month report

May 2019

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

May 2019 closed with 1,366 published CVEs. 260 criticals, adobe led volume, mostly via acrobat dc. Top weakness class — CWE-79 (181 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,366

— MoM— YoY

Severity mix

260 / 560

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

3.4%

47 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2488.2

n=47

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1045

n=14

Detection gap

KEV pressure, no Nuclei coverage

May 2019 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3microsoft80 CVE
KEV 2microsoft corp78 CVE
KEV 1intel corp.32 CVE
KEV 1siemens ag23 CVE
KEV 1siemens18 CVE
KEV 1sierrawireless12 CVE

Weakness × Vendor

What's spreading where in May 2019

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#11qualcomm41 CVE
#14intel34 CVE
#23gitlab26 CVE
#25siemens ag23 CVE
#32open-xchange20 CVE
#33zohocorp20 CVE
#39ооо «доктор веб»16 CVE
#43jenkins project12 CVE
#44sierrawireless12 CVE
#45anker-in11 CVE

Top vendors

Ranked by distinct CVE count this period.

1adobe—
207 CVE78 critCVSS 8.4
PoC 1
acrobat dc (175) · adobe acrobat and reader (175) · acrobat reader dc (175)
2adobe systems inc.—
158 CVE71 critCVSS 8.7
PoC 1
adobe acrobat document cloud (129) · adobe acrobat reader document cloud (129) · adobe acrobat 2017 (127)
3cisco—
98 CVE2 critCVSS 7.3
Nuclei 1PoC 98
nx-os (38) · cisco nx-os software (32) · firepower threat defense (15)
4cisco systems inc.—
94 CVE2 critCVSS 7.0
Nuclei 1PoC 94
nx-os (37) · firepower threat defense (16) · adaptive security appliance (13)
5microsoft—
80 CVE3 critCVSS 7.4
KEV 3PoC 3
windows server (31) · windows (30) · windows server 2016 (30)
6microsoft corp—
78 CVE2 critCVSS 7.5
KEV 2PoC 2
windows server 2019 (29) · windows 10 1709 (28) · windows 10 1809 (28)
7сообщество свободного программного обеспечения—
65 CVE10 critCVSS 7.2
Nuclei 2PoC 21
debian gnu/linux (58) · linux (17) · freeimages (2)
8ооо «русбитех-астра»—
48 CVE7 critCVSS 7.6
Nuclei 1PoC 14
astra linux special edition (44) · astra linux special edition для «эльбрус» (10) · astra linux common edition (8)
9schneider electric—
42 CVE8 critCVSS 7.8
KEV 1Nuclei 1PoC 12
modicon quantum (18) · modicon quantum safety controller (18) · plc simulator (18)
10novell inc.—
41 CVE4 critCVSS 7.7
PoC 8
opensuse leap (39) · suse linux enterprise module for open buildservice development tools (6) · suse openstack cloud (3)
11qualcomm—
41 CVE12 critCVSS 8.2
NEW
mdm9607 firmware (38) · mdm9206 firmware (38) · mdm9650 firmware (37)
12schneider-electric—
41 CVE8 critCVSS 7.8
KEV 1Nuclei 1PoC 11
modicon quantum firmware (23) · modicon premium firmware (21) · modicon m580 firmware (20)
13opensuse—
38 CVE4 critCVSS 7.6
Nuclei 1PoC 3
leap (38) · backports (16) · backports sle (5)
14intel—
34 CVE2 critCVSS 6.4
NEWPoC 3
active management technology firmware (4) · graphics driver (4) · converged security management engine firmware (4)
15maven—
34 CVE2 critCVSS 6.5
Nuclei 3PoC 6
org.jenkins-ci.plugins:artifactory (4) · org.apache.jspwiki:jspwiki-main (3) · org.apache.jspwiki:jspwiki-war (3)
16intel corp.—
32 CVE3 critCVSS 6.5
KEV 1PoC 4
intel converged security and manageability engine (7) · intel celeron j series (7) · intel celeron n series (7)
17qualcomm, inc.—
31 CVE12 critCVSS 8.3
snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3)
18google—
30 CVE3 critCVSS 7.6
PoC 1
chrome (17) · android (12) · api c\+\+ client (1)
19ibm—
30 CVE1 critCVSS 5.8
spectrum control (4) · spectrum control standard edition (4) · api connect (3)
20debian—
28 CVE5 critCVSS 7.4
PoC 10
debian linux (28)
21fedora project—
26 CVE4 critCVSS 7.0
Nuclei 1PoC 8
fedora (26)
22fedoraproject—
26 CVE4 critCVSS 7.3
PoC 8
fedora (26)
23gitlab—
26 CVE5 critCVSS 7.0
NEWPoC 7
gitlab (26)
24npm—
26 CVECVSS 6.4
PoC 4
remarkable (2) · harp (2) · webpack-bundle-analyzer (1)
25siemens ag—
23 CVE5 critCVSS 6.9
NEWKEV 1PoC 7
simatic wincc runtime professional (6) · simatic wincc (tia portal) (6) · simatic ipc547g (5)
26red hat inc.—
21 CVE4 critCVSS 6.5
PoC 6
red hat enterprise linux (15) · red hat virtualization (6) · red hat enterprise mrg (4)
27canonical—
20 CVE4 critCVSS 7.4
PoC 5
ubuntu linux (20)
28canonical ltd.—
20 CVE4 critCVSS 7.5
Nuclei 1PoC 9
ubuntu (20)
29cybozu—
20 CVE1 critCVSS 5.7
garoon (20)
30cybozu, inc.—
20 CVE1 critCVSS 5.7
cybozu garoon (20)
31nuget—
20 CVE1 critCVSS 7.5
microsoft.chakracore (14) · system.private.uri (2) · microsoft.aspnetcore.signalr.protocols.messagepack (1)
32open-xchange—
20 CVE5 critCVSS 7.3
NEW
open-xchange appsuite (19) · ox cloud (1)
33zohocorp—
20 CVE2 critCVSS 6.7
NEWPoC 12
manageengine netflow analyzer (7) · manageengine applications manager (4) · manageengine opmanager (3)
34ао «концерн вниинс»—
20 CVE3 critCVSS 7.5
Nuclei 1PoC 9
ос он «стрелец» (20)
35f5—
19 CVE6 critCVSS 6.6
PoC 5
big-ip policy enforcement manager (10) · big-ip advanced firewall manager (10) · big-ip application acceleration manager (10)
36siemens—
18 CVE5 critCVSS 8.0
KEV 1PoC 4
simatic wincc \(tia portal\) (6) · simatic wincc (4) · simatic pcs 7 (4)
37google inc—
17 CVECVSS 7.5
PoC 1
google chrome (16) · android (1)
38linux—
16 CVE1 critCVSS 6.5
PoC 3
linux kernel (16)
39ооо «доктор веб»—
16 CVECVSS 5.0
NEW
dr.web enterprise security suite (16)
40packagist—
15 CVE5 critCVSS 7.9
Nuclei 1PoC 11
symfony/symfony (6) · symfony/security (2) · drupal/core (2)
41redhat—
15 CVE2 critCVSS 6.5
PoC 2
enterprise linux (8) · enterprise linux server tus (5) · enterprise linux server aus (5)
42apache—
14 CVE2 critCVSS 6.8
Nuclei 2PoC 4
jspwiki (3) · commons imaging (2) · activemq (2)
43jenkins project—
12 CVE1 critCVSS 6.0
NEW
jenkins artifactory plugin (4) · jenkins warnings ng plugin (2) · jenkins pam authentication plugin (1)
44sierrawireless—
12 CVECVSS 7.9
NEWKEV 1PoC 7
airlink es450 firmware (11) · aleos (1)
45anker-in—
11 CVE4 critCVSS 8.6
NEWPoC 3
roav dashcam a1 firmware (11)
46synacor—
11 CVE3 critCVSS 7.0
NEWKEV 1Nuclei 2PoC 4
zimbra collaboration suite (10) · zimbra collaboration server (1)
47bosch—
10 CVE2 critCVSS 8.2
NEW
smart home controller firmware (6) · smart home controller (6) · video recording manager (3)
48computrols—
10 CVE1 critCVSS 7.7
NEWPoC 5
computrols building automation software (9) · computrols building automation system (1)
49oracle corp.—
10 CVE1 critCVSS 7.2
Nuclei 2PoC 6
mysql server (2) · enterprise manager base platform (2) · oracle flexcube private banking (2)
50seagate—
10 CVE1 critCVSS 6.8
NEWNuclei 2PoC 6
nas os (10)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	adobe	207	78	·	·	PoC 1	acrobat dc (175) · adobe acrobat and reader (175) · acrobat reader dc (175)	—
2	adobe systems inc.	158	71	·	·	PoC 1	adobe acrobat document cloud (129) · adobe acrobat reader document cloud (129) · adobe acrobat 2017 (127)	—
3	cisco	98	2	·	1	Nuclei 1PoC 98	nx-os (38) · cisco nx-os software (32) · firepower threat defense (15)	—
4	cisco systems inc.	94	2	·	1	Nuclei 1PoC 94	nx-os (37) · firepower threat defense (16) · adaptive security appliance (13)	—
5	microsoft	80	3	3	·	KEV 3PoC 3	windows server (31) · windows (30) · windows server 2016 (30)	—
6	microsoft corp	78	2	2	·	KEV 2PoC 2	windows server 2019 (29) · windows 10 1709 (28) · windows 10 1809 (28)	—
7	сообщество свободного программного обеспечения	65	10	·	2	Nuclei 2PoC 21	debian gnu/linux (58) · linux (17) · freeimages (2)	—
8	ооо «русбитех-астра»	48	7	·	1	Nuclei 1PoC 14	astra linux special edition (44) · astra linux special edition для «эльбрус» (10) · astra linux common edition (8)	—
9	schneider electric	42	8	1	1	KEV 1Nuclei 1PoC 12	modicon quantum (18) · modicon quantum safety controller (18) · plc simulator (18)	—
10	novell inc.	41	4	·	·	PoC 8	opensuse leap (39) · suse linux enterprise module for open buildservice development tools (6) · suse openstack cloud (3)	—
11	qualcomm	41	12	·	·	NEW	mdm9607 firmware (38) · mdm9206 firmware (38) · mdm9650 firmware (37)	—
12	schneider-electric	41	8	1	1	KEV 1Nuclei 1PoC 11	modicon quantum firmware (23) · modicon premium firmware (21) · modicon m580 firmware (20)	—
13	opensuse	38	4	·	1	Nuclei 1PoC 3	leap (38) · backports (16) · backports sle (5)	—
14	intel	34	2	·	·	NEWPoC 3	active management technology firmware (4) · graphics driver (4) · converged security management engine firmware (4)	—
15	maven	34	2	·	3	Nuclei 3PoC 6	org.jenkins-ci.plugins:artifactory (4) · org.apache.jspwiki:jspwiki-main (3) · org.apache.jspwiki:jspwiki-war (3)	—
16	intel corp.	32	3	1	·	KEV 1PoC 4	intel converged security and manageability engine (7) · intel celeron j series (7) · intel celeron n series (7)	—
17	qualcomm, inc.	31	12	·	·		snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3)	—
18	google	30	3	·	·	PoC 1	chrome (17) · android (12) · api c\+\+ client (1)	—
19	ibm	30	1	·	·		spectrum control (4) · spectrum control standard edition (4) · api connect (3)	—
20	debian	28	5	·	·	PoC 10	debian linux (28)	—
21	fedora project	26	4	·	1	Nuclei 1PoC 8	fedora (26)	—
22	fedoraproject	26	4	·	·	PoC 8	fedora (26)	—
23	gitlab	26	5	·	·	NEWPoC 7	gitlab (26)	—
24	npm	26	·	·	·	PoC 4	remarkable (2) · harp (2) · webpack-bundle-analyzer (1)	—
25	siemens ag	23	5	1	·	NEWKEV 1PoC 7	simatic wincc runtime professional (6) · simatic wincc (tia portal) (6) · simatic ipc547g (5)	—
26	red hat inc.	21	4	·	·	PoC 6	red hat enterprise linux (15) · red hat virtualization (6) · red hat enterprise mrg (4)	—
27	canonical	20	4	·	·	PoC 5	ubuntu linux (20)	—
28	canonical ltd.	20	4	·	1	Nuclei 1PoC 9	ubuntu (20)	—
29	cybozu	20	1	·	·		garoon (20)	—
30	cybozu, inc.	20	1	·	·		cybozu garoon (20)	—
31	nuget	20	1	·	·		microsoft.chakracore (14) · system.private.uri (2) · microsoft.aspnetcore.signalr.protocols.messagepack (1)	—
32	open-xchange	20	5	·	·	NEW	open-xchange appsuite (19) · ox cloud (1)	—
33	zohocorp	20	2	·	·	NEWPoC 12	manageengine netflow analyzer (7) · manageengine applications manager (4) · manageengine opmanager (3)	—
34	ао «концерн вниинс»	20	3	·	1	Nuclei 1PoC 9	ос он «стрелец» (20)	—
35	f5	19	6	·	·	PoC 5	big-ip policy enforcement manager (10) · big-ip advanced firewall manager (10) · big-ip application acceleration manager (10)	—
36	siemens	18	5	1	·	KEV 1PoC 4	simatic wincc \(tia portal\) (6) · simatic wincc (4) · simatic pcs 7 (4)	—
37	google inc	17	·	·	·	PoC 1	google chrome (16) · android (1)	—
38	linux	16	1	·	·	PoC 3	linux kernel (16)	—
39	ооо «доктор веб»	16	·	·	·	NEW	dr.web enterprise security suite (16)	—
40	packagist	15	5	·	1	Nuclei 1PoC 11	symfony/symfony (6) · symfony/security (2) · drupal/core (2)	—
41	redhat	15	2	·	·	PoC 2	enterprise linux (8) · enterprise linux server tus (5) · enterprise linux server aus (5)	—
42	apache	14	2	·	2	Nuclei 2PoC 4	jspwiki (3) · commons imaging (2) · activemq (2)	—
43	jenkins project	12	1	·	·	NEW	jenkins artifactory plugin (4) · jenkins warnings ng plugin (2) · jenkins pam authentication plugin (1)	—
44	sierrawireless	12	·	1	·	NEWKEV 1PoC 7	airlink es450 firmware (11) · aleos (1)	—
45	anker-in	11	4	·	·	NEWPoC 3	roav dashcam a1 firmware (11)	—
46	synacor	11	3	1	2	NEWKEV 1Nuclei 2PoC 4	zimbra collaboration suite (10) · zimbra collaboration server (1)	—
47	bosch	10	2	·	·	NEW	smart home controller firmware (6) · smart home controller (6) · video recording manager (3)	—
48	computrols	10	1	·	·	NEWPoC 5	computrols building automation software (9) · computrols building automation system (1)	—
49	oracle corp.	10	1	·	2	Nuclei 2PoC 6	mysql server (2) · enterprise manager base platform (2) · oracle flexcube private banking (2)	—
50	seagate	10	1	·	2	NEWNuclei 2PoC 6	nas os (10)	—