month report

October 2018

Data as of Jun 4, 2026, 13:28 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

October 2018 closed with 1,483 published CVEs — +2.9% YoY . 184 criticals, oracle led volume, mostly via mysql. Biggest breakout: oracle corp. at ×17.8 their 12-month median. Top weakness class — CWE-79 (199 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,483

+22.7% MoM+2.9% YoY

Severity mix

184 / 623

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

2.2%

33 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2701.9

n=33

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1150

n=2

Detection gap

KEV pressure, no Nuclei coverage

October 2018 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1microsoft corp51 CVE
KEV 1microsoft50 CVE

Weakness × Vendor

What's spreading where in October 2018

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

17.8×oracle corp.169 CVE
15.7×oracle196 CVE
10.6×adobe systems inc.53 CVE
8.0×cisco systems inc.72 CVE
8.0×mozilla32 CVE
7.0×amazon7 CVE
5.5×tenda11 CVE
5.5×foxitsoftware41 CVE
3.8×qualcomm61 CVE
3.8×cisco128 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#37foxit software15 CVE
#50sem-cms11 CVE
#51tenda11 CVE
#55sv3c10 CVE
#62zzcms9 CVE
#63atlantiswordprocessor8 CVE
#69advantech co., ltd7 CVE
#70airties7 CVE
#71amazon7 CVE
#76the atlantis word processor team7 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle↑37
196 CVE10 critCVSS 6.6
×15.7Nuclei 4PoC 8
mysql (34) · peoplesoft enterprise peopletools (23) · outside in technology (22)
2oracle corporation—
182 CVE9 critCVSS 6.5
Nuclei 2PoC 5
mysql server (32) · peoplesoft enterprise pt peopletools (21) · outside in technology (20)
3oracle corp.↑96
169 CVE9 critCVSS 6.7
×17.8Nuclei 5PoC 7
mysql (31) · peoplesoft enterprise peopletools (22) · outside in technology (21)
4cisco—
128 CVE9 critCVSS 7.3
×3.8PoC 19
webex meetings online (19) · ios xe (19) · webex business suite 33 (17)
5adobe↑14
102 CVE4 critCVSS 6.9
acrobat dc (86) · acrobat reader dc (86) · adobe acrobat and reader (86)
6debian↓5
101 CVE12 critCVSS 7.0
Nuclei 3PoC 23
debian linux (100) · crossroads (1)
7canonical↑1
100 CVE15 critCVSS 6.9
Nuclei 1PoC 21
ubuntu linux (100)
8сообщество свободного программного обеспечения↓2
84 CVE10 critCVSS 7.1
Nuclei 2PoC 26
debian gnu/linux (76) · linux (9) · systemd (3)
9ооо «русбитех-астра»·
77 CVE13 critCVSS 7.1
PoC 22
astra linux special edition (65) · astra linux special edition для «эльбрус» (28) · astra linux common edition (15)
10cisco systems inc.—
72 CVE8 critCVSS 7.5
×8.0PoC 18
webex meetings server (14) · webex meetings online (13) · webex meetings suite wbs32 sites (12)
11redhat↓8
68 CVE12 critCVSS 7.4
Nuclei 2PoC 15
enterprise linux server (53) · enterprise linux desktop (48) · enterprise linux workstation (48)
12ibm↓2
63 CVE2 critCVSS 5.8
rational quality manager (17) · security key lifecycle manager (10) · websphere application server (7)
13qualcomm, inc.↓8
62 CVECVSS 7.5
snapdragon mobile (28) · snapdragon automobile, snapdragon mobile, snapdragon wear (15) · snapdragon mobile, snapdragon wear (13)
14qualcomm↑9
61 CVECVSS 7.6
×3.8
sd 845 firmware (42) · sd 835 firmware (42) · sda660 firmware (37)
15canonical ltd.↓4
60 CVE10 critCVSS 7.3
Nuclei 1PoC 14
ubuntu (59) · linux kernel, as used in ubuntu 18.04 lts and ubuntu 18.10 (1)
16adobe systems inc.↑67
53 CVE1 critCVSS 7.1
×10.6
adobe acrobat document cloud (52) · adobe acrobat 2017 (52) · adobe acrobat reader document cloud (52)
17microsoft corp↓10
51 CVE1 critCVSS 6.7
KEV 1PoC 9
windows 10 1803 (21) · windows 10 1709 (20) · windows server 1709 (server core installation) (19)
18microsoft↓14
50 CVE1 critCVSS 6.8
KEV 1PoC 8
windows 10 (22) · windows 10 servers (21) · windows server 2016 (21)
19novell inc.↓1
44 CVE8 critCVSS 7.4
×3.4Nuclei 1PoC 6
opensuse leap (39) · suse linux enterprise software development kit (8) · suse linux enterprise server (7)
20foxitsoftware↑57
41 CVECVSS 8.3
×5.5PoC 7
reader (40) · phantompdf (38)
21netapp↑76
41 CVE2 critCVSS 5.8
×3.3Nuclei 1PoC 6
snapcenter (33) · oncommand workflow automation (32) · oncommand insight (31)
22red hat inc.↓5
41 CVE6 critCVSS 7.3
×3.0Nuclei 1PoC 9
red hat enterprise linux (35) · red hat virtualization (3) · red hat gluster storage (2)
23mozilla—
32 CVE9 critCVSS 8.1
×8.0PoC 1
firefox (29) · firefox esr (23) · thunderbird (22)
24mozilla corp.—
29 CVE9 critCVSS 8.2
PoC 1
firefox (26) · firefox esr (22) · thunderbird (22)
25ао «ивк»—
28 CVE5 critCVSS 7.7
PoC 1
альт линукс спт (26) · альт 8 сп рабочая станция (20) · альт 8 сп сервер (10)
26google↓24
26 CVE1 critCVSS 7.1
PoC 2
android (26)
27google inc↑64
26 CVE2 critCVSS 7.3
PoC 2
android (26)
28google inc.—
25 CVE1 critCVSS 7.2
PoC 2
android (25)
29juniper—
21 CVE1 critCVSS 7.0
PoC 21
junos (18) · junos space (2) · netscreen screenos (1)
30juniper networks—
21 CVE1 critCVSS 7.0
PoC 21
junos os (18) · junos space (1) · junos space security director (1)
31maven↓16
21 CVE9 critCVSS 8.2
Nuclei 4PoC 3
io.spray:spray-json_2.10 (2) · io.spray:spray-json_2.11 (2) · net.mingsoft:ms-mcms (2)
32ао «нтц ит роса»—
20 CVE1 critCVSS 6.8
PoC 1
роса хром (11) · роса кобальт (8) · rosa virtualization 3.0 (1)
33foxit—
19 CVECVSS 8.3
foxit reader (10) · foxit pdf reader (8) · foxit phantompdf (1)
34f5↑42
18 CVECVSS 6.4
big-ip access policy manager (16) · big-ip advanced firewall manager (15) · big-ip policy enforcement manager (13)
35f5 networks, inc.↑73
18 CVECVSS 6.3
big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, fps, gtm, link controller, pem, webaccelerator) (8) · big-ip (apm) (3) · big-ip afm (2)
36ао «концерн вниинс»↓14
17 CVE2 critCVSS 7.3
Nuclei 2PoC 5
ос он «стрелец» (17)
37foxit software—
15 CVECVSS 8.5
NEWPoC 7
foxit pdf reader (15)
38packagist↓18
14 CVE3 critCVSS 6.9
PoC 8
mediawiki/core (4) · topthink/framework (3) · mantisbt/mantisbt (2)
39pypi↑15
14 CVE2 critCVSS 7.2
PoC 2
salt (2) · pyopenssl (2) · django (1)
40ао "нппкт"↓8
13 CVE1 critCVSS 5.9
×3.3PoC 7
осон основа оnyx (13)
41hp↓1
12 CVE2 critCVSS 7.7
xp7 command view (7) · 320-15ikbra firmware (1) · 320-15ikbrn firmware (1)
42juniper networks inc.↑149
12 CVE1 critCVSS 7.9
PoC 12
junos (10) · junos space network management platform (1) · junos space security director (1)
43mariadb—
12 CVECVSS 5.5
mariadb (12)
44opensuse↓23
12 CVECVSS 5.4
PoC 3
leap (8) · open build service (5) · tar scm (1)
45advantech—
11 CVE2 critCVSS 7.6
PoC 4
webaccess (11) · advantech webaccess (9)
46d-link corp.↑23
11 CVE5 critCVSS 8.6
Nuclei 3PoC 5
central wifi manager (4) · dwr-111 (3) · dwr-116 (3)
47gnu↑42
11 CVE1 critCVSS 6.4
PoC 6
binutils (9) · gettext (1) · gnulib (1)
48linux↓7
11 CVECVSS 5.9
PoC 4
linux kernel (11)
49nuget↓21
11 CVE1 critCVSS 7.3
microsoft.chakracore (6) · microsoft.aspnetcore.server.kestrel.core (2) · microsoft.aspnetcore.all (2)
50sem-cms—
11 CVECVSS 5.3
NEWPoC 2
semcms (11)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	196	10	·	4	×15.7Nuclei 4PoC 8	mysql (34) · peoplesoft enterprise peopletools (23) · outside in technology (22)	↑37
2	oracle corporation	182	9	·	2	Nuclei 2PoC 5	mysql server (32) · peoplesoft enterprise pt peopletools (21) · outside in technology (20)	—
3	oracle corp.	169	9	·	5	×17.8Nuclei 5PoC 7	mysql (31) · peoplesoft enterprise peopletools (22) · outside in technology (21)	↑96
4	cisco	128	9	·	·	×3.8PoC 19	webex meetings online (19) · ios xe (19) · webex business suite 33 (17)	—
5	adobe	102	4	·	·		acrobat dc (86) · acrobat reader dc (86) · adobe acrobat and reader (86)	↑14
6	debian	101	12	·	3	Nuclei 3PoC 23	debian linux (100) · crossroads (1)	↓5
7	canonical	100	15	·	1	Nuclei 1PoC 21	ubuntu linux (100)	↑1
8	сообщество свободного программного обеспечения	84	10	·	2	Nuclei 2PoC 26	debian gnu/linux (76) · linux (9) · systemd (3)	↓2
9	ооо «русбитех-астра»	77	13	·	·	PoC 22	astra linux special edition (65) · astra linux special edition для «эльбрус» (28) · astra linux common edition (15)	·
10	cisco systems inc.	72	8	·	·	×8.0PoC 18	webex meetings server (14) · webex meetings online (13) · webex meetings suite wbs32 sites (12)	—
11	redhat	68	12	·	2	Nuclei 2PoC 15	enterprise linux server (53) · enterprise linux desktop (48) · enterprise linux workstation (48)	↓8
12	ibm	63	2	·	·		rational quality manager (17) · security key lifecycle manager (10) · websphere application server (7)	↓2
13	qualcomm, inc.	62	·	·	·		snapdragon mobile (28) · snapdragon automobile, snapdragon mobile, snapdragon wear (15) · snapdragon mobile, snapdragon wear (13)	↓8
14	qualcomm	61	·	·	·	×3.8	sd 845 firmware (42) · sd 835 firmware (42) · sda660 firmware (37)	↑9
15	canonical ltd.	60	10	·	1	Nuclei 1PoC 14	ubuntu (59) · linux kernel, as used in ubuntu 18.04 lts and ubuntu 18.10 (1)	↓4
16	adobe systems inc.	53	1	·	·	×10.6	adobe acrobat document cloud (52) · adobe acrobat 2017 (52) · adobe acrobat reader document cloud (52)	↑67
17	microsoft corp	51	1	1	·	KEV 1PoC 9	windows 10 1803 (21) · windows 10 1709 (20) · windows server 1709 (server core installation) (19)	↓10
18	microsoft	50	1	1	·	KEV 1PoC 8	windows 10 (22) · windows 10 servers (21) · windows server 2016 (21)	↓14
19	novell inc.	44	8	·	1	×3.4Nuclei 1PoC 6	opensuse leap (39) · suse linux enterprise software development kit (8) · suse linux enterprise server (7)	↓1
20	foxitsoftware	41	·	·	·	×5.5PoC 7	reader (40) · phantompdf (38)	↑57
21	netapp	41	2	·	1	×3.3Nuclei 1PoC 6	snapcenter (33) · oncommand workflow automation (32) · oncommand insight (31)	↑76
22	red hat inc.	41	6	·	1	×3.0Nuclei 1PoC 9	red hat enterprise linux (35) · red hat virtualization (3) · red hat gluster storage (2)	↓5
23	mozilla	32	9	·	·	×8.0PoC 1	firefox (29) · firefox esr (23) · thunderbird (22)	—
24	mozilla corp.	29	9	·	·	PoC 1	firefox (26) · firefox esr (22) · thunderbird (22)	—
25	ао «ивк»	28	5	·	·	PoC 1	альт линукс спт (26) · альт 8 сп рабочая станция (20) · альт 8 сп сервер (10)	—
26	google	26	1	·	·	PoC 2	android (26)	↓24
27	google inc	26	2	·	·	PoC 2	android (26)	↑64
28	google inc.	25	1	·	·	PoC 2	android (25)	—
29	juniper	21	1	·	·	PoC 21	junos (18) · junos space (2) · netscreen screenos (1)	—
30	juniper networks	21	1	·	·	PoC 21	junos os (18) · junos space (1) · junos space security director (1)	—
31	maven	21	9	·	4	Nuclei 4PoC 3	io.spray:spray-json_2.10 (2) · io.spray:spray-json_2.11 (2) · net.mingsoft:ms-mcms (2)	↓16
32	ао «нтц ит роса»	20	1	·	·	PoC 1	роса хром (11) · роса кобальт (8) · rosa virtualization 3.0 (1)	—
33	foxit	19	·	·	·		foxit reader (10) · foxit pdf reader (8) · foxit phantompdf (1)	—
34	f5	18	·	·	·		big-ip access policy manager (16) · big-ip advanced firewall manager (15) · big-ip policy enforcement manager (13)	↑42
35	f5 networks, inc.	18	·	·	·		big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, fps, gtm, link controller, pem, webaccelerator) (8) · big-ip (apm) (3) · big-ip afm (2)	↑73
36	ао «концерн вниинс»	17	2	·	2	Nuclei 2PoC 5	ос он «стрелец» (17)	↓14
37	foxit software	15	·	·	·	NEWPoC 7	foxit pdf reader (15)	—
38	packagist	14	3	·	·	PoC 8	mediawiki/core (4) · topthink/framework (3) · mantisbt/mantisbt (2)	↓18
39	pypi	14	2	·	·	PoC 2	salt (2) · pyopenssl (2) · django (1)	↑15
40	ао "нппкт"	13	1	·	·	×3.3PoC 7	осон основа оnyx (13)	↓8
41	hp	12	2	·	·		xp7 command view (7) · 320-15ikbra firmware (1) · 320-15ikbrn firmware (1)	↓1
42	juniper networks inc.	12	1	·	·	PoC 12	junos (10) · junos space network management platform (1) · junos space security director (1)	↑149
43	mariadb	12	·	·	·		mariadb (12)	—
44	opensuse	12	·	·	·	PoC 3	leap (8) · open build service (5) · tar scm (1)	↓23
45	advantech	11	2	·	·	PoC 4	webaccess (11) · advantech webaccess (9)	—
46	d-link corp.	11	5	·	3	Nuclei 3PoC 5	central wifi manager (4) · dwr-111 (3) · dwr-116 (3)	↑23
47	gnu	11	1	·	·	PoC 6	binutils (9) · gettext (1) · gnulib (1)	↑42
48	linux	11	·	·	·	PoC 4	linux kernel (11)	↓7
49	nuget	11	1	·	·		microsoft.chakracore (6) · microsoft.aspnetcore.server.kestrel.core (2) · microsoft.aspnetcore.all (2)	↓21
50	sem-cms	11	·	·	·	NEWPoC 2	semcms (11)	—