month report

October 2016

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

October 2016 closed with 697 published CVEs — -5.7% YoY . 143 criticals, oracle led volume, mostly via mysql. Biggest breakout: nuget at ×7.0 their 12-month median. Top weakness class — CWE-284 (95 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

697

— MoM-5.7% YoY

Severity mix

143 / 270

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

6.7%

47 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3434.0

n=47

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2048

n=3

Detection gap

KEV pressure, no Nuclei coverage

October 2016 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3microsoft36 CVE
KEV 3microsoft corp21 CVE

Weakness × Vendor

What's spreading where in October 2016

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

284CWE-284 119Memory Buffer Bounds 200Information Exposure 79XSS 264CWE-264 20Improper Input Validation 416Use After Free 399CWE-399 89SQL Injection 254CWE-254 oracle 69 26 1 4 1 3 adobe 2 51 23 1 adobe systems inc.2 48 22 1 google 4 5 17 25 7 1 1 cisco 3 4 4 4 15 15 2 microsoft 2 13 9 9 1 ibm 3 5 7 3 1 1 microsoft corp 1 12 2 4 linux 3 1 2 1 1 2 redhat 2 1 2 1 1 1 1 huge-it 7 11 libtiff

Breakout vendors

CVE count ≥3× their own 12-period median.

7.0×nuget7 CVE
5.2×oracle157 CVE
4.5×uclouvain9 CVE
4.0×libtiff12 CVE
3.3×siemens5 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#11huge-it13 CVE
#25yandex6 CVE
#26ооо «яндекс»6 CVE
#30yandex n.v.5 CVE
#32animas4 CVE
#34hpe4 CVE
#36ruckus4 CVE
#41filedownload project3 CVE
#44libcsp3 CVE
#49american auto-matrix2 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle—
157 CVE10 critCVSS 6.3
×5.2PoC 2
mysql (25) · agile product lifecycle management (11) · solaris (10)
2adobe—
88 CVE74 critCVSS 9.7
PoC 1
acrobat (74) · acrobat dc (74) · acrobat reader dc (74)
3adobe systems inc.—
82 CVE71 critCVSS 9.7
PoC 1
acrobat reader (71) · adobe acrobat (71) · adobe acrobat document cloud (71)
4google—
73 CVE10 critCVSS 7.3
PoC 3
android (72) · chrome (1)
5cisco—
55 CVE3 critCVSS 7.5
PoC 3
ios (11) · ios xe (11) · email security appliance (10)
6microsoft—
36 CVE1 critCVSS 7.0
KEV 3PoC 7
windows 10 (17) · windows 8.1 (16) · windows rt 8.1 (16)
7ibm—
25 CVECVSS 6.6
security guardium database activity monitor (5) · security guardium (4) · websphere application server (4)
8microsoft corp—
21 CVECVSS 7.4
KEV 3PoC 2
microsoft edge (13) · internet explorer (11) · windows server 2008 service pack 2 (4)
9linux—
19 CVE2 critCVSS 6.7
PoC 2
linux kernel (19)
10redhat—
16 CVECVSS 6.3
PoC 4
enterprise linux server (7) · enterprise linux workstation (6) · enterprise linux desktop (6)
11huge-it—
13 CVE4 critCVSS 7.7
NEWPoC 9
slider (2) · slideshow (2) · catalog (2)
12libtiff—
12 CVECVSS 7.4
×4.0PoC 5
libtiff (12)
13debian—
11 CVE4 critCVSS 7.4
debian linux (11)
14uclouvain—
9 CVECVSS 6.9
×4.5PoC 3
openjpeg (9)
15canonical—
8 CVE2 critCVSS 7.4
PoC 1
ubuntu linux (8)
16hp—
8 CVECVSS 7.4
system management homepage (4) · keyview (4)
17mariadb—
8 CVECVSS 5.6
mariadb (8)
18apache—
7 CVE4 critCVSS 8.8
PoC 3
tomcat (3) · struts (1) · commons fileupload (1)
19maven—
7 CVE4 critCVSS 8.2
Nuclei 1PoC 2
commons-fileupload:commons-fileupload (1) · io.undertow:undertow-core (1) · org.apache.derby:derby (1)
20nuget—
7 CVECVSS 7.5
×7.0
microsoft.chakracore (7)
21opensuse—
7 CVECVSS 7.3
PoC 1
leap (5) · opensuse (5)
22sap—
7 CVE1 critCVSS 6.9
PoC 1
netweaver (4) · sap aba (1) · sap basis (1)
23foxitsoftware—
6 CVECVSS 7.4
reader (6) · phantompdf (5)
24huawei—
6 CVE1 critCVSS 6.3
s5300 firmware (2) · s5700 firmware (2) · s9300 firmware (2)
25yandex—
6 CVECVSS 6.1
NEW
yandex browser (5) · yandex.browser (1)
26ооо «яндекс»—
6 CVECVSS 6.1
NEW
яндекс бразуер (6)
27fedoraproject—
5 CVE2 critCVSS 8.0
Nuclei 1PoC 1
fedora (5)
28qemu—
5 CVE1 critCVSS 5.5
qemu (5)
29siemens—
5 CVE1 critCVSS 6.1
×3.3
automation license manager (3) · simatic step 7 (2)
30yandex n.v.—
5 CVECVSS 6.2
NEW
yandex browser for desktop (5)
31alienvault—
4 CVE2 critCVSS 8.0
PoC 3
open source security information and event management (4) · unified security management (4)
32animas—
4 CVE2 critCVSS 8.7
NEW
onetouch ping firmware (4)
33artifex—
4 CVE2 critCVSS 8.7
PoC 2
mujs (4)
34hpe—
4 CVECVSS 6.7
NEW
hpe system management homepage before v7.6 (4)
35packagist—
4 CVE1 critCVSS 5.6
PoC 3
drupal/drupal (3) · drupal/core (3) · adodb/adodb-php (1)
36ruckus—
4 CVECVSS 7.6
NEWPoC 1
wireless h500 (4)
37silicon graphics corp.—
4 CVECVSS 7.3
libtiff (4)
38apache software foundation—
3 CVE3 critCVSS 9.6
struts (2) · commons fileupload (1) · derby (1)
39drupal—
3 CVECVSS 4.9
PoC 3
drupal (3)
40emc—
3 CVE2 critCVSS 9.5
solutions enabler (2) · unisphere (2) · networker module for microsoft applications (1)
41filedownload project—
3 CVE1 critCVSS 8.0
NEWNuclei 3PoC 1
filedownload (3)
42fortinet—
3 CVE1 critCVSS 7.0
fortiwlc (2) · fortimanager firmware (1) · fortianalyzer firmware (1)
43google inc—
3 CVE1 critCVSS 7.8
android (2) · google chrome (1)
44libcsp—
3 CVE3 critCVSS 9.8
NEW
libcsp (3)
45nodejs—
3 CVE1 critCVSS 7.3
node.js (3)
46oracle corp.—
3 CVE3 critCVSS 9.4
enterprise manager base platform (1) · fusion middleware (1) · oracle knowledge (1)
47pypi—
3 CVECVSS 7.5
PoC 1
nova (1) · cinder (1) · django (1)
48сообщество свободного программного обеспечения—
3 CVECVSS 7.5
debian gnu/linux (3) · dbd-mysql (1) · openjpeg (1)
49american auto-matrix—
2 CVECVSS 8.1
NEW
aspect-matrix building automation front-end solutions application (2) · aspect-nexus building automation front-end solutions application (2)
50beckhoff—
2 CVE2 critCVSS 9.1
embedded pc images (2) · twincat (2) · twincat components featuring automation device specification (ads) communication (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	157	10	·	·	×5.2PoC 2	mysql (25) · agile product lifecycle management (11) · solaris (10)	—
2	adobe	88	74	·	·	PoC 1	acrobat (74) · acrobat dc (74) · acrobat reader dc (74)	—
3	adobe systems inc.	82	71	·	·	PoC 1	acrobat reader (71) · adobe acrobat (71) · adobe acrobat document cloud (71)	—
4	google	73	10	·	·	PoC 3	android (72) · chrome (1)	—
5	cisco	55	3	·	·	PoC 3	ios (11) · ios xe (11) · email security appliance (10)	—
6	microsoft	36	1	3	·	KEV 3PoC 7	windows 10 (17) · windows 8.1 (16) · windows rt 8.1 (16)	—
7	ibm	25	·	·	·		security guardium database activity monitor (5) · security guardium (4) · websphere application server (4)	—
8	microsoft corp	21	·	3	·	KEV 3PoC 2	microsoft edge (13) · internet explorer (11) · windows server 2008 service pack 2 (4)	—
9	linux	19	2	·	·	PoC 2	linux kernel (19)	—
10	redhat	16	·	·	·	PoC 4	enterprise linux server (7) · enterprise linux workstation (6) · enterprise linux desktop (6)	—
11	huge-it	13	4	·	·	NEWPoC 9	slider (2) · slideshow (2) · catalog (2)	—
12	libtiff	12	·	·	·	×4.0PoC 5	libtiff (12)	—
13	debian	11	4	·	·		debian linux (11)	—
14	uclouvain	9	·	·	·	×4.5PoC 3	openjpeg (9)	—
15	canonical	8	2	·	·	PoC 1	ubuntu linux (8)	—
16	hp	8	·	·	·		system management homepage (4) · keyview (4)	—
17	mariadb	8	·	·	·		mariadb (8)	—
18	apache	7	4	·	·	PoC 3	tomcat (3) · struts (1) · commons fileupload (1)	—
19	maven	7	4	·	1	Nuclei 1PoC 2	commons-fileupload:commons-fileupload (1) · io.undertow:undertow-core (1) · org.apache.derby:derby (1)	—
20	nuget	7	·	·	·	×7.0	microsoft.chakracore (7)	—
21	opensuse	7	·	·	·	PoC 1	leap (5) · opensuse (5)	—
22	sap	7	1	·	·	PoC 1	netweaver (4) · sap aba (1) · sap basis (1)	—
23	foxitsoftware	6	·	·	·		reader (6) · phantompdf (5)	—
24	huawei	6	1	·	·		s5300 firmware (2) · s5700 firmware (2) · s9300 firmware (2)	—
25	yandex	6	·	·	·	NEW	yandex browser (5) · yandex.browser (1)	—
26	ооо «яндекс»	6	·	·	·	NEW	яндекс бразуер (6)	—
27	fedoraproject	5	2	·	1	Nuclei 1PoC 1	fedora (5)	—
28	qemu	5	1	·	·		qemu (5)	—
29	siemens	5	1	·	·	×3.3	automation license manager (3) · simatic step 7 (2)	—
30	yandex n.v.	5	·	·	·	NEW	yandex browser for desktop (5)	—
31	alienvault	4	2	·	·	PoC 3	open source security information and event management (4) · unified security management (4)	—
32	animas	4	2	·	·	NEW	onetouch ping firmware (4)	—
33	artifex	4	2	·	·	PoC 2	mujs (4)	—
34	hpe	4	·	·	·	NEW	hpe system management homepage before v7.6 (4)	—
35	packagist	4	1	·	·	PoC 3	drupal/drupal (3) · drupal/core (3) · adodb/adodb-php (1)	—
36	ruckus	4	·	·	·	NEWPoC 1	wireless h500 (4)	—
37	silicon graphics corp.	4	·	·	·		libtiff (4)	—
38	apache software foundation	3	3	·	·		struts (2) · commons fileupload (1) · derby (1)	—
39	drupal	3	·	·	·	PoC 3	drupal (3)	—
40	emc	3	2	·	·		solutions enabler (2) · unisphere (2) · networker module for microsoft applications (1)	—
41	filedownload project	3	1	·	3	NEWNuclei 3PoC 1	filedownload (3)	—
42	fortinet	3	1	·	·		fortiwlc (2) · fortimanager firmware (1) · fortianalyzer firmware (1)	—
43	google inc	3	1	·	·		android (2) · google chrome (1)	—
44	libcsp	3	3	·	·	NEW	libcsp (3)	—
45	nodejs	3	1	·	·		node.js (3)	—
46	oracle corp.	3	3	·	·		enterprise manager base platform (1) · fusion middleware (1) · oracle knowledge (1)	—
47	pypi	3	·	·	·	PoC 1	nova (1) · cinder (1) · django (1)	—
48	сообщество свободного программного обеспечения	3	·	·	·		debian gnu/linux (3) · dbd-mysql (1) · openjpeg (1)	—
49	american auto-matrix	2	·	·	·	NEW	aspect-matrix building automation front-end solutions application (2) · aspect-nexus building automation front-end solutions application (2)	—
50	beckhoff	2	2	·	·		embedded pc images (2) · twincat (2) · twincat components featuring automation device specification (ads) communication (2)	—