month report

July 2018

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

July 2018 closed with 2,225 published CVEs. 258 criticals, oracle led volume, mostly via mysql. Biggest breakout: npm at ×15.5 their 12-month median. Top weakness class — CWE-190 (478 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

2,225

— MoM— YoY

Severity mix

258 / 1,207

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

0.9%

19 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2790.0

n=19

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1414

n=5

Detection gap

KEV pressure, no Nuclei coverage

July 2018 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2adobe168 CVE
KEV 2adobe systems inc.18 CVE
KEV 1redhat134 CVE
KEV 1microsoft56 CVE
KEV 1red hat inc.20 CVE

Weakness × Vendor

What's spreading where in July 2018

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

15.5×npm31 CVE
8.0×jenkins16 CVE
6.8×canonical ltd.34 CVE
5.5×opensuse11 CVE
5.4×redhat134 CVE
5.3×axiosys16 CVE
5.3×netapp37 CVE
5.0×red hat inc.20 CVE
4.0×zohocorp8 CVE
3.5×lenovo7 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#9foxit82 CVE
#16[unknown]54 CVE
#21red hat35 CVE
#36hdfgroup16 CVE
#38intel corporation16 CVE
#41qualcomm16 CVE
#42michael elkins15 CVE
#43neomutt15 CVE
#46mutt12 CVE
#52linuxsampler11 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle—
217 CVE8 critCVSS 6.6
Nuclei 4PoC 4
mysql (24) · outside in technology (14) · sun zfs storage appliance kit (11)
2oracle corporation—
204 CVE6 critCVSS 6.3
Nuclei 2PoC 2
mysql server (24) · outside in technology (14) · sun zfs storage appliance kit (ak) software (11)
3adobe—
168 CVE40 critCVSS 8.1
KEV 2
acrobat reader dc (156) · acrobat dc (156) · flash player (6)
4redhat—
134 CVE7 critCVSS 6.5
×5.4KEV 1PoC 10
enterprise linux desktop (63) · enterprise linux workstation (63) · enterprise linux server (62)
5debian—
127 CVE21 critCVSS 6.9
KEV 1Nuclei 1PoC 23
debian linux (126) · devscripts (1)
6ibm—
95 CVE1 critCVSS 5.3
PoC 3
rational quality manager (48) · rational collaborative lifecycle management (40) · rational rhapsody design manager (10)
7foxitsoftware—
84 CVE1 critCVSS 8.7
foxit reader (84) · phantompdf (84)
8canonical—
82 CVE18 critCVSS 6.8
PoC 17
ubuntu linux (82)
9foxit—
82 CVECVSS 8.7
NEW
foxit reader (80) · foxit phantompdf (1) · foxit activex pro sdk (1)
10сообщество свободного программного обеспечения—
82 CVE18 critCVSS 6.9
KEV 1Nuclei 2PoC 15
debian gnu/linux (68) · linux (29) · libgit2 (2)
11oracle corp.—
67 CVE6 critCVSS 7.3
Nuclei 2PoC 1
mysql server (14) · outside in technology (14) · vm virtualbox (7)
12ооо «русбитех-астра»—
65 CVE21 critCVSS 7.6
Nuclei 1PoC 9
astra linux special edition (46) · astra linux common edition (22) · astra linux special edition для «эльбрус» (8)
13qualcomm, inc.—
59 CVE6 critCVSS 7.7
android for msm, firefox os for msm, qrd android (43) · snapdragon automobile, snapdragon mobile, snapdragon wear (9) · snapdragon mobile, snapdragon wear (5)
14microsoft—
56 CVE3 critCVSS 6.8
KEV 1PoC 5
edge (19) · microsoft edge (19) · chakracore (12)
15maven—
55 CVE4 critCVSS 6.8
Nuclei 3PoC 9
org.jenkins-ci.main:jenkins-core (7) · io.undertow:undertow-core (3) · org.keycloak:keycloak-core (3)
16[unknown]—
54 CVE2 critCVSS 6.2
NEWPoC 5
kernel (8) · ansible (4) · kernel: (3)
17google—
44 CVE3 critCVSS 7.4
android (44)
18linux—
43 CVECVSS 5.9
×3.3PoC 12
linux kernel (41) · kernel (3) · kernel: (1)
19cisco—
37 CVE8 critCVSS 8.0
vedge-100 firmware (10) · vbond orchestrator (10) · vedge-1000 firmware (10)
20netapp—
37 CVE2 critCVSS 5.9
×5.3Nuclei 1
oncommand workflow automation (32) · oncommand insight (32) · snapcenter (25)
21red hat—
35 CVECVSS 6.0
NEWPoC 2
ansible (3) · cloudforms (3) · business-central (2)
22canonical ltd.—
34 CVE9 critCVSS 7.1
×6.8PoC 7
ubuntu (34)
23npm—
31 CVE10 critCVSS 7.6
×15.5PoC 10
bootstrap (3) · angular-redactor (1) · bootstrap-sass (1)
24schneider-electric—
25 CVE4 critCVSS 8.7
Nuclei 1PoC 1
u.motion builder (16) · ibp319-1er firmware (3) · ibp519-1er firmware (3)
25schneider electric se—
24 CVE4 critCVSS 7.9
Nuclei 1PoC 1
u.motion (14) · u.motion builder (4) · pelco sarix professional v1 (3)
26apache—
21 CVE5 critCVSS 7.5
Nuclei 2
http server (2) · kafka (2) · spark (2)
27apache software foundation—
21 CVE5 critCVSS 7.5
Nuclei 2
apache kafka (2) · apache tomcat native (2) · http server (2)
28nuget—
21 CVECVSS 6.6
KEV 1Nuclei 1PoC 9
microsoft.chakracore (10) · bootstrap.sass (3) · bootstrap (3)
29pypi—
20 CVE3 critCVSS 7.5
PoC 1
ansible (7) · mercurial (3) · aubio (3)
30red hat inc.—
20 CVE3 critCVSS 7.7
×5.0KEV 1PoC 2
red hat enterprise linux (13) · ansible (3) · red hat single sign-on (3)
31packagist—
19 CVE7 critCVSS 7.6
KEV 1Nuclei 1PoC 8
dolibarr/dolibarr (4) · twbs/bootstrap (3) · moodle/moodle (3)
32adobe systems inc.—
18 CVE6 critCVSS 8.4
KEV 2
adobe acrobat reader document cloud (17) · adobe acrobat 2017 (17) · adobe acrobat document cloud (17)
33f5—
17 CVECVSS 6.9
PoC 2
big-ip access policy manager (12) · big-ip application security manager (11) · big-ip local traffic manager (10)
34axiosys—
16 CVE3 critCVSS 7.9
×5.3PoC 2
bento4 (16)
35f5 networks, inc.—
16 CVECVSS 6.4
PoC 1
big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, fps, gtm, link controller, pem, webaccelerator) (6) · big-ip (apm) (2) · big-ip (asm) (2)
36hdfgroup—
16 CVE10 critCVSS 9.4
NEWPoC 16
hdf5 (16)
37intel—
16 CVECVSS 5.9
core i7 (3) · core i5 (3) · core i3 (3)
38intel corporation—
16 CVECVSS 7.3
NEW
intel active management technology (3) · intel processor diagnostic tool (2) · intel quartus ii programmer and tools (1)
39jenkins—
16 CVECVSS 6.3
×8.0Nuclei 2PoC 1
jenkins (7) · aws codedeploy (2) · aws codepipeline (1)
40juniper—
16 CVE5 critCVSS 7.3
PoC 14
junos (11) · contrail service orchestration (5)
41qualcomm—
16 CVE4 critCVSS 8.3
NEW
sd 210 firmware (15) · sd 205 firmware (15) · sd 625 firmware (15)
42michael elkins—
15 CVE13 critCVSS 9.4
NEW
neomutt (15) · mutt (12)
43neomutt—
15 CVE13 critCVSS 9.3
NEW
neomutt (15)
44ffmpeg—
14 CVE1 critCVSS 7.3
ffmpeg (14)
45juniper networks—
14 CVE3 critCVSS 7.0
PoC 14
junos os (11) · contrail service orchestration (3)
46mutt—
12 CVE11 critCVSS 9.4
NEW
mutt (12)
47sap—
12 CVE1 critCVSS 6.5
businessobjects business intelligence (3) · sap internet graphics server (igs) (3) · internet graphics server (3)
48siemens ag—
12 CVE2 critCVSS 7.4
PoC 2
siclock tc100, siclock tc400 (6) · en100 ethernet module iec 104 variant (2) · en100 ethernet module iec 61850 (2)
49ffmpeg team—
11 CVE1 critCVSS 7.2
ffmpeg (11)
50huawei—
11 CVECVSS 5.6
rp200 firmware (2) · dp300 firmware (2) · emily-al00a firmware (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	217	8	·	4	Nuclei 4PoC 4	mysql (24) · outside in technology (14) · sun zfs storage appliance kit (11)	—
2	oracle corporation	204	6	·	2	Nuclei 2PoC 2	mysql server (24) · outside in technology (14) · sun zfs storage appliance kit (ak) software (11)	—
3	adobe	168	40	2	·	KEV 2	acrobat reader dc (156) · acrobat dc (156) · flash player (6)	—
4	redhat	134	7	1	·	×5.4KEV 1PoC 10	enterprise linux desktop (63) · enterprise linux workstation (63) · enterprise linux server (62)	—
5	debian	127	21	1	1	KEV 1Nuclei 1PoC 23	debian linux (126) · devscripts (1)	—
6	ibm	95	1	·	·	PoC 3	rational quality manager (48) · rational collaborative lifecycle management (40) · rational rhapsody design manager (10)	—
7	foxitsoftware	84	1	·	·		foxit reader (84) · phantompdf (84)	—
8	canonical	82	18	·	·	PoC 17	ubuntu linux (82)	—
9	foxit	82	·	·	·	NEW	foxit reader (80) · foxit phantompdf (1) · foxit activex pro sdk (1)	—
10	сообщество свободного программного обеспечения	82	18	1	2	KEV 1Nuclei 2PoC 15	debian gnu/linux (68) · linux (29) · libgit2 (2)	—
11	oracle corp.	67	6	·	2	Nuclei 2PoC 1	mysql server (14) · outside in technology (14) · vm virtualbox (7)	—
12	ооо «русбитех-астра»	65	21	·	1	Nuclei 1PoC 9	astra linux special edition (46) · astra linux common edition (22) · astra linux special edition для «эльбрус» (8)	—
13	qualcomm, inc.	59	6	·	·		android for msm, firefox os for msm, qrd android (43) · snapdragon automobile, snapdragon mobile, snapdragon wear (9) · snapdragon mobile, snapdragon wear (5)	—
14	microsoft	56	3	1	·	KEV 1PoC 5	edge (19) · microsoft edge (19) · chakracore (12)	—
15	maven	55	4	·	3	Nuclei 3PoC 9	org.jenkins-ci.main:jenkins-core (7) · io.undertow:undertow-core (3) · org.keycloak:keycloak-core (3)	—
16	[unknown]	54	2	·	·	NEWPoC 5	kernel (8) · ansible (4) · kernel: (3)	—
17	google	44	3	·	·		android (44)	—
18	linux	43	·	·	·	×3.3PoC 12	linux kernel (41) · kernel (3) · kernel: (1)	—
19	cisco	37	8	·	·		vedge-100 firmware (10) · vbond orchestrator (10) · vedge-1000 firmware (10)	—
20	netapp	37	2	·	1	×5.3Nuclei 1	oncommand workflow automation (32) · oncommand insight (32) · snapcenter (25)	—
21	red hat	35	·	·	·	NEWPoC 2	ansible (3) · cloudforms (3) · business-central (2)	—
22	canonical ltd.	34	9	·	·	×6.8PoC 7	ubuntu (34)	—
23	npm	31	10	·	·	×15.5PoC 10	bootstrap (3) · angular-redactor (1) · bootstrap-sass (1)	—
24	schneider-electric	25	4	·	1	Nuclei 1PoC 1	u.motion builder (16) · ibp319-1er firmware (3) · ibp519-1er firmware (3)	—
25	schneider electric se	24	4	·	1	Nuclei 1PoC 1	u.motion (14) · u.motion builder (4) · pelco sarix professional v1 (3)	—
26	apache	21	5	·	2	Nuclei 2	http server (2) · kafka (2) · spark (2)	—
27	apache software foundation	21	5	·	2	Nuclei 2	apache kafka (2) · apache tomcat native (2) · http server (2)	—
28	nuget	21	·	1	1	KEV 1Nuclei 1PoC 9	microsoft.chakracore (10) · bootstrap.sass (3) · bootstrap (3)	—
29	pypi	20	3	·	·	PoC 1	ansible (7) · mercurial (3) · aubio (3)	—
30	red hat inc.	20	3	1	·	×5.0KEV 1PoC 2	red hat enterprise linux (13) · ansible (3) · red hat single sign-on (3)	—
31	packagist	19	7	1	1	KEV 1Nuclei 1PoC 8	dolibarr/dolibarr (4) · twbs/bootstrap (3) · moodle/moodle (3)	—
32	adobe systems inc.	18	6	2	·	KEV 2	adobe acrobat reader document cloud (17) · adobe acrobat 2017 (17) · adobe acrobat document cloud (17)	—
33	f5	17	·	·	·	PoC 2	big-ip access policy manager (12) · big-ip application security manager (11) · big-ip local traffic manager (10)	—
34	axiosys	16	3	·	·	×5.3PoC 2	bento4 (16)	—
35	f5 networks, inc.	16	·	·	·	PoC 1	big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, fps, gtm, link controller, pem, webaccelerator) (6) · big-ip (apm) (2) · big-ip (asm) (2)	—
36	hdfgroup	16	10	·	·	NEWPoC 16	hdf5 (16)	—
37	intel	16	·	·	·		core i7 (3) · core i5 (3) · core i3 (3)	—
38	intel corporation	16	·	·	·	NEW	intel active management technology (3) · intel processor diagnostic tool (2) · intel quartus ii programmer and tools (1)	—
39	jenkins	16	·	·	2	×8.0Nuclei 2PoC 1	jenkins (7) · aws codedeploy (2) · aws codepipeline (1)	—
40	juniper	16	5	·	·	PoC 14	junos (11) · contrail service orchestration (5)	—
41	qualcomm	16	4	·	·	NEW	sd 210 firmware (15) · sd 205 firmware (15) · sd 625 firmware (15)	—
42	michael elkins	15	13	·	·	NEW	neomutt (15) · mutt (12)	—
43	neomutt	15	13	·	·	NEW	neomutt (15)	—
44	ffmpeg	14	1	·	·		ffmpeg (14)	—
45	juniper networks	14	3	·	·	PoC 14	junos os (11) · contrail service orchestration (3)	—
46	mutt	12	11	·	·	NEW	mutt (12)	—
47	sap	12	1	·	·		businessobjects business intelligence (3) · sap internet graphics server (igs) (3) · internet graphics server (3)	—
48	siemens ag	12	2	·	·	PoC 2	siclock tc100, siclock tc400 (6) · en100 ethernet module iec 104 variant (2) · en100 ethernet module iec 61850 (2)	—
49	ffmpeg team	11	1	·	·		ffmpeg (11)	—
50	huawei	11	·	·	·		rp200 firmware (2) · dp300 firmware (2) · emily-al00a firmware (2)	—