month report

January 2019

Data as of Jun 4, 2026, 13:29 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

January 2019 closed with 1,662 published CVEs — -3.1% YoY . 137 criticals, oracle led volume, mostly via vm virtualbox. Biggest breakout: foxitsoftware at ×14.8 their 12-month median. Top weakness class — CWE-79 (124 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,662

+37.1% MoM-3.1% YoY

Severity mix

137 / 517

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

1.7%

28 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2599.2

n=28

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1129

n=6

Detection gap

KEV pressure, no Nuclei coverage

January 2019 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2microsoft corp53 CVE
KEV 2microsoft52 CVE
KEV 1adobe98 CVE
KEV 1adobe systems inc.12 CVE

Weakness × Vendor

What's spreading where in January 2019

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

14.8×foxitsoftware89 CVE
14.8×oracle corp.163 CVE
13.8×oracle172 CVE
13.3×apple40 CVE
5.4×juniper networks inc.27 CVE
4.4×cisco systems inc.44 CVE
4.2×foxit80 CVE
4.2×netapp52 CVE
4.0×drupal8 CVE
3.5×fasterxml, llc7 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#29nec21 CVE
#30nec corporation21 CVE
#38macpaw13 CVE
#53fasterxml7 CVE
#54fasterxml, llc7 CVE
#63internet systems consortium6 CVE
#68croogo5 CVE
#70idreamsoft5 CVE
#71jenkins project5 CVE
#72micronet corporation5 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle↑88
172 CVE11 critCVSS 7.1
×13.8Nuclei 1PoC 2
vm virtualbox (27) · mysql (25) · outside in technology (24)
2oracle corp.↑107
163 CVE11 critCVSS 7.4
×14.8Nuclei 1PoC 4
vm virtualbox (26) · mysql (25) · outside in technology (24)
3oracle corporation—
155 CVE2 critCVSS 6.1
vm virtualbox (27) · mysql server (25) · outside in technology (24)
4redhat↑1
133 CVE11 critCVSS 6.7
KEV 1Nuclei 1PoC 13
enterprise linux server (94) · enterprise linux desktop (90) · enterprise linux workstation (90)
5debian↓2
124 CVE16 critCVSS 7.2
Nuclei 1PoC 18
debian linux (124) · advanced package tool (1)
6сообщество свободного программного обеспечения↓4
117 CVE16 critCVSS 7.3
PoC 25
debian gnu/linux (101) · linux (7) · systemd (3)
7adobe—
98 CVE11 critCVSS 7.4
KEV 1PoC 1
acrobat dc (91) · acrobat reader dc (91) · experience manager (3)
8ооо «русбитех-астра»↓7
91 CVE7 critCVSS 7.0
PoC 17
astra linux special edition (84) · astra linux special edition для «эльбрус» (17) · astra linux common edition (11)
9foxitsoftware↑119
89 CVECVSS 8.6
×14.8
phantompdf (85) · reader (82) · 3d (4)
10google↓6
85 CVE3 critCVSS 7.3
PoC 5
chrome (84) · android (1)
11foxit—
80 CVECVSS 8.7
×4.2
reader (68) · phantompdf (11) · foxit (1)
12red hat inc.↑11
69 CVE6 critCVSS 7.6
×3.5PoC 7
red hat enterprise linux (60) · openshift container platform (7) · jboss brms (3)
13canonical↓7
63 CVE5 critCVSS 6.9
PoC 13
ubuntu linux (63)
14google inc↓5
53 CVE3 critCVSS 7.5
PoC 3
google chrome (47) · android (6)
15microsoft corp↓4
53 CVE2 critCVSS 7.4
KEV 2PoC 13
windows 10 1803 (28) · windows server 1803 (server core installation) (27) · windows server 2019 (26)
16microsoft↓6
52 CVE2 critCVSS 7.3
KEV 2PoC 13
windows server 2019 (26) · windows server 2016 (26) · windows 10 (26)
17netapp↑26
52 CVE4 critCVSS 5.8
×4.2PoC 4
oncommand workflow automation (25) · snapcenter (22) · storage automation store (20)
18maven↓5
48 CVE12 critCVSS 7.7
Nuclei 1PoC 9
org.jenkins-ci.main:jenkins-core (8) · com.fasterxml.jackson.core:jackson-databind (7) · org.webjars:bootstrap (3)
19cisco↑102
45 CVE1 critCVSS 7.0
KEV 2Nuclei 1PoC 45
webex meetings server (6) · cisco identity services engine software (6) · cisco sd-wan solution (5)
20cisco systems inc.↑154
44 CVE1 critCVSS 7.0
×4.4KEV 2Nuclei 1PoC 44
cisco identity services engine (6) · webex business suite (6) · cisco webex player (5)
21apple↑149
40 CVE9 critCVSS 8.1
×13.3PoC 1
iphone os (23) · mac os x (21) · watchos (12)
22qualcomm—
31 CVE3 critCVSS 7.1
sd 835 firmware (28) · mdm9607 firmware (26) · sd 212 firmware (26)
23qualcomm, inc.↑4
31 CVE3 critCVSS 7.3
snapdragon automobile, snapdragon mobile, snapdragon wear (14) · snapdragon mobile, snapdragon wear (12) · snapdragon automobile, snapdragon mobile (2)
24packagist↑1
30 CVE3 critCVSS 6.9
Nuclei 1PoC 15
drupal/drupal (7) · drupal/core (6) · dolibarr/dolibarr (5)
25juniper—
28 CVE5 critCVSS 7.0
PoC 22
junos (14) · advanced threat prevention (11) · junos space (2)
26juniper networks inc.—
27 CVE5 critCVSS 7.0
×5.4PoC 22
junos (13) · juniper atp (12) · junos space (2)
27juniper networks—
26 CVE5 critCVSS 7.0
PoC 22
juniper atp (12) · junos os (12) · junos space (2)
28canonical ltd.↓20
22 CVE5 critCVSS 7.5
PoC 6
ubuntu (22)
29nec—
21 CVECVSS 7.1
NEW
aterm hc100rc firmware (8) · aterm w300p firmware (5) · aterm wg1200hp firmware (4)
30nec corporation—
21 CVECVSS 7.2
NEW
hc100rc (8) · aterm w300p (5) · aterm wf1200cr and aterm wg1200cr (4)
31ibm↓24
19 CVE1 critCVSS 5.5
security identity manager (5) · api connect (3) · engineering lifecycle optimization - publishing (2)
32isc—
19 CVECVSS 6.6
PoC 2
bind (16) · bind 9 (15) · isc dhcp (2)
33jenkins↑45
17 CVECVSS 7.2
Nuclei 1PoC 3
jenkins (8) · config file provider (2) · pipeline\ (2)
34ао «концерн вниинс»↓20
16 CVE1 critCVSS 6.8
PoC 2
ос он «стрелец» (16)
35apache↑20
15 CVE2 critCVSS 7.5
Nuclei 1PoC 1
airflow (4) · http server (3) · thrift (2)
36sap↑18
14 CVE2 critCVSS 7.0
sapscore (3) · s4fnd (2) · cloud connector (2)
37gnu·
13 CVECVSS 6.4
PoC 8
recutils (6) · binutils (5) · glibc (2)
38macpaw—
13 CVECVSS 5.5
NEW
cleanmymac x (13)
39opensuse↓23
13 CVE1 critCVSS 6.3
PoC 2
leap (13)
40adobe systems inc.—
12 CVE3 critCVSS 7.8
KEV 1PoC 1
adobe acrobat 2017 (9) · adobe acrobat document cloud (9) · adobe acrobat reader 2017 (9)
41apache software foundation↑15
12 CVE2 critCVSS 7.7
Nuclei 1
apache airflow (4) · http server (3) · apache http server (3)
42fedoraproject↓25
12 CVE1 critCVSS 6.8
PoC 5
fedora (12) · sssd (1)
43novell inc.↓31
12 CVE1 critCVSS 6.6
PoC 2
opensuse leap (11) · suse linux enterprise server for sap applications (4) · suse enterprise storage (4)
44pypi↑18
12 CVE3 critCVSS 7.9
Nuclei 1PoC 1
apache-airflow (4) · django (1) · mysql-connector-python (1)
45sap se—
12 CVE2 critCVSS 7.2
sap crm webclient ui (s4fnd) (2) · sap crm webclient ui (sapscore) (2) · sap crm webclient ui (webcuif) (2)
46cybozu—
9 CVE1 critCVSS 7.9
remote service manager (4) · office (2) · dezie (1)
47cybozu, inc.—
9 CVE1 critCVSS 7.9
cybozu remote service (4) · cybozu office (2) · cybozu garoon (1)
48d-link corp.↓14
9 CVE4 critCVSS 9.0
Nuclei 1PoC 4
central wifi manager (3) · dir-822 c1 (2) · dir-850l b (2)
49drupal—
8 CVE2 critCVSS 7.4
×4.0PoC 7
drupal (7) · drupal core (6) · 3rd party module - search autocomplete (1)
50ics-cert—
8 CVECVSS 7.3
cx-supervisor (5) · drÃ¤ger infinity delta (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	172	11	·	1	×13.8Nuclei 1PoC 2	vm virtualbox (27) · mysql (25) · outside in technology (24)	↑88
2	oracle corp.	163	11	·	1	×14.8Nuclei 1PoC 4	vm virtualbox (26) · mysql (25) · outside in technology (24)	↑107
3	oracle corporation	155	2	·	·		vm virtualbox (27) · mysql server (25) · outside in technology (24)	—
4	redhat	133	11	1	1	KEV 1Nuclei 1PoC 13	enterprise linux server (94) · enterprise linux desktop (90) · enterprise linux workstation (90)	↑1
5	debian	124	16	·	1	Nuclei 1PoC 18	debian linux (124) · advanced package tool (1)	↓2
6	сообщество свободного программного обеспечения	117	16	·	·	PoC 25	debian gnu/linux (101) · linux (7) · systemd (3)	↓4
7	adobe	98	11	1	·	KEV 1PoC 1	acrobat dc (91) · acrobat reader dc (91) · experience manager (3)	—
8	ооо «русбитех-астра»	91	7	·	·	PoC 17	astra linux special edition (84) · astra linux special edition для «эльбрус» (17) · astra linux common edition (11)	↓7
9	foxitsoftware	89	·	·	·	×14.8	phantompdf (85) · reader (82) · 3d (4)	↑119
10	google	85	3	·	·	PoC 5	chrome (84) · android (1)	↓6
11	foxit	80	·	·	·	×4.2	reader (68) · phantompdf (11) · foxit (1)	—
12	red hat inc.	69	6	·	·	×3.5PoC 7	red hat enterprise linux (60) · openshift container platform (7) · jboss brms (3)	↑11
13	canonical	63	5	·	·	PoC 13	ubuntu linux (63)	↓7
14	google inc	53	3	·	·	PoC 3	google chrome (47) · android (6)	↓5
15	microsoft corp	53	2	2	·	KEV 2PoC 13	windows 10 1803 (28) · windows server 1803 (server core installation) (27) · windows server 2019 (26)	↓4
16	microsoft	52	2	2	·	KEV 2PoC 13	windows server 2019 (26) · windows server 2016 (26) · windows 10 (26)	↓6
17	netapp	52	4	·	·	×4.2PoC 4	oncommand workflow automation (25) · snapcenter (22) · storage automation store (20)	↑26
18	maven	48	12	·	1	Nuclei 1PoC 9	org.jenkins-ci.main:jenkins-core (8) · com.fasterxml.jackson.core:jackson-databind (7) · org.webjars:bootstrap (3)	↓5
19	cisco	45	1	2	1	KEV 2Nuclei 1PoC 45	webex meetings server (6) · cisco identity services engine software (6) · cisco sd-wan solution (5)	↑102
20	cisco systems inc.	44	1	2	1	×4.4KEV 2Nuclei 1PoC 44	cisco identity services engine (6) · webex business suite (6) · cisco webex player (5)	↑154
21	apple	40	9	·	·	×13.3PoC 1	iphone os (23) · mac os x (21) · watchos (12)	↑149
22	qualcomm	31	3	·	·		sd 835 firmware (28) · mdm9607 firmware (26) · sd 212 firmware (26)	—
23	qualcomm, inc.	31	3	·	·		snapdragon automobile, snapdragon mobile, snapdragon wear (14) · snapdragon mobile, snapdragon wear (12) · snapdragon automobile, snapdragon mobile (2)	↑4
24	packagist	30	3	·	1	Nuclei 1PoC 15	drupal/drupal (7) · drupal/core (6) · dolibarr/dolibarr (5)	↑1
25	juniper	28	5	·	·	PoC 22	junos (14) · advanced threat prevention (11) · junos space (2)	—
26	juniper networks inc.	27	5	·	·	×5.4PoC 22	junos (13) · juniper atp (12) · junos space (2)	—
27	juniper networks	26	5	·	·	PoC 22	juniper atp (12) · junos os (12) · junos space (2)	—
28	canonical ltd.	22	5	·	·	PoC 6	ubuntu (22)	↓20
29	nec	21	·	·	·	NEW	aterm hc100rc firmware (8) · aterm w300p firmware (5) · aterm wg1200hp firmware (4)	—
30	nec corporation	21	·	·	·	NEW	hc100rc (8) · aterm w300p (5) · aterm wf1200cr and aterm wg1200cr (4)	—
31	ibm	19	1	·	·		security identity manager (5) · api connect (3) · engineering lifecycle optimization - publishing (2)	↓24
32	isc	19	·	·	·	PoC 2	bind (16) · bind 9 (15) · isc dhcp (2)	—
33	jenkins	17	·	·	1	Nuclei 1PoC 3	jenkins (8) · config file provider (2) · pipeline\ (2)	↑45
34	ао «концерн вниинс»	16	1	·	·	PoC 2	ос он «стрелец» (16)	↓20
35	apache	15	2	·	1	Nuclei 1PoC 1	airflow (4) · http server (3) · thrift (2)	↑20
36	sap	14	2	·	·		sapscore (3) · s4fnd (2) · cloud connector (2)	↑18
37	gnu	13	·	·	·	PoC 8	recutils (6) · binutils (5) · glibc (2)	·
38	macpaw	13	·	·	·	NEW	cleanmymac x (13)	—
39	opensuse	13	1	·	·	PoC 2	leap (13)	↓23
40	adobe systems inc.	12	3	1	·	KEV 1PoC 1	adobe acrobat 2017 (9) · adobe acrobat document cloud (9) · adobe acrobat reader 2017 (9)	—
41	apache software foundation	12	2	·	1	Nuclei 1	apache airflow (4) · http server (3) · apache http server (3)	↑15
42	fedoraproject	12	1	·	·	PoC 5	fedora (12) · sssd (1)	↓25
43	novell inc.	12	1	·	·	PoC 2	opensuse leap (11) · suse linux enterprise server for sap applications (4) · suse enterprise storage (4)	↓31
44	pypi	12	3	·	1	Nuclei 1PoC 1	apache-airflow (4) · django (1) · mysql-connector-python (1)	↑18
45	sap se	12	2	·	·		sap crm webclient ui (s4fnd) (2) · sap crm webclient ui (sapscore) (2) · sap crm webclient ui (webcuif) (2)	—
46	cybozu	9	1	·	·		remote service manager (4) · office (2) · dezie (1)	—
47	cybozu, inc.	9	1	·	·		cybozu remote service (4) · cybozu office (2) · cybozu garoon (1)	—
48	d-link corp.	9	4	·	1	Nuclei 1PoC 4	central wifi manager (3) · dir-822 c1 (2) · dir-850l b (2)	↓14
49	drupal	8	2	·	·	×4.0PoC 7	drupal (7) · drupal core (6) · 3rd party module - search autocomplete (1)	—
50	ics-cert	8	·	·	·		cx-supervisor (5) · drÃ¤ger infinity delta (3)	—