month report

May 2018

Data as of Jun 4, 2026, 13:28 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

May 2018 closed with 1,191 published CVEs — -71.3% YoY . 153 criticals, npm led volume, mostly via sequelize. Biggest breakout: hackerone at ×33.3 their 12-month median. Top weakness class — CWE-79 (133 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,191

-29.2% MoM-71.3% YoY

Severity mix

153 / 521

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

3.4%

40 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2851.3

n=40

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1406

n=7

Detection gap

KEV pressure, no Nuclei coverage

May 2018 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3microsoft71 CVE
KEV 2microsoft corp35 CVE
KEV 1adobe37 CVE

Weakness × Vendor

What's spreading where in May 2018

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

33.3×hackerone100 CVE
20.0×foxitsoftware90 CVE
17.0×npm102 CVE
8.9×foxit80 CVE
5.7×moxa17 CVE
4.5×pivotal9 CVE
4.3×d-link corp.13 CVE
4.0×advantech12 CVE
3.3×d-link10 CVE
3.0×joomla9 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#2hackerone100 CVE
#18[unknown]20 CVE
#43espruino9 CVE
#52ilias8 CVE
#54mysql-mmm8 CVE
#60asustor7 CVE
#61bmw7 CVE
#66libmobi project7 CVE
#692345.cc6 CVE
#71ehcp6 CVE

Top vendors

Ranked by distinct CVE count this period.

1npm↑154
102 CVE12 critCVSS 7.6
×17.0Nuclei 2PoC 9
sequelize (4) · hapi (3) · ws (2)
2hackerone—
100 CVE12 critCVSS 7.6
NEW×33.3Nuclei 1PoC 9
sequelize node module (4) · hapi node module (3) · ws node module (2)
3foxitsoftware↑86
90 CVECVSS 8.1
×20.0PoC 2
phantompdf (88) · foxit reader (81) · reader (9)
4foxit↑189
80 CVECVSS 8.0
×8.9PoC 2
foxit reader (80)
5microsoft↑6
71 CVE1 critCVSS 7.0
KEV 3PoC 10
windows server 2016 (20) · edge (20) · windows 10 (19)
6debian↓3
64 CVE8 critCVSS 7.0
PoC 17
debian linux (64)
7canonical↑1
50 CVE6 critCVSS 7.0
PoC 19
ubuntu linux (50)
8ibm↑7
42 CVE1 critCVSS 6.4
storwize v9000 firmware (9) · storwize v7000 firmware (9) · storwize v5000 firmware (9)
9redhat↑5
41 CVE4 critCVSS 6.8
PoC 13
enterprise linux server (24) · enterprise linux workstation (24) · enterprise linux desktop (23)
10сообщество свободного программного обеспечения↑3
39 CVE6 critCVSS 6.9
PoC 12
debian gnu/linux (28) · linux (5) · props-ng (3)
11maven↑5
38 CVE4 critCVSS 6.2
PoC 1
org.jenkins-ci.main:jenkins-core (14) · org.springframework:spring-core (2) · org.jenkins-ci.plugins:google-login (2)
12adobe—
37 CVE13 critCVSS 8.7
KEV 1PoC 4
flash player (9) · acrobat dc (8) · acrobat reader dc (8)
13cisco↑7
35 CVE6 critCVSS 7.4
aironet access point software (4) · wireless lan controller software (4) · digital network architecture center (3)
14microsoft corp↑3
35 CVE1 critCVSS 7.7
KEV 2PoC 8
microsoft edge (17) · chakracore (14) · internet explorer (7)
15ооо «русбитех-астра»↓3
29 CVE5 critCVSS 7.2
PoC 10
astra linux special edition (25) · astra linux common edition (12) · astra linux special edition для «эльбрус» (8)
16talos↑2
26 CVE8 critCVSS 8.5
PoC 14
moxa (17) · mysql mmm (8) · open fire user import export plugin (1)
17canonical ltd.↑2
25 CVE3 critCVSS 6.9
PoC 8
ubuntu (25)
18[unknown]—
20 CVECVSS 5.4
NEWPoC 3
jenkins (11) · procps-ng, procps (4) · undertow (1)
19jenkins↑21
19 CVECVSS 5.1
jenkins (14) · google login (2) · html publisher (1)
20moxa↑132
17 CVECVSS 7.9
×5.7PoC 9
edr-810 firmware (17)
21red hat inc.↑1
15 CVE1 critCVSS 6.6
PoC 6
red hat enterprise linux (12) · red hat enterprise mrg (3) · red hat virtualization (2)
22trend micro—
14 CVECVSS 7.8
trend micro email encryption gateway (6) · trend micro maximum security (5) · trend micro smart protection server (standalone) (2)
23trendmicro—
14 CVECVSS 7.5
email encryption gateway (6) · premium security (5) · antivirus\+ (5)
24d-link corp.↑53
13 CVE4 critCVSS 9.1
×4.3PoC 5
dsl-3782 (7) · dir-550a (2) · dir-604m (2)
25packagist↑7
13 CVE3 critCVSS 7.3
Nuclei 2PoC 2
moodle/moodle (5) · dolibarr/dolibarr (4) · opencart/opencart (2)
26advantech↑93
12 CVE5 critCVSS 8.4
×4.0
webaccess (12) · webaccess dashboard (11) · webaccess\/nms (11)
27linux↑15
12 CVECVSS 6.0
PoC 2
linux kernel (12)
28novell inc.↓7
12 CVE1 critCVSS 7.1
PoC 6
opensuse leap (12) · suse linux enterprise server for sap applications (3) · suse linux enterprise server (3)
29nuget↑42
12 CVECVSS 7.5
PoC 4
microsoft.chakracore (11) · system.security.cryptography.xml (1)
30google↓24
11 CVECVSS 6.7
PoC 1
android (9) · gmail (1) · chrome (1)
31oracle↓27
11 CVE4 critCVSS 8.2
Nuclei 1PoC 2
weblogic server (3) · insurance calculation engine (3) · communications diameter signaling router (3)
32quest—
11 CVE4 critCVSS 8.4
KEV 1Nuclei 2PoC 6
kace system management appliance (11)
332345 security guard project—
10 CVECVSS 7.1
PoC 9
2345 security guard (10)
34apache↑3
10 CVE3 critCVSS 7.5
PoC 2
nifi (2) · batik (1) · solr (1)
35apache software foundation↑3
10 CVE3 critCVSS 7.7
PoC 2
apache nifi (2) · derby (1) · openoffice (1)
36d-link↑99
10 CVE3 critCVSS 9.1
×3.3PoC 2
dsl-3782 firmware (6) · dir-550a firmware (2) · dir-604m firmware (2)
37huawei technologies co., ltd.↓7
10 CVECVSS 7.6
PoC 1
1288h v5; 2288h v5 (3) · berlin-l21hn; prague-al00a; prague-al00b; prague-al00c; prague-l31; prague-tl00a; prague-tl10a (1) · dp300; rp200; te30; te40; te50; te60 (1)
38ics-cert↑17
10 CVE2 critCVSS 8.2
delta electronics wplsoft (3) · vgo robot (2) · advantech webaccess versions 8.1 and prior. (1)
39oracle corp.↓10
10 CVE4 critCVSS 8.6
Nuclei 1PoC 2
weblogic server (3) · communications diameter signaling router (2) · oracle utilities network management system (2)
40radare—
10 CVECVSS 5.7
radare2 (10)
41sap↑21
10 CVECVSS 5.0
PoC 1
internet graphics server (4) · identity management (2) · sapscore (1)
42citrix—
9 CVE3 critCVSS 8.3
PoC 2
xenmobile server (7) · application delivery controller firmware (1) · netscaler gateway firmware (1)
43espruino—
9 CVECVSS 6.1
NEWPoC 3
espruino (9)
44huawei↓16
9 CVECVSS 7.5
2288h v5 firmware (5) · 1288h v5 firmware (5) · 2488 v5 firmware (2)
45joomla—
9 CVE1 critCVSS 6.5
×3.0
joomla\! (9)
46pivotal—
9 CVE1 critCVSS 7.1
×4.5
spring framework (2) · spring integration zip (2) · spring data commons (1)
47vmware↑21
9 CVECVSS 6.7
fusion (2) · spring framework (2) · spring integration zip (2)
48wireshark↓17
9 CVECVSS 7.5
wireshark (9)
49ао «концерн вниинс»↓2
9 CVE1 critCVSS 6.9
PoC 1
ос он «стрелец» (9)
50f5↓2
8 CVECVSS 5.7
big-ip link controller (8) · big-ip local traffic manager (8) · big-ip policy enforcement manager (8)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	npm	102	12	·	2	×17.0Nuclei 2PoC 9	sequelize (4) · hapi (3) · ws (2)	↑154
2	hackerone	100	12	·	1	NEW×33.3Nuclei 1PoC 9	sequelize node module (4) · hapi node module (3) · ws node module (2)	—
3	foxitsoftware	90	·	·	·	×20.0PoC 2	phantompdf (88) · foxit reader (81) · reader (9)	↑86
4	foxit	80	·	·	·	×8.9PoC 2	foxit reader (80)	↑189
5	microsoft	71	1	3	·	KEV 3PoC 10	windows server 2016 (20) · edge (20) · windows 10 (19)	↑6
6	debian	64	8	·	·	PoC 17	debian linux (64)	↓3
7	canonical	50	6	·	·	PoC 19	ubuntu linux (50)	↑1
8	ibm	42	1	·	·		storwize v9000 firmware (9) · storwize v7000 firmware (9) · storwize v5000 firmware (9)	↑7
9	redhat	41	4	·	·	PoC 13	enterprise linux server (24) · enterprise linux workstation (24) · enterprise linux desktop (23)	↑5
10	сообщество свободного программного обеспечения	39	6	·	·	PoC 12	debian gnu/linux (28) · linux (5) · props-ng (3)	↑3
11	maven	38	4	·	·	PoC 1	org.jenkins-ci.main:jenkins-core (14) · org.springframework:spring-core (2) · org.jenkins-ci.plugins:google-login (2)	↑5
12	adobe	37	13	1	·	KEV 1PoC 4	flash player (9) · acrobat dc (8) · acrobat reader dc (8)	—
13	cisco	35	6	·	·		aironet access point software (4) · wireless lan controller software (4) · digital network architecture center (3)	↑7
14	microsoft corp	35	1	2	·	KEV 2PoC 8	microsoft edge (17) · chakracore (14) · internet explorer (7)	↑3
15	ооо «русбитех-астра»	29	5	·	·	PoC 10	astra linux special edition (25) · astra linux common edition (12) · astra linux special edition для «эльбрус» (8)	↓3
16	talos	26	8	·	·	PoC 14	moxa (17) · mysql mmm (8) · open fire user import export plugin (1)	↑2
17	canonical ltd.	25	3	·	·	PoC 8	ubuntu (25)	↑2
18	[unknown]	20	·	·	·	NEWPoC 3	jenkins (11) · procps-ng, procps (4) · undertow (1)	—
19	jenkins	19	·	·	·		jenkins (14) · google login (2) · html publisher (1)	↑21
20	moxa	17	·	·	·	×5.7PoC 9	edr-810 firmware (17)	↑132
21	red hat inc.	15	1	·	·	PoC 6	red hat enterprise linux (12) · red hat enterprise mrg (3) · red hat virtualization (2)	↑1
22	trend micro	14	·	·	·		trend micro email encryption gateway (6) · trend micro maximum security (5) · trend micro smart protection server (standalone) (2)	—
23	trendmicro	14	·	·	·		email encryption gateway (6) · premium security (5) · antivirus\+ (5)	—
24	d-link corp.	13	4	·	·	×4.3PoC 5	dsl-3782 (7) · dir-550a (2) · dir-604m (2)	↑53
25	packagist	13	3	·	2	Nuclei 2PoC 2	moodle/moodle (5) · dolibarr/dolibarr (4) · opencart/opencart (2)	↑7
26	advantech	12	5	·	·	×4.0	webaccess (12) · webaccess dashboard (11) · webaccess\/nms (11)	↑93
27	linux	12	·	·	·	PoC 2	linux kernel (12)	↑15
28	novell inc.	12	1	·	·	PoC 6	opensuse leap (12) · suse linux enterprise server for sap applications (3) · suse linux enterprise server (3)	↓7
29	nuget	12	·	·	·	PoC 4	microsoft.chakracore (11) · system.security.cryptography.xml (1)	↑42
30	google	11	·	·	·	PoC 1	android (9) · gmail (1) · chrome (1)	↓24
31	oracle	11	4	·	1	Nuclei 1PoC 2	weblogic server (3) · insurance calculation engine (3) · communications diameter signaling router (3)	↓27
32	quest	11	4	1	2	KEV 1Nuclei 2PoC 6	kace system management appliance (11)	—
33	2345 security guard project	10	·	·	·	PoC 9	2345 security guard (10)	—
34	apache	10	3	·	·	PoC 2	nifi (2) · batik (1) · solr (1)	↑3
35	apache software foundation	10	3	·	·	PoC 2	apache nifi (2) · derby (1) · openoffice (1)	↑3
36	d-link	10	3	·	·	×3.3PoC 2	dsl-3782 firmware (6) · dir-550a firmware (2) · dir-604m firmware (2)	↑99
37	huawei technologies co., ltd.	10	·	·	·	PoC 1	1288h v5; 2288h v5 (3) · berlin-l21hn; prague-al00a; prague-al00b; prague-al00c; prague-l31; prague-tl00a; prague-tl10a (1) · dp300; rp200; te30; te40; te50; te60 (1)	↓7
38	ics-cert	10	2	·	·		delta electronics wplsoft (3) · vgo robot (2) · advantech webaccess versions 8.1 and prior. (1)	↑17
39	oracle corp.	10	4	·	1	Nuclei 1PoC 2	weblogic server (3) · communications diameter signaling router (2) · oracle utilities network management system (2)	↓10
40	radare	10	·	·	·		radare2 (10)	—
41	sap	10	·	·	·	PoC 1	internet graphics server (4) · identity management (2) · sapscore (1)	↑21
42	citrix	9	3	·	·	PoC 2	xenmobile server (7) · application delivery controller firmware (1) · netscaler gateway firmware (1)	—
43	espruino	9	·	·	·	NEWPoC 3	espruino (9)	—
44	huawei	9	·	·	·		2288h v5 firmware (5) · 1288h v5 firmware (5) · 2488 v5 firmware (2)	↓16
45	joomla	9	1	·	·	×3.0	joomla\! (9)	—
46	pivotal	9	1	·	·	×4.5	spring framework (2) · spring integration zip (2) · spring data commons (1)	—
47	vmware	9	·	·	·		fusion (2) · spring framework (2) · spring integration zip (2)	↑21
48	wireshark	9	·	·	·		wireshark (9)	↓17
49	ао «концерн вниинс»	9	1	·	·	PoC 1	ос он «стрелец» (9)	↓2
50	f5	8	·	·	·		big-ip link controller (8) · big-ip local traffic manager (8) · big-ip policy enforcement manager (8)	↓2