month report
July 2019
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
July 2019 closed with 1,752 published CVEs. 276 criticals, сообщество свободного программного обеспечения led volume, mostly via debian gnu/linux. Top weakness class — CWE-79 (198 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,752
— MoM— YoY
Severity mix
276 / 670
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
4.9%
85 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
2430.3
n=85
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
983
n=13
Detection gap
KEV pressure, no Nuclei coverage
July 2019 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 4microsoft corp81 CVE
- KEV 4microsoft78 CVE
- KEV 3ао «концерн вниинс»103 CVE
- KEV 2ооо «русбитех-астра»169 CVE
- KEV 2canonical ltd.68 CVE
- KEV 2red hat inc.53 CVE
- KEV 2mozilla48 CVE
- KEV 2mozilla corp.44 CVE
Weakness × Vendor
What's spreading where in July 2019
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS787Out-of-bounds Write125Out-of-bounds Read20Improper Input Validation352CSRF119Memory Buffer Bounds89SQL Injection200Information Exposure78OS Command Injection22Path Traversalсообщество свободного программного обеспечения537169242132oracle5ооо «русбитех-астра»433171113211oracle corporation1ао «концерн вниинс»5179621121debian22113151121opensuse121101212microsoft corp4125161microsoft4125161oracle corp.41canonical17523redhat1411143
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #4oracle corporation157 CVE
- #10oracle corp.76 CVE
- #15novell inc.60 CVE
- #17qualcomm50 CVE
- #21mozilla corp.44 CVE
- #23cpanel38 CVE
- #29jenkins27 CVE
- #30jenkins project27 CVE
- #32ао "нппкт"26 CVE
- #34jetbrains21 CVE
Top vendors
Ranked by distinct CVE count this period.
- 189 CVE44 critCVSS 7.3KEV 3Nuclei 1PoC 47debian gnu/linux (161) · u-boot (14) · linux (11)
- 173 CVE9 critCVSS 6.9Nuclei 2PoC 8mysql (42) · vm virtualbox (13) · jdk (10)
- 169 CVE35 critCVSS 6.9KEV 2PoC 30astra linux special edition (160) · astra linux special edition для «эльбрус» (45) · astra linux common edition (37)
- 157 CVE3 critCVSS 5.9NEWNuclei 1PoC 5mysql server (42) · vm virtualbox (13) · java (9)
- 103 CVE19 critCVSS 7.2KEV 3PoC 33ос он «стрелец» (103)
- 97 CVE18 critCVSS 7.3KEV 1Nuclei 1PoC 35debian linux (97)
- 94 CVE7 critCVSS 6.9PoC 21leap (94) · backports sle (11) · backports (3)
- 81 CVE3 critCVSS 7.2KEV 4PoC 2windows server 2019 (39) · windows server 1803 (server core installation) (38) · windows server 2019 (server core installation) (38)
- 78 CVE3 critCVSS 7.5KEV 4PoC 1windows server (46) · windows (42) · windows server 2016 (40)
- 76 CVE7 critCVSS 7.1NEWNuclei 1PoC 8mysql (15) · vm virtualbox (12) · openjdk (7)
- 69 CVE6 critCVSS 6.7KEV 1PoC 20ubuntu linux (69)
- 69 CVE4 critCVSS 5.9KEV 1PoC 9enterprise linux (45) · enterprise linux eus (44) · enterprise linux server aus (41)
- 68 CVE7 critCVSS 6.5KEV 2PoC 18ubuntu (68)
- 60 CVE12 critCVSS 6.9KEV 1Nuclei 1PoC 18fedora (60)
- 60 CVE8 critCVSS 6.8NEWPoC 12opensuse leap (53) · suse linux enterprise server (11) · suse linux enterprise desktop (11)
- 53 CVE10 critCVSS 7.4KEV 2PoC 15red hat enterprise linux (46) · openshift container platform (4) · red hat process automation manager (2)
- 50 CVE12 critCVSS 7.8NEWsd 670 firmware (50) · sd 710 firmware (50) · sd 712 firmware (50)
- 50 CVE12 critCVSS 7.8snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (4) · snapdragon auto, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music (4)
- 48 CVE2 critCVSS 6.2robotic process automation with automation anywhere (7) · db2 (6) · qradar security information and event manager (6)
- 48 CVE15 critCVSS 7.9KEV 2PoC 3firefox (44) · thunderbird (28) · firefox esr (24)
- 44 CVE15 critCVSS 8.0NEWKEV 2PoC 3firefox (40) · thunderbird (27) · firefox esr (22)
- 40 CVE6 critCVSS 7.0Nuclei 1PoC 2io.jenkins:configuration-as-code (5) · com.fasterxml.jackson.core:jackson-databind (3) · org.jenkins-ci.plugins.m2release:m2release (3)
- 38 CVE1 critCVSS 5.8NEWcpanel (38)
- 35 CVE7 critCVSS 6.7KEV 1PoC 12fedora (35)
- 30 CVE1 critCVSS 6.8PoC 2big-ip application security manager (20) · big-ip advanced firewall manager (20) · big-ip policy enforcement manager (19)
- 30 CVE3 critCVSS 7.0PoC 14mediawiki/core (9) · dolibarr/dolibarr (4) · grumpydictator/firefly-iii (4)
- 28 CVE1 critCVSS 6.7Nuclei 1PoC 28sf300-48p firmware (3) · sf302-08 firmware (3) · sf302-08mp firmware (3)
- 28 CVE1 critCVSS 6.9Nuclei 1PoC 28cisco small business 200 series smart switches (3) · cisco identity services engine (2) · cisco small business 300 series (2)
- 27 CVECVSS 6.4NEWPoC 2configuration as code (5) · jenkins (3) · docker (3)
- 27 CVECVSS 6.3NEWPoC 1jenkins configuration as code plugin (5) · jenkins (3) · jenkins maven release plugin (3)
- 26 CVE10 critCVSS 8.8Nuclei 3PoC 17dcs-1130 firmware (14) · dcs-1100 firmware (8) · central wifimanager (4)
- 26 CVE2 critCVSS 7.0NEWPoC 10осон основа оnyx (26)
- 24 CVECVSS 7.6PoC 14imagemagick (24)
- 21 CVE9 critCVSS 8.2NEWteamcity (6) · youtrack (5) · intellij idea (5)
- 21 CVE5 critCVSS 7.4KEV 1PoC 8linux kernel (21)
- 20 CVECVSS 6.1NEWNuclei 1PoC 2gitlab (20)
- 20 CVE14 critCVSS 9.3NEWKEV 1Nuclei 6PoC 13linear emerge elite firmware (14) · linear emerge essential firmware (14) · linear emerge 5000p firmware (6)
- 19 CVECVSS 4.8NEWsecret net studio (16) · vgate (3)
- 18 CVECVSS 8.1PoC 11imagemagick (18)
- 18 CVE1 critCVSS 6.9PoC 6lodash (2) · lodash-amd (2) · http-file-server (2)
- 17 CVE3 critCVSS 7.5Nuclei 1PoC 3saleor (1) · salt (1) · scapy (1)
- 15 CVECVSS 6.3NEWPoC 13xpdfreader (15)
- 15 CVE5 critCVSS 7.2KEV 1PoC 3active iq unified manager (9) · oncommand workflow automation (3) · e-series santricity os controller (3)
- 15 CVECVSS 6.9KEV 2Nuclei 4PoC 4microsoft.chakracore (5) · dotnetnuke.core (4) · microsoft.aspnetcore.all (1)
- 15 CVE7 critCVSS 8.0PoC 13lodash-rails (2) · nokogiri (2) · samlr (1)
- 15 CVE7 critCVSS 7.0NEWKEV 1PoC 2альт 8 сп (8) · альт линукс спт (7) · альт сп 10 (1)
- 14 CVE13 critCVSS 9.6NEWu-boot (14)
- 14 CVE2 critCVSS 7.3PoC 1android (12) · kubernetes engine (1) · voice builder (1)
- 13 CVECVSS 5.5NEWepolicy orchestrator (7) · data loss prevention endpoint (4) · agent (1)
- 13 CVE3 critCVSS 8.9NEWPoC 13tew-827dru firmware (13)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 189 | 44 | 3 | 1 | KEV 3Nuclei 1PoC 47 | debian gnu/linux (161) · u-boot (14) · linux (11) | — | |
| 2 | oracle | 173 | 9 | · | 2 | Nuclei 2PoC 8 | mysql (42) · vm virtualbox (13) · jdk (10) | — | |
| 3 | ооо «русбитех-астра» | 169 | 35 | 2 | · | KEV 2PoC 30 | astra linux special edition (160) · astra linux special edition для «эльбрус» (45) · astra linux common edition (37) | — | |
| 4 | oracle corporation | 157 | 3 | · | 1 | NEWNuclei 1PoC 5 | mysql server (42) · vm virtualbox (13) · java (9) | — | |
| 5 | ао «концерн вниинс» | 103 | 19 | 3 | · | KEV 3PoC 33 | ос он «стрелец» (103) | — | |
| 6 | debian | 97 | 18 | 1 | 1 | KEV 1Nuclei 1PoC 35 | debian linux (97) | — | |
| 7 | opensuse | 94 | 7 | · | · | PoC 21 | leap (94) · backports sle (11) · backports (3) | — | |
| 8 | microsoft corp | 81 | 3 | 4 | · | KEV 4PoC 2 | windows server 2019 (39) · windows server 1803 (server core installation) (38) · windows server 2019 (server core installation) (38) | — | |
| 9 | microsoft | 78 | 3 | 4 | · | KEV 4PoC 1 | windows server (46) · windows (42) · windows server 2016 (40) | — | |
| 10 | oracle corp. | 76 | 7 | · | 1 | NEWNuclei 1PoC 8 | mysql (15) · vm virtualbox (12) · openjdk (7) | — | |
| 11 | canonical | 69 | 6 | 1 | · | KEV 1PoC 20 | ubuntu linux (69) | — | |
| 12 | redhat | 69 | 4 | 1 | · | KEV 1PoC 9 | enterprise linux (45) · enterprise linux eus (44) · enterprise linux server aus (41) | — | |
| 13 | canonical ltd. | 68 | 7 | 2 | · | KEV 2PoC 18 | ubuntu (68) | — | |
| 14 | fedoraproject | 60 | 12 | 1 | 1 | KEV 1Nuclei 1PoC 18 | fedora (60) | — | |
| 15 | novell inc. | 60 | 8 | · | · | NEWPoC 12 | opensuse leap (53) · suse linux enterprise server (11) · suse linux enterprise desktop (11) | — | |
| 16 | red hat inc. | 53 | 10 | 2 | · | KEV 2PoC 15 | red hat enterprise linux (46) · openshift container platform (4) · red hat process automation manager (2) | — | |
| 17 | qualcomm | 50 | 12 | · | · | NEW | sd 670 firmware (50) · sd 710 firmware (50) · sd 712 firmware (50) | — | |
| 18 | qualcomm, inc. | 50 | 12 | · | · | snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (4) · snapdragon auto, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music (4) | — | ||
| 19 | ibm | 48 | 2 | · | · | robotic process automation with automation anywhere (7) · db2 (6) · qradar security information and event manager (6) | — | ||
| 20 | mozilla | 48 | 15 | 2 | · | KEV 2PoC 3 | firefox (44) · thunderbird (28) · firefox esr (24) | — | |
| 21 | mozilla corp. | 44 | 15 | 2 | · | NEWKEV 2PoC 3 | firefox (40) · thunderbird (27) · firefox esr (22) | — | |
| 22 | maven | 40 | 6 | · | 1 | Nuclei 1PoC 2 | io.jenkins:configuration-as-code (5) · com.fasterxml.jackson.core:jackson-databind (3) · org.jenkins-ci.plugins.m2release:m2release (3) | — | |
| 23 | cpanel | 38 | 1 | · | · | NEW | cpanel (38) | — | |
| 24 | fedora project | 35 | 7 | 1 | · | KEV 1PoC 12 | fedora (35) | — | |
| 25 | f5 | 30 | 1 | · | · | PoC 2 | big-ip application security manager (20) · big-ip advanced firewall manager (20) · big-ip policy enforcement manager (19) | — | |
| 26 | packagist | 30 | 3 | · | · | PoC 14 | mediawiki/core (9) · dolibarr/dolibarr (4) · grumpydictator/firefly-iii (4) | — | |
| 27 | cisco | 28 | 1 | · | 1 | Nuclei 1PoC 28 | sf300-48p firmware (3) · sf302-08 firmware (3) · sf302-08mp firmware (3) | — | |
| 28 | cisco systems inc. | 28 | 1 | · | 1 | Nuclei 1PoC 28 | cisco small business 200 series smart switches (3) · cisco identity services engine (2) · cisco small business 300 series (2) | — | |
| 29 | jenkins | 27 | · | · | · | NEWPoC 2 | configuration as code (5) · jenkins (3) · docker (3) | — | |
| 30 | jenkins project | 27 | · | · | · | NEWPoC 1 | jenkins configuration as code plugin (5) · jenkins (3) · jenkins maven release plugin (3) | — | |
| 31 | dlink | 26 | 10 | · | 3 | Nuclei 3PoC 17 | dcs-1130 firmware (14) · dcs-1100 firmware (8) · central wifimanager (4) | — | |
| 32 | ао "нппкт" | 26 | 2 | · | · | NEWPoC 10 | осон основа оnyx (26) | — | |
| 33 | imagemagick | 24 | · | · | · | PoC 14 | imagemagick (24) | — | |
| 34 | jetbrains | 21 | 9 | · | · | NEW | teamcity (6) · youtrack (5) · intellij idea (5) | — | |
| 35 | linux | 21 | 5 | 1 | · | KEV 1PoC 8 | linux kernel (21) | — | |
| 36 | gitlab | 20 | · | · | 1 | NEWNuclei 1PoC 2 | gitlab (20) | — | |
| 37 | nortekcontrol | 20 | 14 | 1 | 6 | NEWKEV 1Nuclei 6PoC 13 | linear emerge elite firmware (14) · linear emerge essential firmware (14) · linear emerge 5000p firmware (6) | — | |
| 38 | ооо «код безопасности» | 19 | · | · | · | NEW | secret net studio (16) · vgate (3) | — | |
| 39 | imagemagick studio llc | 18 | · | · | · | PoC 11 | imagemagick (18) | — | |
| 40 | npm | 18 | 1 | · | · | PoC 6 | lodash (2) · lodash-amd (2) · http-file-server (2) | — | |
| 41 | pypi | 17 | 3 | · | 1 | Nuclei 1PoC 3 | saleor (1) · salt (1) · scapy (1) | — | |
| 42 | glyphandcog | 15 | · | · | · | NEWPoC 13 | xpdfreader (15) | — | |
| 43 | netapp | 15 | 5 | 1 | · | KEV 1PoC 3 | active iq unified manager (9) · oncommand workflow automation (3) · e-series santricity os controller (3) | — | |
| 44 | nuget | 15 | · | 2 | 4 | KEV 2Nuclei 4PoC 4 | microsoft.chakracore (5) · dotnetnuke.core (4) · microsoft.aspnetcore.all (1) | — | |
| 45 | rubygems | 15 | 7 | · | · | PoC 13 | lodash-rails (2) · nokogiri (2) · samlr (1) | — | |
| 46 | ао «ивк» | 15 | 7 | 1 | · | NEWKEV 1PoC 2 | альт 8 сп (8) · альт линукс спт (7) · альт сп 10 (1) | — | |
| 47 | denx | 14 | 13 | · | · | NEW | u-boot (14) | — | |
| 48 | 14 | 2 | · | · | PoC 1 | android (12) · kubernetes engine (1) · voice builder (1) | — | ||
| 49 | mcafee | 13 | · | · | · | NEW | epolicy orchestrator (7) · data loss prevention endpoint (4) · agent (1) | — | |
| 50 | trendnet | 13 | 3 | · | · | NEWPoC 13 | tew-827dru firmware (13) | — |