month report

March 2019

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

March 2019 closed with 1,675 published CVEs. 181 criticals, сообщество свободного программного обеспечения led volume, mostly via debian gnu/linux. Top weakness class — CWE-79 (197 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,675

— MoM— YoY

Severity mix

181 / 547

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

3.3%

56 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2543.6

n=56

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1059

n=12

Detection gap

KEV pressure, no Nuclei coverage

March 2019 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2jenkins project20 CVE
KEV 2jenkins19 CVE
KEV 1apple31 CVE
KEV 1apple inc.11 CVE

Weakness × Vendor

What's spreading where in March 2019

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#18intel corporation39 CVE
#23[unknown]23 CVE
#24uvnc22 CVE
#26jenkins project20 CVE
#27jenkins19 CVE
#29kaspersky lab18 CVE
#30team ultravnc17 CVE
#37cmsmadesimple12 CVE
#43ics-cert11 CVE
#44npm11 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
91 CVE17 critCVSS 7.4
KEV 1Nuclei 3PoC 31
debian gnu/linux (81) · rdesktop (9) · libssh2 (9)
2ооо «русбитех-астра»—
85 CVE6 critCVSS 6.6
KEV 1Nuclei 3PoC 24
astra linux special edition (80) · astra linux special edition для «эльбрус» (50) · astra linux common edition (15)
3microsoft—
78 CVE3 critCVSS 7.1
KEV 2Nuclei 1
windows (32) · windows server (32) · windows 10 (30)
4microsoft corp—
72 CVE2 critCVSS 7.1
KEV 2Nuclei 1
windows 10 1709 (29) · windows server 1709 (server core installation) (29) · windows server 1803 (server core installation) (29)
5opensuse—
70 CVE9 critCVSS 7.3
KEV 1Nuclei 3PoC 27
leap (62) · backports sle (12) · supportutils (5)
6debian—
67 CVE11 critCVSS 7.3
KEV 1Nuclei 4PoC 28
debian linux (67) · cron (1)
7cisco—
64 CVE1 critCVSS 7.3
Nuclei 1PoC 63
nx-os (29) · ios xe (23) · nexus 3000 series switches (21)
8cisco systems inc.—
59 CVE1 critCVSS 7.3
Nuclei 1PoC 57
nx-os (21) · cisco ios xe (15) · cisco ios (9)
9novell inc.—
58 CVE6 critCVSS 7.1
KEV 1Nuclei 2PoC 16
opensuse leap (55) · suse linux enterprise server for sap applications (15) · suse linux enterprise desktop (14)
10fedoraproject—
51 CVE9 critCVSS 7.2
KEV 1Nuclei 4PoC 18
fedora (50) · sssd (1)
11ibm—
51 CVE1 critCVSS 6.0
rational quality manager (10) · rational collaborative lifecycle management (9) · db2 for linux, unix and windows (7)
12redhat—
49 CVE10 critCVSS 7.4
KEV 4Nuclei 3PoC 18
enterprise linux (18) · enterprise linux server (15) · enterprise linux server aus (15)
13maven—
41 CVE11 critCVSS 7.7
KEV 2Nuclei 4PoC 4
org.jenkins-ci.plugins:azure-vm-agents (3) · org.apache.mesos:mesos (2) · org.jenkins-ci.plugins:script-security (2)
14intel—
40 CVECVSS 6.4
graphics driver (19) · converged security management engine firmware (9) · trusted execution engine firmware (6)
15intel corp.—
40 CVECVSS 6.4
intel graphics driver (17) · intel converged security and manageability engine (9) · intel trusted execution engine (6)
16canonical—
39 CVE4 critCVSS 7.4
PoC 13
ubuntu linux (39)
17canonical ltd.—
39 CVE7 critCVSS 7.5
PoC 14
ubuntu (39)
18intel corporation—
39 CVECVSS 6.2
NEW
intel(r) graphics driver for windows (19) · intel(r) csme, server platform services, trusted execution engine and intel(r) active management technology (12) · intel platform sample / silicon reference firmware (5)
19red hat inc.—
38 CVE7 critCVSS 7.5
KEV 1Nuclei 1PoC 11
red hat enterprise linux (27) · openshift container platform (8) · red hat software collections (5)
20apple—
31 CVE2 critCVSS 8.1
KEV 1PoC 10
ios (29) · iphone os (29) · tvos (21)
21netapp—
31 CVE7 critCVSS 7.4
Nuclei 2PoC 11
ontap select deploy administration utility (9) · storage automation store (6) · active iq performance analytics services (5)
22fedora project—
28 CVE5 critCVSS 7.5
KEV 1Nuclei 3PoC 9
fedora (28)
23[unknown]—
23 CVECVSS 6.3
NEWNuclei 1PoC 2
moodle (9) · openwsman (2) · dropbear (1)
24uvnc—
22 CVE15 critCVSS 9.0
NEW
ultravnc (22)
25schneider electric—
21 CVE15 critCVSS 8.4
televisgo (16) · ecostruxure hybrid distributed control system (3) · ecostruxure machine expert (3)
26jenkins project—
20 CVE7 critCVSS 7.8
NEWKEV 2PoC 3
jenkins azure vm agents plugin (3) · jenkins script security plugin (2) · jenkins pipeline: groovy plugin (2)
27jenkins—
19 CVE7 critCVSS 7.9
NEWKEV 2PoC 3
azure vm agents (3) · script security (2) · fortify on demand uploader (2)
28packagist—
19 CVE1 critCVSS 6.1
Nuclei 1PoC 6
moodle/moodle (10) · dolibarr/dolibarr (2) · librenms/librenms (1)
29kaspersky lab—
18 CVE10 critCVSS 8.5
NEW
ultravnc (16) · invision power board (1) · vanilla forums (1)
30team ultravnc—
17 CVE15 critCVSS 9.5
NEW
ultravnc (17)
31siemens—
16 CVE9 critCVSS 8.7
sinumerik pcu base win10 software\/ipc (13) · sinumerik pcu base win7 software\/ipc (13) · sinumerik access mymachine\/p2p (13)
32ао «концерн вниинс»—
16 CVE3 critCVSS 7.2
PoC 6
ос он «стрелец» (16)
33apache—
14 CVE2 critCVSS 7.5
Nuclei 2
apache jspwiki (2) · mesos (2) · jspwiki (2)
34f5—
13 CVECVSS 6.3
big-ip access policy manager (11) · big-ip application acceleration manager (10) · big-ip application security manager (10)
35gnu—
13 CVE2 critCVSS 7.6
PoC 5
libredwg (10) · bash (1) · gnutls (1)
36oracle corp.—
13 CVE2 critCVSS 7.4
Nuclei 4PoC 3
peoplesoft enterprise peopletools (3) · oracle communications unified inventory management (2) · java se (2)
37cmsmadesimple—
12 CVECVSS 7.2
NEWPoC 4
cms made simple (12)
38hp—
12 CVE3 critCVSS 9.6
arcsight logger (6) · color laserjet enterprise m651 firmware (1) · color laserjet enterprise m652dn firmware (1)
39moxa—
12 CVE4 critCVSS 8.0
eds-405a firmware (9) · eds-408a firmware (9) · eds-510a firmware (9)
40pypi—
12 CVE1 critCVSS 6.9
PoC 2
notebook (2) · matrix-synapse (1) · neutron (1)
41apple inc.—
11 CVECVSS 8.3
KEV 1PoC 2
ios (11) · tvos (10) · icloud (9)
42atlassian—
11 CVE2 critCVSS 8.3
KEV 1Nuclei 1PoC 4
crowd (5) · sourcetree (3) · confluence server (2)
43ics-cert—
11 CVE4 critCVSS 8.4
NEW
moxa iks, eds (9) · psi gridconnect gmbh (formerly known as psi nentec gmbh) telecontrol gateway and smart telecontrol unit family, iec104 security proxy. (1) · gpsd and microjson (open source project) (1)
44npm—
11 CVE2 critCVSS 7.5
NEW
serve (2) · highcharts (1) · kill-port (1)
45oracle—
11 CVE1 critCVSS 7.8
Nuclei 2PoC 2
peoplesoft enterprise peopletools (3) · communications lsms (3) · jd edwards enterpriseone tools (2)
46xpdfreader—
11 CVECVSS 5.9
NEWPoC 6
xpdf (11)
47ао «ивк»—
11 CVE5 critCVSS 8.3
NEWPoC 4
альт 8 сп (11)
48moodle—
10 CVECVSS 5.6
Nuclei 1PoC 1
moodle (10)
49ofcms project—
10 CVECVSS 7.6
NEWPoC 2
ofcms (10)
50suse—
10 CVECVSS 5.8
PoC 2
supportutils (5) · linux enterprise server (1) · backports (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	91	17	1	3	KEV 1Nuclei 3PoC 31	debian gnu/linux (81) · rdesktop (9) · libssh2 (9)	—
2	ооо «русбитех-астра»	85	6	1	3	KEV 1Nuclei 3PoC 24	astra linux special edition (80) · astra linux special edition для «эльбрус» (50) · astra linux common edition (15)	—
3	microsoft	78	3	2	1	KEV 2Nuclei 1	windows (32) · windows server (32) · windows 10 (30)	—
4	microsoft corp	72	2	2	1	KEV 2Nuclei 1	windows 10 1709 (29) · windows server 1709 (server core installation) (29) · windows server 1803 (server core installation) (29)	—
5	opensuse	70	9	1	3	KEV 1Nuclei 3PoC 27	leap (62) · backports sle (12) · supportutils (5)	—
6	debian	67	11	1	4	KEV 1Nuclei 4PoC 28	debian linux (67) · cron (1)	—
7	cisco	64	1	·	1	Nuclei 1PoC 63	nx-os (29) · ios xe (23) · nexus 3000 series switches (21)	—
8	cisco systems inc.	59	1	·	1	Nuclei 1PoC 57	nx-os (21) · cisco ios xe (15) · cisco ios (9)	—
9	novell inc.	58	6	1	2	KEV 1Nuclei 2PoC 16	opensuse leap (55) · suse linux enterprise server for sap applications (15) · suse linux enterprise desktop (14)	—
10	fedoraproject	51	9	1	4	KEV 1Nuclei 4PoC 18	fedora (50) · sssd (1)	—
11	ibm	51	1	·	·		rational quality manager (10) · rational collaborative lifecycle management (9) · db2 for linux, unix and windows (7)	—
12	redhat	49	10	4	3	KEV 4Nuclei 3PoC 18	enterprise linux (18) · enterprise linux server (15) · enterprise linux server aus (15)	—
13	maven	41	11	2	4	KEV 2Nuclei 4PoC 4	org.jenkins-ci.plugins:azure-vm-agents (3) · org.apache.mesos:mesos (2) · org.jenkins-ci.plugins:script-security (2)	—
14	intel	40	·	·	·		graphics driver (19) · converged security management engine firmware (9) · trusted execution engine firmware (6)	—
15	intel corp.	40	·	·	·		intel graphics driver (17) · intel converged security and manageability engine (9) · intel trusted execution engine (6)	—
16	canonical	39	4	·	·	PoC 13	ubuntu linux (39)	—
17	canonical ltd.	39	7	·	·	PoC 14	ubuntu (39)	—
18	intel corporation	39	·	·	·	NEW	intel(r) graphics driver for windows (19) · intel(r) csme, server platform services, trusted execution engine and intel(r) active management technology (12) · intel platform sample / silicon reference firmware (5)	—
19	red hat inc.	38	7	1	1	KEV 1Nuclei 1PoC 11	red hat enterprise linux (27) · openshift container platform (8) · red hat software collections (5)	—
20	apple	31	2	1	·	KEV 1PoC 10	ios (29) · iphone os (29) · tvos (21)	—
21	netapp	31	7	·	2	Nuclei 2PoC 11	ontap select deploy administration utility (9) · storage automation store (6) · active iq performance analytics services (5)	—
22	fedora project	28	5	1	3	KEV 1Nuclei 3PoC 9	fedora (28)	—
23	[unknown]	23	·	·	1	NEWNuclei 1PoC 2	moodle (9) · openwsman (2) · dropbear (1)	—
24	uvnc	22	15	·	·	NEW	ultravnc (22)	—
25	schneider electric	21	15	·	·		televisgo (16) · ecostruxure hybrid distributed control system (3) · ecostruxure machine expert (3)	—
26	jenkins project	20	7	2	·	NEWKEV 2PoC 3	jenkins azure vm agents plugin (3) · jenkins script security plugin (2) · jenkins pipeline: groovy plugin (2)	—
27	jenkins	19	7	2	·	NEWKEV 2PoC 3	azure vm agents (3) · script security (2) · fortify on demand uploader (2)	—
28	packagist	19	1	·	1	Nuclei 1PoC 6	moodle/moodle (10) · dolibarr/dolibarr (2) · librenms/librenms (1)	—
29	kaspersky lab	18	10	·	·	NEW	ultravnc (16) · invision power board (1) · vanilla forums (1)	—
30	team ultravnc	17	15	·	·	NEW	ultravnc (17)	—
31	siemens	16	9	·	·		sinumerik pcu base win10 software\/ipc (13) · sinumerik pcu base win7 software\/ipc (13) · sinumerik access mymachine\/p2p (13)	—
32	ао «концерн вниинс»	16	3	·	·	PoC 6	ос он «стрелец» (16)	—
33	apache	14	2	·	2	Nuclei 2	apache jspwiki (2) · mesos (2) · jspwiki (2)	—
34	f5	13	·	·	·		big-ip access policy manager (11) · big-ip application acceleration manager (10) · big-ip application security manager (10)	—
35	gnu	13	2	·	·	PoC 5	libredwg (10) · bash (1) · gnutls (1)	—
36	oracle corp.	13	2	·	4	Nuclei 4PoC 3	peoplesoft enterprise peopletools (3) · oracle communications unified inventory management (2) · java se (2)	—
37	cmsmadesimple	12	·	·	·	NEWPoC 4	cms made simple (12)	—
38	hp	12	3	·	·		arcsight logger (6) · color laserjet enterprise m651 firmware (1) · color laserjet enterprise m652dn firmware (1)	—
39	moxa	12	4	·	·		eds-405a firmware (9) · eds-408a firmware (9) · eds-510a firmware (9)	—
40	pypi	12	1	·	·	PoC 2	notebook (2) · matrix-synapse (1) · neutron (1)	—
41	apple inc.	11	·	1	·	KEV 1PoC 2	ios (11) · tvos (10) · icloud (9)	—
42	atlassian	11	2	1	1	KEV 1Nuclei 1PoC 4	crowd (5) · sourcetree (3) · confluence server (2)	—
43	ics-cert	11	4	·	·	NEW	moxa iks, eds (9) · psi gridconnect gmbh (formerly known as psi nentec gmbh) telecontrol gateway and smart telecontrol unit family, iec104 security proxy. (1) · gpsd and microjson (open source project) (1)	—
44	npm	11	2	·	·	NEW	serve (2) · highcharts (1) · kill-port (1)	—
45	oracle	11	1	·	2	Nuclei 2PoC 2	peoplesoft enterprise peopletools (3) · communications lsms (3) · jd edwards enterpriseone tools (2)	—
46	xpdfreader	11	·	·	·	NEWPoC 6	xpdf (11)	—
47	ао «ивк»	11	5	·	·	NEWPoC 4	альт 8 сп (11)	—
48	moodle	10	·	·	1	Nuclei 1PoC 1	moodle (10)	—
49	ofcms project	10	·	·	·	NEWPoC 2	ofcms (10)	—
50	suse	10	·	·	·	PoC 2	supportutils (5) · linux enterprise server (1) · backports (1)	—