month report

May 2016

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

May 2016 closed with 617 published CVEs — +48.0% YoY . 154 criticals, adobe led volume, mostly via acrobat reader dc. Biggest breakout: php group at ×8.5 their 12-month median. Top weakness class — CWE-119 (136 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

617

-6.7% MoM+48.0% YoY

Severity mix

154 / 287

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

1.6%

10 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3575.8

n=10

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2008

n=7

Detection gap

KEV pressure, no Nuclei coverage

May 2016 · vendors with active exploitation listed by CISA but no public detection template.

KEV 4opensuse43 CVE
KEV 4suse8 CVE
KEV 3canonical65 CVE
KEV 3redhat55 CVE
KEV 3imagemagick5 CVE
KEV 2microsoft58 CVE
KEV 2microsoft corp56 CVE
KEV 2oracle18 CVE

Weakness × Vendor

What's spreading where in May 2016

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

119Memory Buffer Bounds 200Information Exposure 20Improper Input Validation 264CWE-264 284CWE-284 79XSS 399CWE-399 190Integer Overflow 254CWE-254 189CWE-189 adobe 49 3 1 1 8 1 adobe systems inc.49 3 1 8 1 apple 37 9 4 1 5 1 apple inc.36 8 4 1 5 canonical 9 10 4 4 1 2 debian 15 5 8 2 4 2 1 2 3 microsoft 9 6 10 5 1 linux 1 9 3 2 2 2 1 microsoft corp 8 6 9 5 1 redhat 6 8 7 3 1 2 2 1 php 11 1 12 1 1 3 1 1 php group 11 1 12 1 1 3 1 1

Breakout vendors

CVE count ≥3× their own 12-period median.

8.5×php group51 CVE
7.3×xmlsoft11 CVE
6.7×фссп россии10 CVE
6.6×linux56 CVE
5.3×php53 CVE
5.0×mcafee10 CVE
4.5×red hat inc.9 CVE
4.0×moxa8 CVE
4.0×qemu8 CVE
4.0×pulsesecure6 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#28botan project9 CVE
#32enlightenment8 CVE
#40ivanti7 CVE
#49imagemagick5 CVE
#52accellion4 CVE
#56meteocontrol3 CVE
#60veritas3 CVE
#63enlightenment development team2 CVE
#64envirosys2 CVE
#67freebsd project2 CVE

Top vendors

Ranked by distinct CVE count this period.

1adobe↑10
121 CVE89 critCVSS 9.5
×3.6KEV 1PoC 10
acrobat reader dc (92) · acrobat dc (92) · reader (89)
2adobe systems inc.↑15
120 CVE89 critCVSS 9.5
×3.9KEV 1PoC 10
adobe acrobat (92) · adobe acrobat document cloud (92) · adobe reader (92)
3apple↑111
77 CVE4 critCVSS 7.3
PoC 21
mac os x (67) · iphone os (39) · tvos (34)
4apple inc.—
74 CVE3 critCVSS 7.3
PoC 19
os x (64) · ios (39) · safari (7)
5canonical↓2
65 CVE4 critCVSS 6.8
KEV 3PoC 18
ubuntu linux (64) · ubuntu touch (3) · ubuntu core (3)
6debian↓4
58 CVE7 critCVSS 7.4
KEV 1PoC 9
debian linux (58)
7microsoft↑7
58 CVECVSS 7.5
KEV 2PoC 16
edge (28) · internet explorer (28) · windows 8.1 (18)
8linux↑4
56 CVECVSS 6.4
×6.6PoC 12
linux kernel (56)
9microsoft corp↑7
56 CVECVSS 7.5
KEV 2PoC 15
microsoft edge (28) · internet explorer (27) · windows 8.1 (18)
10redhat↓5
55 CVE10 critCVSS 6.9
×3.1KEV 3PoC 20
enterprise linux desktop (35) · enterprise linux workstation (35) · enterprise linux server (35)
11php↑155
53 CVE30 critCVSS 8.6
×5.3PoC 20
php (53)
12php group—
51 CVE30 critCVSS 8.7
×8.5PoC 19
php (51)
13google↓7
49 CVE5 critCVSS 7.6
PoC 2
android (35) · chrome (12) · android one (1)
14opensuse↓10
43 CVE18 critCVSS 8.3
KEV 4PoC 17
opensuse (29) · leap (27) · evergreen (1)
15google inc↓8
34 CVE3 critCVSS 7.5
android (31) · google chrome (3) · google v8 (1)
16сообщество свободного программного обеспечения↑2
27 CVE2 critCVSS 7.2
×3.9PoC 13
debian gnu/linux (21) · libxml2 (4) · libarchive (1)
17cisco↑2
22 CVE1 critCVSS 7.5
web security appliance \(wsa\) (2) · ios xr (2) · adaptive security appliance software (2)
18fedoraproject↓8
21 CVE8 critCVSS 8.2
PoC 6
fedora (21)
19oracle↓18
18 CVE1 critCVSS 7.2
KEV 2PoC 4
linux (12) · vm server (5) · solaris (3)
20canonical ltd.↑7
17 CVE2 critCVSS 7.1
×3.4KEV 1PoC 9
ubuntu (17)
21hp↑16
16 CVE2 critCVSS 7.1
PoC 1
network node manager i (6) · system management homepage (2) · helion openstack (2)
22novell↓1
16 CVECVSS 5.1
×3.2PoC 5
suse linux enterprise software development kit (16) · suse linux enterprise server (16) · suse linux enterprise workstation extension (13)
23packagist↑6
11 CVECVSS 5.4
×3.7Nuclei 1PoC 1
moodle/moodle (10) · contao-components/mediaelement (1) · contao/core (1)
24xmlsoft↑87
11 CVECVSS 6.6
×7.3PoC 3
libxml2 (11)
25mcafee↑47
10 CVE1 critCVSS 6.3
×5.0PoC 6
web gateway (7) · livesafe (1) · policy auditor (1)
26moodle—
10 CVECVSS 5.2
moodle (10)
27фссп россии—
10 CVECVSS 6.7
×6.7PoC 3
ос тд аис фссп россии (10)
28botan project—
9 CVE2 critCVSS 8.0
NEW
botan (9)
29red hat inc.↑24
9 CVECVSS 7.2
×4.5PoC 6
red hat enterprise linux server (5) · red hat enterprise linux (4) · jboss web server (3)
30wordpress—
9 CVECVSS 6.2
Nuclei 9PoC 1
wordpress (9)
31emc↑59
8 CVECVSS 5.6
PoC 7
rsa data loss prevention (4) · rsa authentication manager (3) · isilon onefs (1)
32enlightenment—
8 CVE1 critCVSS 7.9
NEW
imlib2 (8)
33maven↓20
8 CVECVSS 5.4
org.jenkins-ci.main:jenkins-core (7) · com.thoughtworks.xstream:xstream (1)
34moxa—
8 CVECVSS 7.8
×4.0
edr-g903 firmware (5) · miineport e1 4641 firmware (3) · miineport e1 7080 firmware (3)
35qemu↑12
8 CVECVSS 6.7
×4.0
qemu (8)
36suse↓21
8 CVE3 critCVSS 6.7
KEV 4PoC 5
linux enterprise software development kit (5) · linux enterprise desktop (4) · linux enterprise server (4)
37apache↓28
7 CVE1 critCVSS 5.9
PoC 2
ambari (2) · cordova (2) · subversion (2)
38huawei↓18
7 CVE1 critCVSS 8.1
PoC 1
secospace usg6500 firmware (2) · mate 8 firmware (2) · ngfw module firmware (2)
39ibm↓17
7 CVECVSS 6.2
b2b advanced communications (1) · algo one (1) · bluemix (1)
40ivanti—
7 CVE1 critCVSS 7.0
NEW
connect secure (7)
41jenkins↑10
7 CVECVSS 5.1
jenkins (7)
42juniper networks inc.↓3
7 CVECVSS 6.7
×3.5PoC 3
junos space (7)
43openssl—
7 CVE1 critCVSS 7.7
PoC 6
openssl (7)
44wireshark↓14
7 CVECVSS 5.9
PoC 1
wireshark (7)
45novell inc.↑1
6 CVECVSS 7.6
PoC 4
suse linux enterprise server (5) · opensuse leap (4) · opensuse tumbleweed (4)
46pulsesecure↑124
6 CVE1 critCVSS 7.3
×4.0
pulse connect secure (6)
47ооо «русбитех-астра»↓5
6 CVECVSS 7.3
×3.0PoC 5
astra linux common edition (4) · astra linux special edition (2)
48cisco systems inc.↓14
5 CVECVSS 7.6
cisco ios (2) · cisco evolved programmable network manager (1) · cisco identity services engine (1)
49imagemagick—
5 CVECVSS 5.6
NEWKEV 3PoC 5
imagemagick (5)
50openssl software foundation—
5 CVE1 critCVSS 8.1
PoC 5
openssl (5)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	adobe	121	89	1	·	×3.6KEV 1PoC 10	acrobat reader dc (92) · acrobat dc (92) · reader (89)	↑10
2	adobe systems inc.	120	89	1	·	×3.9KEV 1PoC 10	adobe acrobat (92) · adobe acrobat document cloud (92) · adobe reader (92)	↑15
3	apple	77	4	·	·	PoC 21	mac os x (67) · iphone os (39) · tvos (34)	↑111
4	apple inc.	74	3	·	·	PoC 19	os x (64) · ios (39) · safari (7)	—
5	canonical	65	4	3	·	KEV 3PoC 18	ubuntu linux (64) · ubuntu touch (3) · ubuntu core (3)	↓2
6	debian	58	7	1	·	KEV 1PoC 9	debian linux (58)	↓4
7	microsoft	58	·	2	·	KEV 2PoC 16	edge (28) · internet explorer (28) · windows 8.1 (18)	↑7
8	linux	56	·	·	·	×6.6PoC 12	linux kernel (56)	↑4
9	microsoft corp	56	·	2	·	KEV 2PoC 15	microsoft edge (28) · internet explorer (27) · windows 8.1 (18)	↑7
10	redhat	55	10	3	·	×3.1KEV 3PoC 20	enterprise linux desktop (35) · enterprise linux workstation (35) · enterprise linux server (35)	↓5
11	php	53	30	·	·	×5.3PoC 20	php (53)	↑155
12	php group	51	30	·	·	×8.5PoC 19	php (51)	—
13	google	49	5	·	·	PoC 2	android (35) · chrome (12) · android one (1)	↓7
14	opensuse	43	18	4	·	KEV 4PoC 17	opensuse (29) · leap (27) · evergreen (1)	↓10
15	google inc	34	3	·	·		android (31) · google chrome (3) · google v8 (1)	↓8
16	сообщество свободного программного обеспечения	27	2	·	·	×3.9PoC 13	debian gnu/linux (21) · libxml2 (4) · libarchive (1)	↑2
17	cisco	22	1	·	·		web security appliance \(wsa\) (2) · ios xr (2) · adaptive security appliance software (2)	↑2
18	fedoraproject	21	8	·	·	PoC 6	fedora (21)	↓8
19	oracle	18	1	2	·	KEV 2PoC 4	linux (12) · vm server (5) · solaris (3)	↓18
20	canonical ltd.	17	2	1	·	×3.4KEV 1PoC 9	ubuntu (17)	↑7
21	hp	16	2	·	·	PoC 1	network node manager i (6) · system management homepage (2) · helion openstack (2)	↑16
22	novell	16	·	·	·	×3.2PoC 5	suse linux enterprise software development kit (16) · suse linux enterprise server (16) · suse linux enterprise workstation extension (13)	↓1
23	packagist	11	·	·	1	×3.7Nuclei 1PoC 1	moodle/moodle (10) · contao-components/mediaelement (1) · contao/core (1)	↑6
24	xmlsoft	11	·	·	·	×7.3PoC 3	libxml2 (11)	↑87
25	mcafee	10	1	·	·	×5.0PoC 6	web gateway (7) · livesafe (1) · policy auditor (1)	↑47
26	moodle	10	·	·	·		moodle (10)	—
27	фссп россии	10	·	·	·	×6.7PoC 3	ос тд аис фссп россии (10)	—
28	botan project	9	2	·	·	NEW	botan (9)	—
29	red hat inc.	9	·	·	·	×4.5PoC 6	red hat enterprise linux server (5) · red hat enterprise linux (4) · jboss web server (3)	↑24
30	wordpress	9	·	·	9	Nuclei 9PoC 1	wordpress (9)	—
31	emc	8	·	·	·	PoC 7	rsa data loss prevention (4) · rsa authentication manager (3) · isilon onefs (1)	↑59
32	enlightenment	8	1	·	·	NEW	imlib2 (8)	—
33	maven	8	·	·	·		org.jenkins-ci.main:jenkins-core (7) · com.thoughtworks.xstream:xstream (1)	↓20
34	moxa	8	·	·	·	×4.0	edr-g903 firmware (5) · miineport e1 4641 firmware (3) · miineport e1 7080 firmware (3)	—
35	qemu	8	·	·	·	×4.0	qemu (8)	↑12
36	suse	8	3	4	·	KEV 4PoC 5	linux enterprise software development kit (5) · linux enterprise desktop (4) · linux enterprise server (4)	↓21
37	apache	7	1	·	·	PoC 2	ambari (2) · cordova (2) · subversion (2)	↓28
38	huawei	7	1	·	·	PoC 1	secospace usg6500 firmware (2) · mate 8 firmware (2) · ngfw module firmware (2)	↓18
39	ibm	7	·	·	·		b2b advanced communications (1) · algo one (1) · bluemix (1)	↓17
40	ivanti	7	1	·	·	NEW	connect secure (7)	—
41	jenkins	7	·	·	·		jenkins (7)	↑10
42	juniper networks inc.	7	·	·	·	×3.5PoC 3	junos space (7)	↓3
43	openssl	7	1	·	·	PoC 6	openssl (7)	—
44	wireshark	7	·	·	·	PoC 1	wireshark (7)	↓14
45	novell inc.	6	·	·	·	PoC 4	suse linux enterprise server (5) · opensuse leap (4) · opensuse tumbleweed (4)	↑1
46	pulsesecure	6	1	·	·	×4.0	pulse connect secure (6)	↑124
47	ооо «русбитех-астра»	6	·	·	·	×3.0PoC 5	astra linux common edition (4) · astra linux special edition (2)	↓5
48	cisco systems inc.	5	·	·	·		cisco ios (2) · cisco evolved programmable network manager (1) · cisco identity services engine (1)	↓14
49	imagemagick	5	·	3	·	NEWKEV 3PoC 5	imagemagick (5)	—
50	openssl software foundation	5	1	·	·	PoC 5	openssl (5)	—