month report

April 2016

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

April 2016 closed with 661 published CVEs — +18.5% YoY . 80 criticals, oracle led volume, mostly via mysql. Biggest breakout: oracle corp. at ×17.5 their 12-month median. Top weakness class — CWE-119 (105 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

661

— MoM+18.5% YoY

Severity mix

80 / 282

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

0.6%

4 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3611.2

n=4

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2176

n=7

Detection gap

KEV pressure, no Nuclei coverage

April 2016 · vendors with active exploitation listed by CISA but no public detection template.

KEV 4microsoft29 CVE
KEV 4microsoft corp27 CVE
KEV 1debian98 CVE
KEV 1canonical61 CVE
KEV 1opensuse61 CVE
KEV 1redhat49 CVE
KEV 1adobe29 CVE
KEV 1suse28 CVE

Weakness × Vendor

What's spreading where in April 2016

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

119Memory Buffer Bounds 200Information Exposure 264CWE-264 20Improper Input Validation 79XSS 284CWE-284 254CWE-254 787Out-of-bounds Write 399CWE-399 19CWE-19 oracle 7 3 1 3 3 debian 25 10 5 9 5 4 4 1 3 canonical 16 2 1 5 4 7 2 1 opensuse 17 5 4 5 1 5 2 1 redhat 3 8 3 6 3 4 1 1 google 11 6 16 6 1 2 1 google inc 11 6 16 5 1 2 1 oracle corp.1 1 1 apache 1 4 4 3 9 1 1 1 fedoraproject 6 5 1 6 3 2 1 1 1 adobe 1 1 14 linux 1 5 1 1 4 1

Breakout vendors

CVE count ≥3× their own 12-period median.

17.5×oracle corp.35 CVE
10.5×oracle116 CVE
8.0×suse28 CVE
8.0×ecava8 CVE
8.0×juniper networks inc.8 CVE
7.0×squid-cache7 CVE
5.5×packagist11 CVE
5.3×pypi16 CVE
5.3×foxitsoftware8 CVE
5.0×apache30 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#45hiniarata6 CVE
#55xymon5 CVE
#59dotcms4 CVE
#63optipng project4 CVE
#64paloaltonetworks4 CVE
#66redmine4 CVE
#69ао "нппкт"4 CVE
#71lockon3 CVE
#73mercurial3 CVE
#78systech3 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle↑11
116 CVE11 critCVSS 6.3
×10.5KEV 1Nuclei 1PoC 2
mysql (27) · linux (17) · solaris (13)
2debian↑14
98 CVE12 critCVSS 7.0
×4.5KEV 1PoC 26
debian linux (98)
3canonical↑16
61 CVE11 critCVSS 7.2
KEV 1PoC 11
ubuntu linux (61)
4opensuse↑5
61 CVE12 critCVSS 7.3
KEV 1PoC 7
leap (43) · opensuse (38)
5redhat↑34
49 CVE6 critCVSS 7.3
KEV 1PoC 3
enterprise linux (20) · enterprise linux workstation (10) · enterprise linux desktop (10)
6google↓3
46 CVE11 critCVSS 7.8
PoC 2
android (37) · chrome (9)
7google inc↓3
45 CVE11 critCVSS 7.9
×3.0PoC 2
android (35) · google chrome (9) · kubernetes (1)
8oracle corp.↑71
35 CVE7 critCVSS 6.5
×17.5KEV 1Nuclei 1PoC 1
mysql (24) · java platform (4) · solaris (2)
9apache—
30 CVE4 critCVSS 7.4
×5.0KEV 1Nuclei 1PoC 13
jetspeed (5) · struts (5) · ranger (5)
10fedoraproject↑20
30 CVE7 critCVSS 7.6
×3.8PoC 9
fedora (29) · 389 directory server (1)
11adobe↓1
29 CVE2 critCVSS 8.7
KEV 1PoC 3
air sdk (25) · flash player (25) · flash player desktop runtime (25)
12linux↑33
29 CVE1 critCVSS 6.1
×4.1PoC 6
linux kernel (29)
13maven—
29 CVE4 critCVSS 7.5
×4.5Nuclei 1PoC 12
org.jenkins-ci.main:jenkins-core (5) · org.apache.struts:struts2-core (5) · org.apache.ranger:ranger (5)
14microsoft↓6
29 CVE1 critCVSS 7.8
KEV 4PoC 7
windows 8.1 (10) · windows server 2012 (10) · windows 10 (8)
15suse·
28 CVE9 critCVSS 7.7
×8.0KEV 1PoC 4
linux enterprise software development kit (16) · linux enterprise server (14) · linux enterprise debuginfo (12)
16microsoft corp↓9
27 CVE1 critCVSS 7.8
KEV 4PoC 7
windows 8.1 (9) · windows server 2012 r2 (8) · windows server 2012 gold (7)
17adobe systems inc.↓6
25 CVE1 critCVSS 8.7
KEV 1PoC 3
flash player (24) · adobe reader (1) · adobe acrobat (1)
18сообщество свободного программного обеспечения↑17
25 CVE4 critCVSS 7.3
×3.8PoC 8
debian gnu/linux (21) · xymon (4) · linux (3)
19cisco↓5
21 CVE5 critCVSS 7.7
adaptive security appliance software (2) · unity connection (2) · unified computing system platform emulator (2)
20huawei—
20 CVECVSS 7.1
×5.0
mate s firmware (8) · p8 firmware (8) · s7700 firmware (3)
21novell↑5
19 CVE1 critCVSS 6.2
×3.2PoC 8
suse linux enterprise real time extension (12) · suse linux enterprise server (8) · suse linux enterprise debuginfo (8)
22ibm·
17 CVE4 critCVSS 6.3
powerkvm (10) · tivoli storage manager fastback (5) · maximo asset management (1)
23pypi—
16 CVE1 critCVSS 6.7
×5.3
pillow (4) · mercurial (3) · django (2)
24mariadb—
14 CVECVSS 5.1
mariadb (14)
25mozilla↓20
14 CVECVSS 7.2
firefox (14)
26mozilla corp.↓20
14 CVECVSS 7.5
firefox (13) · firefox esr (5)
27canonical ltd.↑36
13 CVE1 critCVSS 6.5
PoC 2
ubuntu (13)
28sap—
12 CVE1 critCVSS 7.6
KEV 1PoC 8
netweaver application server java (5) · sap netweaver (3) · hana (2)
29packagist↑19
11 CVECVSS 7.1
×5.5PoC 10
drupal/core (10) · drupal/drupal (10) · silverstripe/cms (1)
30wireshark—
11 CVECVSS 5.9
PoC 1
wireshark (11)
31drupal—
10 CVECVSS 7.2
PoC 10
drupal (10)
32ibm corp.↓7
10 CVE5 critCVSS 8.3
Nuclei 1PoC 1
ibm tivoli storage manager fastback (5) · ibm call center for commerce (3) · ibm maximo asset management (1)
33xen—
10 CVECVSS 6.5
×3.3
xen (10)
34cisco systems inc.↓14
9 CVE3 critCVSS 7.9
telepresence server (3) · cisco ios (2) · prime infrastructure (2)
35ecava—
8 CVECVSS 6.1
×8.0
integraxor (8)
36foxitsoftware—
8 CVECVSS 7.4
×5.3
foxit reader (8) · phantompdf (7)
37hp↓16
8 CVE7 critCVSS 9.6
Nuclei 1PoC 1
data protector (5) · asset manager cloudsystem chargeback (1) · asset manager (1)
38juniper↑5
8 CVECVSS 7.4
×4.0
junos (7) · screenos (1)
39juniper networks inc.↑34
8 CVECVSS 7.4
×8.0
junos (7) · screenos (1)
40samba↑13
8 CVECVSS 6.3
samba (8)
41samba team↑13
8 CVECVSS 6.3
samba (8)
42ооо «русбитех-астра»↑18
8 CVECVSS 6.3
×4.0
astra linux common edition (8)
43apache software foundation—
7 CVE1 critCVSS 7.5
Nuclei 1PoC 2
struts (5) · activemq (1) · subversion (1)
44squid-cache—
7 CVECVSS 7.2
×7.0
squid (7)
45hiniarata—
6 CVECVSS 7.5
NEW
casebook plugin (6)
46novell inc.—
6 CVE3 critCVSS 9.3
opensuse (5) · opensuse leap (5) · suse linux enterprise debuginfo (2)
47qemu—
6 CVE1 critCVSS 7.8
×4.0
qemu (6)
48dell—
5 CVE1 critCVSS 6.4
×5.0PoC 2
emc powerscale onefs (2) · bsafe crypto-j (1) · bsafe micro-edition-suite (1)
49fedora project↓13
5 CVECVSS 5.7
×3.3PoC 1
fedora (5)
50hp inc.↓19
5 CVE5 critCVSS 9.8
hpe data protector (3) · asset manager (1) · asset manager cloudsystem chargeback (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	116	11	1	1	×10.5KEV 1Nuclei 1PoC 2	mysql (27) · linux (17) · solaris (13)	↑11
2	debian	98	12	1	·	×4.5KEV 1PoC 26	debian linux (98)	↑14
3	canonical	61	11	1	·	KEV 1PoC 11	ubuntu linux (61)	↑16
4	opensuse	61	12	1	·	KEV 1PoC 7	leap (43) · opensuse (38)	↑5
5	redhat	49	6	1	·	KEV 1PoC 3	enterprise linux (20) · enterprise linux workstation (10) · enterprise linux desktop (10)	↑34
6	google	46	11	·	·	PoC 2	android (37) · chrome (9)	↓3
7	google inc	45	11	·	·	×3.0PoC 2	android (35) · google chrome (9) · kubernetes (1)	↓3
8	oracle corp.	35	7	1	1	×17.5KEV 1Nuclei 1PoC 1	mysql (24) · java platform (4) · solaris (2)	↑71
9	apache	30	4	1	1	×5.0KEV 1Nuclei 1PoC 13	jetspeed (5) · struts (5) · ranger (5)	—
10	fedoraproject	30	7	·	·	×3.8PoC 9	fedora (29) · 389 directory server (1)	↑20
11	adobe	29	2	1	·	KEV 1PoC 3	air sdk (25) · flash player (25) · flash player desktop runtime (25)	↓1
12	linux	29	1	·	·	×4.1PoC 6	linux kernel (29)	↑33
13	maven	29	4	·	1	×4.5Nuclei 1PoC 12	org.jenkins-ci.main:jenkins-core (5) · org.apache.struts:struts2-core (5) · org.apache.ranger:ranger (5)	—
14	microsoft	29	1	4	·	KEV 4PoC 7	windows 8.1 (10) · windows server 2012 (10) · windows 10 (8)	↓6
15	suse	28	9	1	·	×8.0KEV 1PoC 4	linux enterprise software development kit (16) · linux enterprise server (14) · linux enterprise debuginfo (12)	·
16	microsoft corp	27	1	4	·	KEV 4PoC 7	windows 8.1 (9) · windows server 2012 r2 (8) · windows server 2012 gold (7)	↓9
17	adobe systems inc.	25	1	1	·	KEV 1PoC 3	flash player (24) · adobe reader (1) · adobe acrobat (1)	↓6
18	сообщество свободного программного обеспечения	25	4	·	·	×3.8PoC 8	debian gnu/linux (21) · xymon (4) · linux (3)	↑17
19	cisco	21	5	·	·		adaptive security appliance software (2) · unity connection (2) · unified computing system platform emulator (2)	↓5
20	huawei	20	·	·	·	×5.0	mate s firmware (8) · p8 firmware (8) · s7700 firmware (3)	—
21	novell	19	1	·	·	×3.2PoC 8	suse linux enterprise real time extension (12) · suse linux enterprise server (8) · suse linux enterprise debuginfo (8)	↑5
22	ibm	17	4	·	·		powerkvm (10) · tivoli storage manager fastback (5) · maximo asset management (1)	·
23	pypi	16	1	·	·	×5.3	pillow (4) · mercurial (3) · django (2)	—
24	mariadb	14	·	·	·		mariadb (14)	—
25	mozilla	14	·	·	·		firefox (14)	↓20
26	mozilla corp.	14	·	·	·		firefox (13) · firefox esr (5)	↓20
27	canonical ltd.	13	1	·	·	PoC 2	ubuntu (13)	↑36
28	sap	12	1	1	·	KEV 1PoC 8	netweaver application server java (5) · sap netweaver (3) · hana (2)	—
29	packagist	11	·	·	·	×5.5PoC 10	drupal/core (10) · drupal/drupal (10) · silverstripe/cms (1)	↑19
30	wireshark	11	·	·	·	PoC 1	wireshark (11)	—
31	drupal	10	·	·	·	PoC 10	drupal (10)	—
32	ibm corp.	10	5	·	1	Nuclei 1PoC 1	ibm tivoli storage manager fastback (5) · ibm call center for commerce (3) · ibm maximo asset management (1)	↓7
33	xen	10	·	·	·	×3.3	xen (10)	—
34	cisco systems inc.	9	3	·	·		telepresence server (3) · cisco ios (2) · prime infrastructure (2)	↓14
35	ecava	8	·	·	·	×8.0	integraxor (8)	—
36	foxitsoftware	8	·	·	·	×5.3	foxit reader (8) · phantompdf (7)	—
37	hp	8	7	·	1	Nuclei 1PoC 1	data protector (5) · asset manager cloudsystem chargeback (1) · asset manager (1)	↓16
38	juniper	8	·	·	·	×4.0	junos (7) · screenos (1)	↑5
39	juniper networks inc.	8	·	·	·	×8.0	junos (7) · screenos (1)	↑34
40	samba	8	·	·	·		samba (8)	↑13
41	samba team	8	·	·	·		samba (8)	↑13
42	ооо «русбитех-астра»	8	·	·	·	×4.0	astra linux common edition (8)	↑18
43	apache software foundation	7	1	·	1	Nuclei 1PoC 2	struts (5) · activemq (1) · subversion (1)	—
44	squid-cache	7	·	·	·	×7.0	squid (7)	—
45	hiniarata	6	·	·	·	NEW	casebook plugin (6)	—
46	novell inc.	6	3	·	·		opensuse (5) · opensuse leap (5) · suse linux enterprise debuginfo (2)	—
47	qemu	6	1	·	·	×4.0	qemu (6)	—
48	dell	5	1	·	·	×5.0PoC 2	emc powerscale onefs (2) · bsafe crypto-j (1) · bsafe micro-edition-suite (1)	—
49	fedora project	5	·	·	·	×3.3PoC 1	fedora (5)	↓13
50	hp inc.	5	5	·	·		hpe data protector (3) · asset manager (1) · asset manager cloudsystem chargeback (1)	↓19