month report

September 2019

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

September 2019 closed with 1,568 published CVEs. 188 criticals, google led volume, mostly via android. Top weakness class — CWE-79 (226 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,568

— MoM— YoY

Severity mix

188 / 585

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

18.0%

282 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2362.7

n=282

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

790

n=11

Detection gap

KEV pressure, no Nuclei coverage

September 2019 · vendors with active exploitation listed by CISA but no public detection template.

KEV 5microsoft82 CVE
KEV 5microsoft corp82 CVE

Weakness × Vendor

What's spreading where in September 2019

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#7novell inc.68 CVE
#12gitlab50 CVE
#17jenkins39 CVE
#18jenkins project39 CVE
#25ао «ивк»28 CVE
#26dell22 CVE
#28mozilla corp.21 CVE
#31qualcomm19 CVE
#35limesurvey16 CVE
#37oracle corp.15 CVE

Top vendors

Ranked by distinct CVE count this period.

1google—
308 CVE3 critCVSS 6.9
PoC 1
android (307) · chrome (1)
2сообщество свободного программного обеспечения—
127 CVE20 critCVSS 6.9
KEV 1Nuclei 16PoC 30
debian gnu/linux (107) · linux (26) · phpipam (5)
3microsoft—
82 CVE1 critCVSS 7.1
KEV 5PoC 3
windows (49) · windows server (47) · windows 10 version 1903 for x64-based systems (46)
4microsoft corp—
82 CVE1 critCVSS 7.2
KEV 5PoC 3
windows 10 1803 (47) · windows 10 1809 (46) · windows 10 1703 (46)
5debian—
78 CVE12 critCVSS 7.2
KEV 1Nuclei 10PoC 22
debian linux (78)
6ао «концерн вниинс»—
70 CVE10 critCVSS 7.1
Nuclei 3PoC 17
ос он «стрелец» (70)
7novell inc.—
68 CVE5 critCVSS 5.9
NEWNuclei 4PoC 17
opensuse leap (65) · suse linux enterprise server for sap applications (18) · suse linux enterprise server (18)
8ооо «русбитех-астра»—
67 CVE9 critCVSS 7.1
Nuclei 2PoC 13
astra linux special edition (61) · astra linux special edition для «эльбрус» (28) · astra linux common edition (14)
9canonical—
63 CVE7 critCVSS 6.9
KEV 1Nuclei 3PoC 17
ubuntu linux (63)
10maven—
59 CVE6 critCVSS 6.4
Nuclei 2PoC 2
org.jenkins-ci.main:jenkins-core (6) · org.apache.jspwiki:jspwiki-war (5) · org.jenkins-ci.plugins:script-security (4)
11opensuse—
57 CVE6 critCVSS 6.8
Nuclei 1PoC 18
leap (56) · backports sle (3) · backports (1)
12gitlab—
50 CVE2 critCVSS 6.0
NEWNuclei 25PoC 9
gitlab (49) · omnibus (1)
13canonical ltd.—
49 CVE5 critCVSS 7.0
KEV 1Nuclei 2PoC 9
ubuntu (49)
14fedoraproject—
45 CVE9 critCVSS 7.5
KEV 1Nuclei 3PoC 13
fedora (45)
15red hat inc.—
44 CVE3 critCVSS 7.3
Nuclei 2PoC 11
red hat enterprise linux (44) · openshift container platform (4) · red hat software collections (4)
16cisco systems inc.—
40 CVE1 critCVSS 7.1
PoC 38
cisco ios xe (23) · cisco ios (7) · cisco hyperflex (2)
17jenkins—
39 CVE2 critCVSS 5.8
NEWNuclei 1
jenkins (6) · script security (4) · project inheritance (3)
18jenkins project—
39 CVE2 critCVSS 5.8
NEWNuclei 1
jenkins (6) · jenkins script security plugin (4) · jenkins project inheritance plugin (3)
19cisco—
38 CVE1 critCVSS 7.0
PoC 38
ios xe (18) · ios (12) · cisco ios xe software (5)
20packagist—
38 CVE4 critCVSS 6.6
Nuclei 3PoC 23
silverstripe/framework (8) · librenms/librenms (7) · dolibarr/dolibarr (5)
21fedora project—
35 CVE7 critCVSS 7.3
KEV 1Nuclei 2PoC 11
fedora (35)
22linux—
34 CVE2 critCVSS 6.3
PoC 14
linux kernel (34) · kernel (3)
23ibm—
31 CVECVSS 5.8
websphere application server (8) · websphere extreme scale (4) · security key lifecycle manager (3)
24redhat—
29 CVE3 critCVSS 7.1
Nuclei 1PoC 14
enterprise linux (17) · enterprise linux server tus (8) · enterprise linux server aus (8)
25ао «ивк»—
28 CVE1 critCVSS 7.1
NEWPoC 9
альт 8 сп (25) · альт 8 сп рабочая станция (3) · альт 8 сп сервер (3)
26dell—
22 CVE2 critCVSS 6.7
NEWPoC 1
bsafe micro-edition-suite (5) · rsa bsafe mes (5) · rsa bsafe crypto-c micro edition (4)
27mozilla—
22 CVE2 critCVSS 7.1
PoC 1
firefox (20) · firefox esr (16) · thunderbird (8)
28mozilla corp.—
21 CVE1 critCVSS 7.0
NEWPoC 1
firefox (19) · firefox esr (15) · thunderbird (8)
29apache—
20 CVE7 critCVSS 8.0
Nuclei 4PoC 2
jspwiki (5) · http server (4) · ofbiz (4)
30netapp—
20 CVE6 critCVSS 7.9
Nuclei 1PoC 7
steelstore cloud integrated storage (9) · hci management node (6) · solidfire (6)
31qualcomm—
19 CVE6 critCVSS 8.5
NEW
sd 855 firmware (17) · sd 675 firmware (17) · sd 820a firmware (16)
32qualcomm, inc.—
19 CVE6 critCVSS 8.4
snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2)
33schneider-electric—
18 CVE3 critCVSS 7.7
meg6260-0410 firmware (6) · meg6260-0415 firmware (6) · meg6501-0001 firmware (6)
34npm—
17 CVE3 critCVSS 7.7
PoC 7
total4 (3) · generator-jhipster (2) · seneca (1)
35limesurvey—
16 CVE1 critCVSS 6.0
NEWNuclei 1PoC 2
limesurvey (16)
36f5—
15 CVE3 critCVSS 7.0
big-ip access policy manager (10) · big-ip application security manager (10) · big-ip policy enforcement manager (9)
37oracle corp.—
15 CVE4 critCVSS 6.1
NEWNuclei 3PoC 5
enterprise manager ops center (7) · oracle communications session border controller (4) · peoplesoft enterprise peopletools (4)
38oracle—
13 CVE5 critCVSS 7.8
Nuclei 2PoC 2
retail xstore point of service (7) · enterprise manager ops center (5) · weblogic server (4)
39schneider electric se—
13 CVE2 critCVSS 7.7
modicon m580 (4) · modicon m340 (3) · modicon quantum (2)
40crates.io—
12 CVE7 critCVSS 8.6
NEWPoC 2
blake2 (1) · cargo (1) · chttp (1)
41apache software foundation—
11 CVE5 critCVSS 8.1
Nuclei 3PoC 2
http server (4) · subversion (2) · drill (1)
42prise—
11 CVE2 critCVSS 7.2
NEWPoC 2
adas (11)
43atlassian—
10 CVE1 critCVSS 6.6
Nuclei 5PoC 6
jira server (7) · jira (7) · jira service desk server (1)
44control-webpanel—
10 CVECVSS 5.0
NEWNuclei 1PoC 10
webpanel (10)
45librenms—
10 CVE2 critCVSS 7.9
NEWPoC 6
librenms (10)
46microfocus—
10 CVECVSS 7.3
PoC 1
service manager (9) · data protector (1) · service manager chat server (1)
47ао "нппкт"—
10 CVE1 critCVSS 7.3
NEWKEV 1Nuclei 1PoC 1
осон основа оnyx (10)
48ао «нтц ит роса»—
10 CVE4 critCVSS 6.8
NEWNuclei 2PoC 3
rosa virtualization 3.0 (7) · rosa virtualization (6) · роса хром (3)
49nuget—
9 CVECVSS 7.5
Nuclei 1PoC 1
microsoft.chakracore (5) · microsoft.aspnetcore.spaservices (1) · dotnetnuke.core (1)
50pypi—
9 CVE3 critCVSS 7.1
PoC 5
lmdb (5) · opencv-contrib-python-headless (3) · opencv-python (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	google	308	3	·	·	PoC 1	android (307) · chrome (1)	—
2	сообщество свободного программного обеспечения	127	20	1	16	KEV 1Nuclei 16PoC 30	debian gnu/linux (107) · linux (26) · phpipam (5)	—
3	microsoft	82	1	5	·	KEV 5PoC 3	windows (49) · windows server (47) · windows 10 version 1903 for x64-based systems (46)	—
4	microsoft corp	82	1	5	·	KEV 5PoC 3	windows 10 1803 (47) · windows 10 1809 (46) · windows 10 1703 (46)	—
5	debian	78	12	1	10	KEV 1Nuclei 10PoC 22	debian linux (78)	—
6	ао «концерн вниинс»	70	10	·	3	Nuclei 3PoC 17	ос он «стрелец» (70)	—
7	novell inc.	68	5	·	4	NEWNuclei 4PoC 17	opensuse leap (65) · suse linux enterprise server for sap applications (18) · suse linux enterprise server (18)	—
8	ооо «русбитех-астра»	67	9	·	2	Nuclei 2PoC 13	astra linux special edition (61) · astra linux special edition для «эльбрус» (28) · astra linux common edition (14)	—
9	canonical	63	7	1	3	KEV 1Nuclei 3PoC 17	ubuntu linux (63)	—
10	maven	59	6	·	2	Nuclei 2PoC 2	org.jenkins-ci.main:jenkins-core (6) · org.apache.jspwiki:jspwiki-war (5) · org.jenkins-ci.plugins:script-security (4)	—
11	opensuse	57	6	·	1	Nuclei 1PoC 18	leap (56) · backports sle (3) · backports (1)	—
12	gitlab	50	2	·	25	NEWNuclei 25PoC 9	gitlab (49) · omnibus (1)	—
13	canonical ltd.	49	5	1	2	KEV 1Nuclei 2PoC 9	ubuntu (49)	—
14	fedoraproject	45	9	1	3	KEV 1Nuclei 3PoC 13	fedora (45)	—
15	red hat inc.	44	3	·	2	Nuclei 2PoC 11	red hat enterprise linux (44) · openshift container platform (4) · red hat software collections (4)	—
16	cisco systems inc.	40	1	·	·	PoC 38	cisco ios xe (23) · cisco ios (7) · cisco hyperflex (2)	—
17	jenkins	39	2	·	1	NEWNuclei 1	jenkins (6) · script security (4) · project inheritance (3)	—
18	jenkins project	39	2	·	1	NEWNuclei 1	jenkins (6) · jenkins script security plugin (4) · jenkins project inheritance plugin (3)	—
19	cisco	38	1	·	·	PoC 38	ios xe (18) · ios (12) · cisco ios xe software (5)	—
20	packagist	38	4	·	3	Nuclei 3PoC 23	silverstripe/framework (8) · librenms/librenms (7) · dolibarr/dolibarr (5)	—
21	fedora project	35	7	1	2	KEV 1Nuclei 2PoC 11	fedora (35)	—
22	linux	34	2	·	·	PoC 14	linux kernel (34) · kernel (3)	—
23	ibm	31	·	·	·		websphere application server (8) · websphere extreme scale (4) · security key lifecycle manager (3)	—
24	redhat	29	3	·	1	Nuclei 1PoC 14	enterprise linux (17) · enterprise linux server tus (8) · enterprise linux server aus (8)	—
25	ао «ивк»	28	1	·	·	NEWPoC 9	альт 8 сп (25) · альт 8 сп рабочая станция (3) · альт 8 сп сервер (3)	—
26	dell	22	2	·	·	NEWPoC 1	bsafe micro-edition-suite (5) · rsa bsafe mes (5) · rsa bsafe crypto-c micro edition (4)	—
27	mozilla	22	2	·	·	PoC 1	firefox (20) · firefox esr (16) · thunderbird (8)	—
28	mozilla corp.	21	1	·	·	NEWPoC 1	firefox (19) · firefox esr (15) · thunderbird (8)	—
29	apache	20	7	·	4	Nuclei 4PoC 2	jspwiki (5) · http server (4) · ofbiz (4)	—
30	netapp	20	6	·	1	Nuclei 1PoC 7	steelstore cloud integrated storage (9) · hci management node (6) · solidfire (6)	—
31	qualcomm	19	6	·	·	NEW	sd 855 firmware (17) · sd 675 firmware (17) · sd 820a firmware (16)	—
32	qualcomm, inc.	19	6	·	·		snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2)	—
33	schneider-electric	18	3	·	·		meg6260-0410 firmware (6) · meg6260-0415 firmware (6) · meg6501-0001 firmware (6)	—
34	npm	17	3	·	·	PoC 7	total4 (3) · generator-jhipster (2) · seneca (1)	—
35	limesurvey	16	1	·	1	NEWNuclei 1PoC 2	limesurvey (16)	—
36	f5	15	3	·	·		big-ip access policy manager (10) · big-ip application security manager (10) · big-ip policy enforcement manager (9)	—
37	oracle corp.	15	4	·	3	NEWNuclei 3PoC 5	enterprise manager ops center (7) · oracle communications session border controller (4) · peoplesoft enterprise peopletools (4)	—
38	oracle	13	5	·	2	Nuclei 2PoC 2	retail xstore point of service (7) · enterprise manager ops center (5) · weblogic server (4)	—
39	schneider electric se	13	2	·	·		modicon m580 (4) · modicon m340 (3) · modicon quantum (2)	—
40	crates.io	12	7	·	·	NEWPoC 2	blake2 (1) · cargo (1) · chttp (1)	—
41	apache software foundation	11	5	·	3	Nuclei 3PoC 2	http server (4) · subversion (2) · drill (1)	—
42	prise	11	2	·	·	NEWPoC 2	adas (11)	—
43	atlassian	10	1	·	5	Nuclei 5PoC 6	jira server (7) · jira (7) · jira service desk server (1)	—
44	control-webpanel	10	·	·	1	NEWNuclei 1PoC 10	webpanel (10)	—
45	librenms	10	2	·	·	NEWPoC 6	librenms (10)	—
46	microfocus	10	·	·	·	PoC 1	service manager (9) · data protector (1) · service manager chat server (1)	—
47	ао "нппкт"	10	1	1	1	NEWKEV 1Nuclei 1PoC 1	осон основа оnyx (10)	—
48	ао «нтц ит роса»	10	4	·	2	NEWNuclei 2PoC 3	rosa virtualization 3.0 (7) · rosa virtualization (6) · роса хром (3)	—
49	nuget	9	·	·	1	Nuclei 1PoC 1	microsoft.chakracore (5) · microsoft.aspnetcore.spaservices (1) · dotnetnuke.core (1)	—
50	pypi	9	3	·	·	PoC 5	lmdb (5) · opencv-contrib-python-headless (3) · opencv-python (3)	—