CVE Tools
Sign in
month report

November 2018

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

November 2018 closed with 990 published CVEs. 143 criticals, google led volume, mostly via android. Top weakness class — CWE-79 (134 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
990
— MoM— YoY
Severity mix
143 / 453
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
2.1%
21 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
2666.3
n=21
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
1302
n=6
Detection gap

KEV pressure, no Nuclei coverage

November 2018 · vendors with active exploitation listed by CISA but no public detection template.

Weakness × Vendor

What's spreading where in November 2018

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS125Out-of-bounds Read787Out-of-bounds Write200Information Exposure119Memory Buffer Bounds352CSRF78OS Command Injection89SQL Injection20Improper Input Validation22Path Traversalgoogle3212896382debian617168361сообщество свободного программного обеспечения216125111redhat4109914microsoft9932ооо «русбитех-астра»11172121google inc.14213132canonical9921microsoft corp5331ibm617112canonical ltd.481google inc27121

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1google
    132 CVE7 critCVSS 7.4
    KEV 2PoC 8
    android (87) · chrome (40) · monorail (3)
  • 2debian
    108 CVE10 critCVSS 7.2
    KEV 2Nuclei 2PoC 28
    debian linux (108)
  • 3сообщество свободного программного обеспечения
    80 CVE9 critCVSS 7.2
    KEV 1Nuclei 2PoC 28
    debian gnu/linux (71) · linux (5) · keepalived (4)
  • 4redhat
    74 CVE10 critCVSS 7.3
    KEV 3PoC 11
    enterprise linux server (44) · enterprise linux workstation (43) · enterprise linux desktop (42)
  • 5microsoft
    63 CVE2 critCVSS 7.2
    KEV 2PoC 4
    windows 10 (22) · windows server 2016 (21) · windows server 2019 (20)
  • 6ооо «русбитех-астра»
    61 CVE6 critCVSS 7.0
    KEV 1Nuclei 2PoC 17
    astra linux special edition (55) · astra linux common edition (16) · astra linux special edition для «эльбрус» (14)
  • 7google inc.
    57 CVE4 critCVSS 7.7
    PoC 2
    android (57)
  • 8canonical
    43 CVE9 critCVSS 7.6
    Nuclei 1PoC 10
    ubuntu linux (43)
  • 9microsoft corp
    42 CVE2 critCVSS 7.5
    KEV 2PoC 2
    windows server 2016 (14) · windows 10 1709 (13) · windows 10 1607 (13)
  • 10ibm
    41 CVECVSS 5.6
    db2 (7) · db2 for linux, unix and windows (7) · rational engineering lifecycle manager (4)
  • 11canonical ltd.
    26 CVE8 critCVSS 7.5
    PoC 3
    ubuntu (26)
  • 12google inc
    24 CVE1 critCVSS 7.1
    KEV 2PoC 3
    google chrome (15) · android (9)
  • 13terra-master
    24 CVE4 critCVSS 7.3
    NEWPoC 14
    terramaster operating system (24)
  • 14red hat inc.
    22 CVE4 critCVSS 6.8
    PoC 7
    red hat enterprise linux (19) · openshift container platform (1) · red hat enterprise virtualization (1)
  • 15[unknown]
    21 CVE1 critCVSS 6.7
    NEWKEV 1PoC 1
    samba (7) · nginx (3) · pdns (2)
  • 16foscam
    20 CVE8 critCVSS 8.0
    PoC 8
    c2 application firmware (20) · c2 system firmware (20)
  • 17opticam
    20 CVE8 critCVSS 8.0
    NEWPoC 8
    i5 application firmware (20) · i5 system firmware (20)
  • 18packagist
    20 CVE2 critCVSS 7.2
    Nuclei 1PoC 13
    centreon/centreon (5) · showdoc/showdoc (3) · baserproject/basercms (2)
  • 19novell inc.
    19 CVE3 critCVSS 7.0
    Nuclei 1PoC 9
    opensuse leap (19) · suse linux enterprise desktop (8) · suse linux enterprise module for open buildservice development tools (7)
  • 20cisco
    18 CVE4 critCVSS 8.9
    PoC 18
    cisco amp for endpoints (2) · energy management suite software (2) · cisco energy management suite (2)
  • 21cisco systems inc.
    18 CVE4 critCVSS 7.7
    PoC 17
    energy management suite (2) · advanced malware protection for endpoints (1) · cisco 250 series smart switches (1)
  • 22lenovo
    16 CVECVSS 6.7
    system management module firmware (9) · thinksystem smm (9) · xclarity integrator (3)
  • 23maven
    15 CVE3 critCVSS 7.6
    KEV 1PoC 1
    org.apache.hadoop:hadoop-main (2) · org.apache.syncope:syncope-core (2) · org.keycloak:keycloak-core (2)
  • 24qualcomm
    14 CVE1 critCVSS 7.7
    NEW
    sd 820a firmware (12) · msm8996au firmware (12) · sd 820 firmware (12)
  • 25qualcomm, inc.
    14 CVE1 critCVSS 7.8
    snapdragon automobile, snapdragon mobile, snapdragon wear (8) · snapdragon automobile, snapdragon mobile (4) · snapdragon mobile (2)
  • 26sap
    14 CVECVSS 7.2
    sap fiori client (5) · fiori client (5) · businessobjects business intelligence (2)
  • 27unknown
    13 CVE5 critCVSS 8.1
    NEWPoC 3
    yi technology (8) · circontrol circarlife all versions prior to 4.3.1 (2) · indusoft web studio, and intouch edge hmi (formerly intouch machine edition) (2)
  • 28foxitsoftware
    12 CVE1 critCVSS 7.1
    PoC 2
    foxit reader (12) · u3d (9)
  • 29yitechnology
    12 CVE1 critCVSS 7.7
    NEWPoC 4
    yi home camera firmware (12) · yi home (4)
  • 30laobancms
    11 CVE4 critCVSS 7.6
    NEWPoC 5
    laobancms (11)
  • 31npm
    11 CVE1 critCVSS 6.8
    PoC 3
    ckeditor (1) · cached-path-relative (1) · editor.md (1)
  • 32suse
    11 CVECVSS 7.7
    Nuclei 1PoC 6
    linux enterprise desktop (5) · linux enterprise server (5) · suse linux enterprise server (5)
  • 33totolink
    11 CVE6 critCVSS 8.1
    NEWNuclei 1PoC 3
    a3002ru firmware (11)
  • 34ао «концерн вниинс»
    11 CVECVSS 6.8
    Nuclei 1PoC 6
    ос он «стрелец» (11)
  • 35huawei
    10 CVECVSS 6.1
    espace 7950 firmware (3) · emily-al00a firmware (2) · fusionsphere openstack (1)
  • 36huawei technologies co., ltd.
    10 CVECVSS 6.2
    espace 7950 (3) · emily-al00a (2) · huawei honor 7a, huawei honor 9 lite (1)
  • 37nuget
    10 CVECVSS 7.1
    NEW
    microsoft.chakracore (8) · umbraco (1) · microsoft.netcore.app (1)
  • 38apache
    9 CVE2 critCVSS 7.7
    PoC 1
    hadoop (2) · hive (2) · syncope (2)
  • 39dell
    9 CVE1 critCVSS 7.5
    PoC 2
    emc integrated data protection appliance (5) · emc avamar (4) · openmanage network manager (2)
  • 40opensuse
    9 CVECVSS 7.0
    Nuclei 1PoC 4
    leap (9) · backports sle (1)
  • 41schneider-electric
    9 CVE2 critCVSS 8.4
    PoC 1
    modicom m340 firmware (5) · modicom premium firmware (5) · modicom quantum firmware (5)
  • 42schneider electric se
    9 CVE2 critCVSS 8.4
    NEWPoC 1
    embedded web servers in all modicon m340, premium, quantum plcs and bmxnor0200 (5) · data center expert versions 7.5.0 and earlier (1) · data center operation all versions (1)
  • 43apache software foundation
    8 CVE1 critCVSS 7.9
    apache syncope (2) · hadoop (2) · apache hive (2)
  • 44broadcom
    8 CVECVSS 7.6
    fabric operating system (8)
  • 45brocade communications systems, inc.
    8 CVECVSS 7.6
    NEW
    brocade fabric os (8)
  • 46neo
    8 CVE5 critCVSS 9.1
    NEW
    debun pop (8) · debun imap (7)
  • 47neojapan inc.
    8 CVE5 critCVSS 9.1
    NEW
    denbun by neojapan inc. (denbun pop version v3.3p r4.0 and earlier, denbun imap version v3.3i r4.0 and earlier) (6) · denbun by neojapan inc. (denbun pop version v3.3p r3.0 and earlier, denbun imap version v3.3i r3.0 and earlier) (1) · denbun pop version v3.3p r4.0 and earlier (1)
  • 48zte
    8 CVE2 critCVSS 6.9
    NEWPoC 2
    zxhn f670 (5) · zxhn f670 firmware (5) · zxhn h168n (2)
  • 49buffalo
    7 CVE1 critCVSS 7.6
    NEWPoC 1
    ts5600d1206 firmware (7)
  • 50dell emc
    7 CVE1 critCVSS 7.1
    NEW
    integrated data protection appliance (5) · avamar (4) · dell emc recoverpoint virtual machine (vm) (2)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-79134
2CWE-12570
3CWE-78770
4CWE-20055
5CWE-11949
6CWE-35242
7CWE-7839
8CWE-8938
9CWE-2033
10CWE-2229
11CWE-47629
12CWE-43427
13CWE-73219
14CWE-40018
15CWE-9417
16CWE-41615
17CWE-86314
18CWE-28713
19CWE-19011
20CWE-79811