month report

April 2019

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

April 2019 closed with 1,582 published CVEs. 203 criticals, apple led volume, mostly via iphone os. Top weakness class — CWE-79 (131 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,582

— MoM— YoY

Severity mix

203 / 695

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

3.2%

51 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2510.0

n=51

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1017

n=16

Detection gap

KEV pressure, no Nuclei coverage

April 2019 · vendors with active exploitation listed by CISA but no public detection template.

KEV 7microsoft139 CVE
KEV 6microsoft corp132 CVE
KEV 1apple187 CVE
KEV 1сообщество свободного программного обеспечения107 CVE
KEV 1redhat85 CVE
KEV 1fedoraproject66 CVE
KEV 1canonical ltd.65 CVE
KEV 1opensuse49 CVE

Weakness × Vendor

What's spreading where in April 2019

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#9jenkins93 CVE
#10jenkins project93 CVE
#26mozilla corp.26 CVE
#29gitlab22 CVE
#30doorgets21 CVE
#41android15 CVE
#42crestron15 CVE
#43ubuntu15 CVE
#53siemens ag10 CVE
#55wireshark team10 CVE

Top vendors

Ranked by distinct CVE count this period.

1apple—
187 CVE12 critCVSS 7.7
KEV 1PoC 7
iphone os (136) · mac os x (97) · tvos (93)
2oracle—
172 CVE11 critCVSS 6.6
KEV 3Nuclei 8PoC 6
mysql (40) · vm virtualbox (13) · weblogic server (12)
3oracle corp.—
160 CVE10 critCVSS 6.6
KEV 3Nuclei 9PoC 7
mysql (40) · e-business suite (31) · fusion middleware (19)
4oracle corporation—
160 CVE9 critCVSS 6.5
KEV 2Nuclei 5PoC 2
mysql server (40) · vm virtualbox (12) · weblogic server (10)
5microsoft—
139 CVE5 critCVSS 7.2
KEV 7PoC 12
windows (72) · windows server (72) · windows server 2016 (70)
6microsoft corp—
132 CVE4 critCVSS 7.3
KEV 6PoC 12
windows 10 1803 (63) · windows server 1803 (server core installation) (63) · windows server 2019 (server core installation) (62)
7maven—
123 CVE4 critCVSS 7.6
Nuclei 4PoC 6
org.eclipse.jetty:jetty-server (3) · org.jenkins-ci.plugins:ansible-tower (3) · org.apache.tomcat.embed:tomcat-embed-core (3)
8сообщество свободного программного обеспечения—
107 CVE16 critCVSS 7.2
KEV 1PoC 32
debian gnu/linux (95) · linux (12) · systemd (3)
9jenkins—
93 CVE2 critCVSS 7.8
NEW
audit to database (3) · netsparker cloud scan (3) · ftp publisher (3)
10jenkins project—
93 CVE2 critCVSS 7.8
NEW
jenkins audit to database plugin (3) · jenkins ansible tower plugin (3) · jenkins kmap plugin (3)
11ооо «русбитех-астра»—
92 CVE16 critCVSS 7.4
KEV 1Nuclei 2PoC 25
astra linux special edition (77) · astra linux special edition для «эльбрус» (36) · astra linux common edition (29)
12redhat—
85 CVE8 critCVSS 6.1
KEV 1PoC 8
enterprise linux (62) · enterprise linux eus (55) · enterprise linux server aus (54)
13canonical—
70 CVE8 critCVSS 7.1
KEV 1Nuclei 1PoC 17
ubuntu linux (60) · snapd (4) · metal as a service (4)
14fedoraproject—
66 CVE4 critCVSS 6.5
KEV 1PoC 18
fedora (65) · 389 directory server (1)
15canonical ltd.—
65 CVE8 critCVSS 7.2
KEV 1PoC 21
ubuntu (65) · snapd (2)
16debian—
63 CVE5 critCVSS 7.1
KEV 1Nuclei 2PoC 20
debian linux (63)
17ibm—
59 CVE4 critCVSS 5.9
PoC 1
sterling b2b integrator (10) · security privileged identity manager (7) · api connect (6)
18novell inc.—
57 CVE8 critCVSS 7.5
PoC 17
opensuse leap (51) · suse linux enterprise server for sap applications (6) · suse linux enterprise desktop (6)
19opensuse—
49 CVE7 critCVSS 7.2
KEV 1PoC 17
leap (49) · backports sle (11)
20ао «концерн вниинс»—
43 CVE7 critCVSS 7.2
Nuclei 2PoC 7
ос он «стрелец» (43)
21red hat inc.—
40 CVE8 critCVSS 7.3
PoC 8
red hat enterprise linux (35) · red hat satellite (3) · red hat gluster storage (2)
22cisco—
39 CVE1 critCVSS 6.4
PoC 38
cisco wireless lan controller (wlc) (8) · wireless lan controller software (8) · cisco aironet access point software (5)
23fedora project—
38 CVE2 critCVSS 7.1
PoC 13
fedora (38)
24mozilla—
38 CVE12 critCVSS 8.2
PoC 7
firefox (33) · thunderbird (14) · firefox esr (11)
25cisco systems inc.—
33 CVE1 critCVSS 6.2
PoC 33
wireless lan controller (8) · cisco ios xr (4) · cisco aironet 1560 (4)
26mozilla corp.—
26 CVE9 critCVSS 8.1
NEWPoC 4
firefox (22) · firefox esr (14) · thunderbird (9)
27pypi—
26 CVE2 critCVSS 7.4
PoC 3
tensorflow (7) · tensorflow-gpu (6) · urllib3 (2)
28synology—
25 CVECVSS 6.0
PoC 3
router manager (10) · diskstation manager (6) · synology router manager (srm) (5)
29gitlab—
22 CVE4 critCVSS 6.7
NEWPoC 4
gitlab (22)
30doorgets—
21 CVE2 critCVSS 6.9
NEWPoC 11
doorgets cms (21)
31google—
21 CVE2 critCVSS 7.7
android (15) · tensorflow (6) · snappy (1)
32ао "нппкт"—
21 CVE2 critCVSS 7.4
Nuclei 2PoC 4
осон основа оnyx (21)
33apache—
19 CVE1 critCVSS 7.2
KEV 1Nuclei 2PoC 5
tomcat (3) · http server (3) · zeppelin (3)
34netapp—
19 CVE3 critCVSS 7.0
KEV 1Nuclei 2PoC 5
solidfire (7) · hci management node (7) · vasa provider for clustered data ontap (6)
35nuget—
19 CVE2 critCVSS 7.6
PoC 3
microsoft.chakracore (14) · jquery (2) · madskristensen.aspnetcore.miniblog (1)
36juniper—
17 CVE3 critCVSS 7.6
PoC 17
junos (15) · service insight (1) · service now (1)
37linux—
17 CVECVSS 6.0
PoC 8
linux kernel (17) · linux (2)
38juniper networks—
16 CVE3 critCVSS 7.7
PoC 16
junos os (14) · juniper identity management service (1) · service insight (1)
39juniper networks inc.—
16 CVE3 critCVSS 7.7
PoC 16
junos (14) · service now (1) · juniper identity management service (1)
40packagist—
16 CVE7 critCVSS 8.9
Nuclei 1PoC 12
contao/contao (5) · contao/core-bundle (4) · flarum/flarum (1)
41android—
15 CVE1 critCVSS 7.6
NEW
android (15)
42crestron—
15 CVE8 critCVSS 8.4
NEWKEV 1Nuclei 12PoC 8
am-100 firmware (15) · am-101 firmware (15) · crestron airmedia (13)
43ubuntu—
15 CVE1 critCVSS 5.5
NEW
maas (4) · unity8 (2) · lxd (1)
44go—
14 CVE1 critCVSS 7.4
PoC 2
k8s.io/kubernetes (3) · github.com/go-gitea/gitea (2) · github.com/rancher/rancher (2)
45vmware—
13 CVE1 critCVSS 7.2
PoC 6
workstation (9) · fusion (8) · esxi (5)
46npm—
12 CVECVSS 6.6
PoC 4
@materializecss/materialize (3) · materialize-css (3) · jquery (2)
47apache software foundation—
11 CVE1 critCVSS 7.7
KEV 1Nuclei 1PoC 3
http server (3) · apache zeppelin (3) · tomcat (2)
48broadcom inc.—
11 CVE1 critCVSS 7.4
PoC 6
vmware workstation (9) · vmware fusion (8) · vmware esxi (5)
49siemens—
11 CVE2 critCVSS 7.5
simatic s7-1500 firmware (4) · cp 1604 firmware (3) · cp 1616 firmware (3)
50dell—
10 CVE2 critCVSS 8.6
idrac9 firmware (3) · supportassist client (2) · emc isilonsd management server (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	apple	187	12	1	·	KEV 1PoC 7	iphone os (136) · mac os x (97) · tvos (93)	—
2	oracle	172	11	3	8	KEV 3Nuclei 8PoC 6	mysql (40) · vm virtualbox (13) · weblogic server (12)	—
3	oracle corp.	160	10	3	9	KEV 3Nuclei 9PoC 7	mysql (40) · e-business suite (31) · fusion middleware (19)	—
4	oracle corporation	160	9	2	5	KEV 2Nuclei 5PoC 2	mysql server (40) · vm virtualbox (12) · weblogic server (10)	—
5	microsoft	139	5	7	·	KEV 7PoC 12	windows (72) · windows server (72) · windows server 2016 (70)	—
6	microsoft corp	132	4	6	·	KEV 6PoC 12	windows 10 1803 (63) · windows server 1803 (server core installation) (63) · windows server 2019 (server core installation) (62)	—
7	maven	123	4	·	4	Nuclei 4PoC 6	org.eclipse.jetty:jetty-server (3) · org.jenkins-ci.plugins:ansible-tower (3) · org.apache.tomcat.embed:tomcat-embed-core (3)	—
8	сообщество свободного программного обеспечения	107	16	1	·	KEV 1PoC 32	debian gnu/linux (95) · linux (12) · systemd (3)	—
9	jenkins	93	2	·	·	NEW	audit to database (3) · netsparker cloud scan (3) · ftp publisher (3)	—
10	jenkins project	93	2	·	·	NEW	jenkins audit to database plugin (3) · jenkins ansible tower plugin (3) · jenkins kmap plugin (3)	—
11	ооо «русбитех-астра»	92	16	1	2	KEV 1Nuclei 2PoC 25	astra linux special edition (77) · astra linux special edition для «эльбрус» (36) · astra linux common edition (29)	—
12	redhat	85	8	1	·	KEV 1PoC 8	enterprise linux (62) · enterprise linux eus (55) · enterprise linux server aus (54)	—
13	canonical	70	8	1	1	KEV 1Nuclei 1PoC 17	ubuntu linux (60) · snapd (4) · metal as a service (4)	—
14	fedoraproject	66	4	1	·	KEV 1PoC 18	fedora (65) · 389 directory server (1)	—
15	canonical ltd.	65	8	1	·	KEV 1PoC 21	ubuntu (65) · snapd (2)	—
16	debian	63	5	1	2	KEV 1Nuclei 2PoC 20	debian linux (63)	—
17	ibm	59	4	·	·	PoC 1	sterling b2b integrator (10) · security privileged identity manager (7) · api connect (6)	—
18	novell inc.	57	8	·	·	PoC 17	opensuse leap (51) · suse linux enterprise server for sap applications (6) · suse linux enterprise desktop (6)	—
19	opensuse	49	7	1	·	KEV 1PoC 17	leap (49) · backports sle (11)	—
20	ао «концерн вниинс»	43	7	·	2	Nuclei 2PoC 7	ос он «стрелец» (43)	—
21	red hat inc.	40	8	·	·	PoC 8	red hat enterprise linux (35) · red hat satellite (3) · red hat gluster storage (2)	—
22	cisco	39	1	·	·	PoC 38	cisco wireless lan controller (wlc) (8) · wireless lan controller software (8) · cisco aironet access point software (5)	—
23	fedora project	38	2	·	·	PoC 13	fedora (38)	—
24	mozilla	38	12	·	·	PoC 7	firefox (33) · thunderbird (14) · firefox esr (11)	—
25	cisco systems inc.	33	1	·	·	PoC 33	wireless lan controller (8) · cisco ios xr (4) · cisco aironet 1560 (4)	—
26	mozilla corp.	26	9	·	·	NEWPoC 4	firefox (22) · firefox esr (14) · thunderbird (9)	—
27	pypi	26	2	·	·	PoC 3	tensorflow (7) · tensorflow-gpu (6) · urllib3 (2)	—
28	synology	25	·	·	·	PoC 3	router manager (10) · diskstation manager (6) · synology router manager (srm) (5)	—
29	gitlab	22	4	·	·	NEWPoC 4	gitlab (22)	—
30	doorgets	21	2	·	·	NEWPoC 11	doorgets cms (21)	—
31	google	21	2	·	·		android (15) · tensorflow (6) · snappy (1)	—
32	ао "нппкт"	21	2	·	2	Nuclei 2PoC 4	осон основа оnyx (21)	—
33	apache	19	1	1	2	KEV 1Nuclei 2PoC 5	tomcat (3) · http server (3) · zeppelin (3)	—
34	netapp	19	3	1	2	KEV 1Nuclei 2PoC 5	solidfire (7) · hci management node (7) · vasa provider for clustered data ontap (6)	—
35	nuget	19	2	·	·	PoC 3	microsoft.chakracore (14) · jquery (2) · madskristensen.aspnetcore.miniblog (1)	—
36	juniper	17	3	·	·	PoC 17	junos (15) · service insight (1) · service now (1)	—
37	linux	17	·	·	·	PoC 8	linux kernel (17) · linux (2)	—
38	juniper networks	16	3	·	·	PoC 16	junos os (14) · juniper identity management service (1) · service insight (1)	—
39	juniper networks inc.	16	3	·	·	PoC 16	junos (14) · service now (1) · juniper identity management service (1)	—
40	packagist	16	7	·	1	Nuclei 1PoC 12	contao/contao (5) · contao/core-bundle (4) · flarum/flarum (1)	—
41	android	15	1	·	·	NEW	android (15)	—
42	crestron	15	8	1	12	NEWKEV 1Nuclei 12PoC 8	am-100 firmware (15) · am-101 firmware (15) · crestron airmedia (13)	—
43	ubuntu	15	1	·	·	NEW	maas (4) · unity8 (2) · lxd (1)	—
44	go	14	1	·	·	PoC 2	k8s.io/kubernetes (3) · github.com/go-gitea/gitea (2) · github.com/rancher/rancher (2)	—
45	vmware	13	1	·	·	PoC 6	workstation (9) · fusion (8) · esxi (5)	—
46	npm	12	·	·	·	PoC 4	@materializecss/materialize (3) · materialize-css (3) · jquery (2)	—
47	apache software foundation	11	1	1	1	KEV 1Nuclei 1PoC 3	http server (3) · apache zeppelin (3) · tomcat (2)	—
48	broadcom inc.	11	1	·	·	PoC 6	vmware workstation (9) · vmware fusion (8) · vmware esxi (5)	—
49	siemens	11	2	·	·		simatic s7-1500 firmware (4) · cp 1604 firmware (3) · cp 1616 firmware (3)	—
50	dell	10	2	·	·		idrac9 firmware (3) · supportassist client (2) · emc isilonsd management server (2)	—