month report

April 2018

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

April 2018 closed with 1,683 published CVEs. 385 criticals, qualcomm, inc. led volume, mostly via snapdragon mobile, snapdragon wear. Biggest breakout: apple at ×41.0 their 12-month median. Top weakness class — CWE-119 (209 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,683

— MoM— YoY

Severity mix

385 / 687

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

2.7%

45 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2885.2

n=45

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1603

n=3

Weakness × Vendor

What's spreading where in April 2018

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

41.0×apple123 CVE
22.0×cmsmadesimple22 CVE
7.8×canonical101 CVE
7.0×jenkins14 CVE
6.8×novell inc.27 CVE
6.8×red hat inc.27 CVE
6.5×netapp26 CVE
6.2×canonical ltd.31 CVE
6.0×schneider electric12 CVE
6.0×mcafee12 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#2qualcomm262 CVE
#18talos35 CVE
#26blender21 CVE
#27blender foundation21 CVE
#36ао «ивк»16 CVE
#41unspecified14 CVE
#49f5 networks, inc.11 CVE
#51iscripts11 CVE
#55ics-cert10 CVE
#56libsdl10 CVE

Top vendors

Ranked by distinct CVE count this period.

1qualcomm, inc.—
285 CVE202 critCVSS 9.1
×3.8PoC 1
snapdragon mobile, snapdragon wear (88) · snapdragon automobile, snapdragon mobile, snapdragon wear (65) · snapdragon mobile (63)
2qualcomm—
262 CVE200 critCVSS 9.2
NEWPoC 1
sd 212 firmware (192) · sd 205 firmware (192) · sd 210 firmware (192)
3debian—
159 CVE11 critCVSS 7.1
Nuclei 4PoC 43
debian linux (159) · diffoscope (1)
4oracle—
145 CVE8 critCVSS 6.9
KEV 2Nuclei 6PoC 5
mysql (30) · jre (14) · jdk (14)
5oracle corporation—
136 CVE5 critCVSS 6.4
KEV 1Nuclei 2PoC 3
mysql server (30) · java (13) · peoplesoft enterprise pt peopletools (9)
6google—
124 CVE34 critCVSS 7.7
PoC 6
android (123) · guava (1)
7apple—
123 CVE8 critCVSS 7.7
×41.0PoC 10
iphone os (85) · mac os x (71) · tvos (45)
8canonical—
101 CVE4 critCVSS 6.9
×7.8Nuclei 1PoC 4
ubuntu linux (101)
9google inc—
99 CVE92 critCVSS 9.6
PoC 2
android (97) · android studio (1) · google chrome (1)
10google inc.—
97 CVE30 critCVSS 7.7
PoC 5
android (97)
11microsoft—
69 CVECVSS 6.7
Nuclei 1PoC 12
windows 10 (29) · windows server 2016 (29) · windows 10 servers (24)
12ооо «русбитех-астра»—
68 CVE4 critCVSS 7.1
PoC 15
astra linux special edition (60) · astra linux special edition для «эльбрус» (11) · astra linux common edition (8)
13сообщество свободного программного обеспечения—
68 CVE5 critCVSS 7.2
PoC 16
debian gnu/linux (60) · linux (4) · libvorbis (2)
14redhat—
67 CVE4 critCVSS 6.4
Nuclei 1PoC 10
enterprise linux server (40) · enterprise linux workstation (38) · enterprise linux desktop (35)
15ibm—
55 CVE5 critCVSS 6.1
PoC 1
security qradar siem (7) · qradar security information and event manager (7) · rational team concert (4)
16maven—
35 CVE5 critCVSS 6.3
KEV 1Nuclei 5PoC 5
org.jenkins-ci.plugins:vsphere-cloud (3) · org.jenkins-ci.main:jenkins-core (3) · org.springframework.data:spring-data-commons (2)
17microsoft corp—
35 CVECVSS 8.3
Nuclei 1PoC 3
windows 10 1511 (9) · windows 10 (9) · internet explorer (9)
18talos—
35 CVE14 critCVSS 8.7
NEWPoC 16
allen bradley (16) · computerinsel photoline (7) · foxit (4)
19canonical ltd.—
31 CVE1 critCVSS 6.4
×6.2PoC 1
ubuntu (31)
20cisco—
30 CVE2 critCVSS 7.2
firepower threat defense (8) · adaptive security appliance software (8) · ios xe (2)
21novell inc.—
27 CVE1 critCVSS 6.0
×6.8PoC 2
opensuse leap (27) · suse linux enterprise server (19) · suse linux enterprise desktop (19)
22red hat inc.—
27 CVE1 critCVSS 6.6
×6.8PoC 4
red hat enterprise linux (25) · red hat virtualization (2) · native client (1)
23netapp—
26 CVECVSS 6.2
×6.5
oncommand insight (20) · oncommand workflow automation (20) · snapcenter (18)
24schneider-electric—
23 CVE7 critCVSS 8.8
struxureware data center expert (11) · 140cpu65150c firmware (7) · 140cpu65150 firmware (7)
25cmsmadesimple—
22 CVE2 critCVSS 6.8
×22.0PoC 9
cms made simple (22)
26blender—
21 CVECVSS 7.8
NEWPoC 11
blender (21)
27blender foundation—
21 CVECVSS 7.8
NEWPoC 11
blender (21)
28huawei—
21 CVECVSS 6.8
te60 firmware (11) · te50 firmware (11) · te40 firmware (11)
29oracle corp.—
21 CVE4 critCVSS 7.5
KEV 2Nuclei 3PoC 2
mysql server (15) · weblogic server (3) · retail central office (1)
30huawei technologies co., ltd.—
19 CVECVSS 6.0
×4.8
ar120-s, ar1200, ar1200-s, ar150, ar150-s, ar160, ar200, ar200-s, ar2200, ar2200-s, ar3200, ar3600, ar510, dp300, ips module, ngfw module, nip6300, nip6600, nip6800, netengine16ex, rse6500, srg1300, srg2300, srg3300, svn5600, svn5800, svn5800-c, semg9811, secospace usg6300, secospace usg6500, secospace usg6600, te30, te40, te50, te60, tp3106, tp3206, usg6000v, usg9500, usg9520, usg9560, usg9580, vp9660, viewpoint 8660, viewpoint 9030 (7) · dp300, rp200, te30, te40, te50, te60 (3) · s12700, s7700, s9700 (1)
31wireshark—
19 CVECVSS 7.5
PoC 13
wireshark (19)
32packagist—
18 CVE2 critCVSS 6.9
PoC 9
dolibarr/dolibarr (4) · mautic/core (3) · moodle/moodle (2)
33webkitgtk—
17 CVECVSS 8.2
PoC 1
webkitgtk\+ (17)
34ао «нтц ит роса»—
17 CVE1 critCVSS 6.0
×5.7
роса хром (15) · роса кобальт (2)
35rockwellautomation—
16 CVE12 critCVSS 9.3
PoC 7
micrologix 1400 b firmware (16)
36ао «ивк»—
16 CVECVSS 5.6
NEW×5.3
альт линукс спт (15) · альт 8 сп рабочая станция (12) · альт 8 сп сервер (1)
37apache—
15 CVE4 critCVSS 7.2
KEV 1Nuclei 2PoC 1
fineract (4) · hive (3) · tika (3)
38apache software foundation—
15 CVE4 critCVSS 7.3
KEV 1Nuclei 2PoC 1
apache fineract (4) · apache hive (3) · apache tika (3)
39mariadb—
15 CVECVSS 5.6
mariadb (15)
40jenkins—
14 CVECVSS 6.3
×7.0PoC 1
jenkins (3) · vsphere (3) · github pull request builder (2)
41unspecified—
14 CVECVSS 6.5
NEWPoC 1
389-ds-base (1) · ansible (1) · corosync (1)
42linux—
13 CVECVSS 5.7
PoC 2
linux kernel (13)
43mcafee—
12 CVE1 critCVSS 6.2
×6.0
network security management (nsm) (7) · network security manager (7) · epolicy orchestrator (2)
44mediawiki—
12 CVE1 critCVSS 6.9
PoC 3
mediawiki (12) · mediawiki (syntaxhighlight extension) (1)
45schneider electric—
12 CVE8 critCVSS 9.0
×6.0
tsxp576634mc (7) · bmxp342000 (7) · bmxp3420102 (7)
46schneider electric se—
12 CVE7 critCVSS 8.6
66074 mge network management card transverse installed in mge ups and mge sts (4) · modicon premium, modicon quantum, modicon m340, bmxnor0200 (2) · micom p540d range with legacy ethernet board (1)
47ао «концерн вниинс»—
12 CVE2 critCVSS 7.5
×3.0Nuclei 2PoC 4
ос он «стрелец» (12)
48f5—
11 CVE1 critCVSS 7.4
×4.4PoC 1
big-ip application security manager (10) · big-ip advanced firewall manager (9) · big-ip policy enforcement manager (9)
49f5 networks, inc.—
11 CVE1 critCVSS 7.2
NEWPoC 1
big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, gtm, link controller, pem, webaccelerator, websafe) (5) · big-ip (analytics, ltm, aam, afm, apm, asm, dns, edge, gateway, gtm link controller, pem, webaccelerator, websafe) (1) · big-ip asm (1)
50hp—
11 CVECVSS 5.7
xp7 command view (11)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	qualcomm, inc.	285	202	·	·	×3.8PoC 1	snapdragon mobile, snapdragon wear (88) · snapdragon automobile, snapdragon mobile, snapdragon wear (65) · snapdragon mobile (63)	—
2	qualcomm	262	200	·	·	NEWPoC 1	sd 212 firmware (192) · sd 205 firmware (192) · sd 210 firmware (192)	—
3	debian	159	11	·	4	Nuclei 4PoC 43	debian linux (159) · diffoscope (1)	—
4	oracle	145	8	2	6	KEV 2Nuclei 6PoC 5	mysql (30) · jre (14) · jdk (14)	—
5	oracle corporation	136	5	1	2	KEV 1Nuclei 2PoC 3	mysql server (30) · java (13) · peoplesoft enterprise pt peopletools (9)	—
6	google	124	34	·	·	PoC 6	android (123) · guava (1)	—
7	apple	123	8	·	·	×41.0PoC 10	iphone os (85) · mac os x (71) · tvos (45)	—
8	canonical	101	4	·	1	×7.8Nuclei 1PoC 4	ubuntu linux (101)	—
9	google inc	99	92	·	·	PoC 2	android (97) · android studio (1) · google chrome (1)	—
10	google inc.	97	30	·	·	PoC 5	android (97)	—
11	microsoft	69	·	·	1	Nuclei 1PoC 12	windows 10 (29) · windows server 2016 (29) · windows 10 servers (24)	—
12	ооо «русбитех-астра»	68	4	·	·	PoC 15	astra linux special edition (60) · astra linux special edition для «эльбрус» (11) · astra linux common edition (8)	—
13	сообщество свободного программного обеспечения	68	5	·	·	PoC 16	debian gnu/linux (60) · linux (4) · libvorbis (2)	—
14	redhat	67	4	·	1	Nuclei 1PoC 10	enterprise linux server (40) · enterprise linux workstation (38) · enterprise linux desktop (35)	—
15	ibm	55	5	·	·	PoC 1	security qradar siem (7) · qradar security information and event manager (7) · rational team concert (4)	—
16	maven	35	5	1	5	KEV 1Nuclei 5PoC 5	org.jenkins-ci.plugins:vsphere-cloud (3) · org.jenkins-ci.main:jenkins-core (3) · org.springframework.data:spring-data-commons (2)	—
17	microsoft corp	35	·	·	1	Nuclei 1PoC 3	windows 10 1511 (9) · windows 10 (9) · internet explorer (9)	—
18	talos	35	14	·	·	NEWPoC 16	allen bradley (16) · computerinsel photoline (7) · foxit (4)	—
19	canonical ltd.	31	1	·	·	×6.2PoC 1	ubuntu (31)	—
20	cisco	30	2	·	·		firepower threat defense (8) · adaptive security appliance software (8) · ios xe (2)	—
21	novell inc.	27	1	·	·	×6.8PoC 2	opensuse leap (27) · suse linux enterprise server (19) · suse linux enterprise desktop (19)	—
22	red hat inc.	27	1	·	·	×6.8PoC 4	red hat enterprise linux (25) · red hat virtualization (2) · native client (1)	—
23	netapp	26	·	·	·	×6.5	oncommand insight (20) · oncommand workflow automation (20) · snapcenter (18)	—
24	schneider-electric	23	7	·	·		struxureware data center expert (11) · 140cpu65150c firmware (7) · 140cpu65150 firmware (7)	—
25	cmsmadesimple	22	2	·	·	×22.0PoC 9	cms made simple (22)	—
26	blender	21	·	·	·	NEWPoC 11	blender (21)	—
27	blender foundation	21	·	·	·	NEWPoC 11	blender (21)	—
28	huawei	21	·	·	·		te60 firmware (11) · te50 firmware (11) · te40 firmware (11)	—
29	oracle corp.	21	4	2	3	KEV 2Nuclei 3PoC 2	mysql server (15) · weblogic server (3) · retail central office (1)	—
30	huawei technologies co., ltd.	19	·	·	·	×4.8	ar120-s, ar1200, ar1200-s, ar150, ar150-s, ar160, ar200, ar200-s, ar2200, ar2200-s, ar3200, ar3600, ar510, dp300, ips module, ngfw module, nip6300, nip6600, nip6800, netengine16ex, rse6500, srg1300, srg2300, srg3300, svn5600, svn5800, svn5800-c, semg9811, secospace usg6300, secospace usg6500, secospace usg6600, te30, te40, te50, te60, tp3106, tp3206, usg6000v, usg9500, usg9520, usg9560, usg9580, vp9660, viewpoint 8660, viewpoint 9030 (7) · dp300, rp200, te30, te40, te50, te60 (3) · s12700, s7700, s9700 (1)	—
31	wireshark	19	·	·	·	PoC 13	wireshark (19)	—
32	packagist	18	2	·	·	PoC 9	dolibarr/dolibarr (4) · mautic/core (3) · moodle/moodle (2)	—
33	webkitgtk	17	·	·	·	PoC 1	webkitgtk\+ (17)	—
34	ао «нтц ит роса»	17	1	·	·	×5.7	роса хром (15) · роса кобальт (2)	—
35	rockwellautomation	16	12	·	·	PoC 7	micrologix 1400 b firmware (16)	—
36	ао «ивк»	16	·	·	·	NEW×5.3	альт линукс спт (15) · альт 8 сп рабочая станция (12) · альт 8 сп сервер (1)	—
37	apache	15	4	1	2	KEV 1Nuclei 2PoC 1	fineract (4) · hive (3) · tika (3)	—
38	apache software foundation	15	4	1	2	KEV 1Nuclei 2PoC 1	apache fineract (4) · apache hive (3) · apache tika (3)	—
39	mariadb	15	·	·	·		mariadb (15)	—
40	jenkins	14	·	·	·	×7.0PoC 1	jenkins (3) · vsphere (3) · github pull request builder (2)	—
41	unspecified	14	·	·	·	NEWPoC 1	389-ds-base (1) · ansible (1) · corosync (1)	—
42	linux	13	·	·	·	PoC 2	linux kernel (13)	—
43	mcafee	12	1	·	·	×6.0	network security management (nsm) (7) · network security manager (7) · epolicy orchestrator (2)	—
44	mediawiki	12	1	·	·	PoC 3	mediawiki (12) · mediawiki (syntaxhighlight extension) (1)	—
45	schneider electric	12	8	·	·	×6.0	tsxp576634mc (7) · bmxp342000 (7) · bmxp3420102 (7)	—
46	schneider electric se	12	7	·	·		66074 mge network management card transverse installed in mge ups and mge sts (4) · modicon premium, modicon quantum, modicon m340, bmxnor0200 (2) · micom p540d range with legacy ethernet board (1)	—
47	ао «концерн вниинс»	12	2	·	2	×3.0Nuclei 2PoC 4	ос он «стрелец» (12)	—
48	f5	11	1	·	·	×4.4PoC 1	big-ip application security manager (10) · big-ip advanced firewall manager (9) · big-ip policy enforcement manager (9)	—
49	f5 networks, inc.	11	1	·	·	NEWPoC 1	big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, gtm, link controller, pem, webaccelerator, websafe) (5) · big-ip (analytics, ltm, aam, afm, apm, asm, dns, edge, gateway, gtm link controller, pem, webaccelerator, websafe) (1) · big-ip asm (1)	—
50	hp	11	·	·	·		xp7 command view (11)	—