclei 1PoC 4	sap netweaver (4) · netweaver (2) · netweaver application server java (2)	—
42	sun	5	·	·	·		opensolaris (5)	—
43	zyxel	5	·	·	·		gs1900-10hp firmware (5)	—
44	f5	4	1	·	·	PoC 1	nginx (3) · big-ip advanced firewall manager (1) · big-ip analytics (1)	—
45	hp	4	1	·	·	PoC 2	server migration pack (2) · helion openstack (1) · continuous delivery automation (1)	—
46	huawei	4	1	·	·	×4.0PoC 1	mt882 firmware (2) · e5151 firmware (1) · agile controller-campus (1)	—
47	jenkins	4	·	·	·		jenkins (4)	—
48	qnap	4	1	·	·	NEW	signage station (3) · iartist lite (2) · sinage station (1)	—
49	samsung	4	·	·	·		x14j firmware (4)	—
50	sil	4	·	·	·	NEWPoC 1	graphite2 (4)	—