month report
October 2019
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
October 2019 closed with 1,799 published CVEs. 249 criticals, oracle led volume, mostly via mysql. Biggest breakout: oracle at ×75.0 their 12-month median. Top weakness class — CWE-79 (258 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,799
— MoM— YoY
Severity mix
249 / 656
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
10.5%
188 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
2333.3
n=188
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
887
n=7
Detection gap
KEV pressure, no Nuclei coverage
October 2019 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1google13 CVE
Weakness × Vendor
What's spreading where in October 2019
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS89SQL Injection125Out-of-bounds Read787Out-of-bounds Write20Improper Input Validation22Path Traversal416Use After Free78OS Command Injection200Information Exposure352CSRForacle111ооо «русбитех-астра»312191141oracle corp.11сообщество свободного программного обеспечения6223872112oracle corporationdebian721593211cisco systems inc.189162542adobe82291261cisco189153532adobe systems inc.8179126maven3119ао «концерн вниинс»215411
Breakout vendors
CVE count ≥3× their own 12-period median.
- 75.0×oracle150 CVE
- 35.3×oracle corp.141 CVE
- 30.0×netapp60 CVE
- 22.3×fedoraproject67 CVE
- 21.5×adobe86 CVE
- 12.8×fedora project51 CVE
- 7.0×apple21 CVE
- 6.8×opensuse61 CVE
- 6.5×ао «концерн вниинс»71 CVE
- 4.9×maven73 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #25jenkins project46 CVE
- #27jetbrains34 CVE
- #28awesomemotive32 CVE
- #29easydigitaldownloads31 CVE
- #30tcpdump30 CVE
- #32sugarcrm29 CVE
- #34fusionpbx26 CVE
- #38the tcpdump team25 CVE
- #43the linux foundation18 CVE
- #47isc15 CVE
Top vendors
Ranked by distinct CVE count this period.
- 150 CVE10 critCVSS 6.9×75.0KEV 1Nuclei 11PoC 3mysql (29) · jdk (19) · jre (19)
- 147 CVE22 critCVSS 6.3KEV 1Nuclei 3PoC 17astra linux special edition (138) · astra linux special edition для «эльбрус» (75) · astra linux common edition (20)
- 141 CVE10 critCVSS 6.4×35.3KEV 1Nuclei 11PoC 3mysql server (27) · java se (19) · openjdk (17)
- 140 CVE27 critCVSS 7.2KEV 1Nuclei 11PoC 25debian gnu/linux (125) · linux (10) · tightvnc (4)
- 137 CVE3 critCVSS 5.7KEV 1Nuclei 9PoC 2mysql server (28) · java (19) · vm virtualbox (10)
- 115 CVE20 critCVSS 7.1KEV 2Nuclei 9PoC 13debian linux (114) · bind9 (1) · overkill (1)
- 87 CVE2 critCVSS 7.1×4.8PoC 83cisco firepower management center (18) · spa122 ata with router devices (17) · spa112 2-port phone adapter (16)
- 86 CVE22 critCVSS 8.1×21.5Nuclei 1PoC 2acrobat dc (70) · acrobat reader dc (70) · adobe acrobat and reader (69)
- 85 CVE2 critCVSS 7.0×4.7PoC 84cisco firepower management center (19) · spa122 firmware (19) · cisco spa112 2-port phone adapter (18)
- 78 CVE21 critCVSS 8.4Nuclei 1PoC 2adobe acrobat document cloud (65) · adobe acrobat reader document cloud (65) · adobe acrobat 2017 (64)
- 73 CVE13 critCVSS 7.1×4.9Nuclei 6PoC 7com.fasterxml.jackson.core:jackson-databind (4) · org.jenkins-ci.plugins:dynatrace-dashboard (3) · com.elasticbox.jenkins-ci.plugins:kubernetes-ci (3)
- 71 CVE13 critCVSS 6.7×6.5KEV 1Nuclei 2PoC 16ос он «стрелец» (71)
- 68 CVE8 critCVSS 5.9KEV 2Nuclei 6PoC 12ubuntu linux (68)
- 67 CVE8 critCVSS 6.8×22.3KEV 1Nuclei 2PoC 8fedora (67)
- 67 CVE9 critCVSS 7.6×3.0KEV 1Nuclei 3PoC 4red hat enterprise linux (57) · openshift container platform (6) · red hat single sign-on (3)
- 65 CVE9 critCVSS 7.3×3.4KEV 1Nuclei 3PoC 7opensuse leap (64) · suse linux enterprise module for basesystem (40) · suse linux enterprise server (37)
- 63 CVE9 critCVSS 5.9KEV 1Nuclei 3PoC 4enterprise linux (39) · enterprise linux server (21) · enterprise linux workstation (20)
- 61 CVE6 critCVSS 6.7×6.8Nuclei 1PoC 8leap (61) · backports sle (3)
- 60 CVE2 critCVSS 7.0KEV 2Nuclei 1PoC 7windows server (37) · windows (37) · windows server 2019 (32)
- 60 CVE2 critCVSS 7.2KEV 2Nuclei 1PoC 7windows 10 1809 (32) · windows server 2019 (server core installation) (32) · windows server 2019 (32)
- 60 CVE5 critCVSS 5.5×30.0KEV 1Nuclei 4PoC 4oncommand workflow automation (49) · active iq unified manager (37) · snapcenter (27)
- 56 CVE10 critCVSS 7.4KEV 1Nuclei 3PoC 14ubuntu (56)
- 51 CVE8 critCVSS 7.4×12.8KEV 1Nuclei 3PoC 9fedora (51)
- 46 CVE2 critCVSS 6.5Nuclei 1PoC 1dynatrace application monitoring (3) · libvirt slaves (3) · kubernetes ci (3)
- 46 CVE2 critCVSS 6.5NEWNuclei 1PoC 1jenkins dynatrace application monitoring plugin (3) · jenkins icescrum plugin (3) · jenkins libvirt slaves plugin (3)
- 41 CVECVSS 5.7cloud orchestrator (9) · security guardium big data intelligence (8) · security directory server (5)
- 34 CVE4 critCVSS 6.6NEWNuclei 1PoC 1teamcity (12) · youtrack (7) · upsource (3)
- 32 CVECVSS 6.1NEWNuclei 32easy digital downloads (32)
- 31 CVECVSS 6.1NEWNuclei 31pdf invoices (1) · pdf stamper (1) · per product emails (1)
- 30 CVE2 critCVSS 7.2NEWtcpdump (25) · libpcap (5)
- 29 CVECVSS 7.7PoC 1reader (18) · phantompdf (17) · foxit studio photo (4)
- 29 CVE1 critCVSS 8.2NEWNuclei 1PoC 1sugarcrm (29)
- 27 CVECVSS 7.7reader (13) · phantompdf (10) · studio photo (4)
- 26 CVECVSS 6.4NEWfusionpbx (26)
- 25 CVECVSS 7.1PoC 24junos (24) · sbr carrier (1)
- 25 CVECVSS 7.1PoC 24junos os (24) · sbr carrier (1)
- 25 CVECVSS 7.1PoC 24junos (24) · sbr carrier (1)
- 25 CVE2 critCVSS 7.4NEWtcpdump (25)
- 21 CVECVSS 6.8×7.0mac os x (21) · ipados (1) · iphone os (1)
- 21 CVE6 critCVSS 7.2Nuclei 2PoC 6dolibarr/dolibarr (4) · centreon/centreon (3) · nilsteampassnet/teampass (3)
- 18 CVECVSS 7.7irfanview (18)
- 18 CVE9 critCVSS 8.4Nuclei 1PoC 4sequelize (3) · realms-shim (2) · safer-eval (2)
- 18 CVE1 critCVSS 7.3NEWxen (18)
- 18 CVE1 critCVSS 7.3xen (18)
- 17 CVE4 critCVSS 7.2Nuclei 1PoC 3ansible (2) · keyring (1) · koji (1)
- 17 CVE6 critCVSS 8.0×3.4PoC 5осон основа оnyx (17)
- 15 CVECVSS 6.6NEWbind (11) · bind 9 (8) · kea (3)
- 14 CVE3 critCVSS 8.1KEV 1Nuclei 3PoC 6альт 8 сп (13) · альт сп 10 (2)
- 13 CVE7 critCVSS 9.1Nuclei 1PoC 5dir-865l firmware (3) · dir-846 firmware (2) · dir-412 firmware (2)
- 13 CVE1 critCVSS 7.3KEV 1PoC 2android (10) · chrome (1) · chrome os (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | oracle | 150 | 10 | 1 | 11 | ×75.0KEV 1Nuclei 11PoC 3 | mysql (29) · jdk (19) · jre (19) | — | |
| 2 | ооо «русбитех-астра» | 147 | 22 | 1 | 3 | KEV 1Nuclei 3PoC 17 | astra linux special edition (138) · astra linux special edition для «эльбрус» (75) · astra linux common edition (20) | — | |
| 3 | oracle corp. | 141 | 10 | 1 | 11 | ×35.3KEV 1Nuclei 11PoC 3 | mysql server (27) · java se (19) · openjdk (17) | — | |
| 4 | сообщество свободного программного обеспечения | 140 | 27 | 1 | 11 | KEV 1Nuclei 11PoC 25 | debian gnu/linux (125) · linux (10) · tightvnc (4) | — | |
| 5 | oracle corporation | 137 | 3 | 1 | 9 | KEV 1Nuclei 9PoC 2 | mysql server (28) · java (19) · vm virtualbox (10) | — | |
| 6 | debian | 115 | 20 | 2 | 9 | KEV 2Nuclei 9PoC 13 | debian linux (114) · bind9 (1) · overkill (1) | — | |
| 7 | cisco systems inc. | 87 | 2 | · | · | ×4.8PoC 83 | cisco firepower management center (18) · spa122 ata with router devices (17) · spa112 2-port phone adapter (16) | — | |
| 8 | adobe | 86 | 22 | · | 1 | ×21.5Nuclei 1PoC 2 | acrobat dc (70) · acrobat reader dc (70) · adobe acrobat and reader (69) | — | |
| 9 | cisco | 85 | 2 | · | · | ×4.7PoC 84 | cisco firepower management center (19) · spa122 firmware (19) · cisco spa112 2-port phone adapter (18) | — | |
| 10 | adobe systems inc. | 78 | 21 | · | 1 | Nuclei 1PoC 2 | adobe acrobat document cloud (65) · adobe acrobat reader document cloud (65) · adobe acrobat 2017 (64) | — | |
| 11 | maven | 73 | 13 | · | 6 | ×4.9Nuclei 6PoC 7 | com.fasterxml.jackson.core:jackson-databind (4) · org.jenkins-ci.plugins:dynatrace-dashboard (3) · com.elasticbox.jenkins-ci.plugins:kubernetes-ci (3) | — | |
| 12 | ао «концерн вниинс» | 71 | 13 | 1 | 2 | ×6.5KEV 1Nuclei 2PoC 16 | ос он «стрелец» (71) | — | |
| 13 | canonical | 68 | 8 | 2 | 6 | KEV 2Nuclei 6PoC 12 | ubuntu linux (68) | — | |
| 14 | fedoraproject | 67 | 8 | 1 | 2 | ×22.3KEV 1Nuclei 2PoC 8 | fedora (67) | — | |
| 15 | red hat inc. | 67 | 9 | 1 | 3 | ×3.0KEV 1Nuclei 3PoC 4 | red hat enterprise linux (57) · openshift container platform (6) · red hat single sign-on (3) | — | |
| 16 | novell inc. | 65 | 9 | 1 | 3 | ×3.4KEV 1Nuclei 3PoC 7 | opensuse leap (64) · suse linux enterprise module for basesystem (40) · suse linux enterprise server (37) | — | |
| 17 | redhat | 63 | 9 | 1 | 3 | KEV 1Nuclei 3PoC 4 | enterprise linux (39) · enterprise linux server (21) · enterprise linux workstation (20) | — | |
| 18 | opensuse | 61 | 6 | · | 1 | ×6.8Nuclei 1PoC 8 | leap (61) · backports sle (3) | — | |
| 19 | microsoft | 60 | 2 | 2 | 1 | KEV 2Nuclei 1PoC 7 | windows server (37) · windows (37) · windows server 2019 (32) | — | |
| 20 | microsoft corp | 60 | 2 | 2 | 1 | KEV 2Nuclei 1PoC 7 | windows 10 1809 (32) · windows server 2019 (server core installation) (32) · windows server 2019 (32) | — | |
| 21 | netapp | 60 | 5 | 1 | 4 | ×30.0KEV 1Nuclei 4PoC 4 | oncommand workflow automation (49) · active iq unified manager (37) · snapcenter (27) | — | |
| 22 | canonical ltd. | 56 | 10 | 1 | 3 | KEV 1Nuclei 3PoC 14 | ubuntu (56) | — | |
| 23 | fedora project | 51 | 8 | 1 | 3 | ×12.8KEV 1Nuclei 3PoC 9 | fedora (51) | — | |
| 24 | jenkins | 46 | 2 | · | 1 | Nuclei 1PoC 1 | dynatrace application monitoring (3) · libvirt slaves (3) · kubernetes ci (3) | — | |
| 25 | jenkins project | 46 | 2 | · | 1 | NEWNuclei 1PoC 1 | jenkins dynatrace application monitoring plugin (3) · jenkins icescrum plugin (3) · jenkins libvirt slaves plugin (3) | — | |
| 26 | ibm | 41 | · | · | · | cloud orchestrator (9) · security guardium big data intelligence (8) · security directory server (5) | — | ||
| 27 | jetbrains | 34 | 4 | · | 1 | NEWNuclei 1PoC 1 | teamcity (12) · youtrack (7) · upsource (3) | — | |
| 28 | awesomemotive | 32 | · | · | 32 | NEWNuclei 32 | easy digital downloads (32) | — | |
| 29 | easydigitaldownloads | 31 | · | · | 31 | NEWNuclei 31 | pdf invoices (1) · pdf stamper (1) · per product emails (1) | — | |
| 30 | tcpdump | 30 | 2 | · | · | NEW | tcpdump (25) · libpcap (5) | — | |
| 31 | foxitsoftware | 29 | · | · | · | PoC 1 | reader (18) · phantompdf (17) · foxit studio photo (4) | — | |
| 32 | sugarcrm | 29 | 1 | · | 1 | NEWNuclei 1PoC 1 | sugarcrm (29) | — | |
| 33 | foxit | 27 | · | · | · | reader (13) · phantompdf (10) · studio photo (4) | — | ||
| 34 | fusionpbx | 26 | · | · | · | NEW | fusionpbx (26) | — | |
| 35 | juniper | 25 | · | · | · | PoC 24 | junos (24) · sbr carrier (1) | — | |
| 36 | juniper networks | 25 | · | · | · | PoC 24 | junos os (24) · sbr carrier (1) | — | |
| 37 | juniper networks inc. | 25 | · | · | · | PoC 24 | junos (24) · sbr carrier (1) | — | |
| 38 | the tcpdump team | 25 | 2 | · | · | NEW | tcpdump (25) | — | |
| 39 | apple | 21 | · | · | · | ×7.0 | mac os x (21) · ipados (1) · iphone os (1) | — | |
| 40 | packagist | 21 | 6 | · | 2 | Nuclei 2PoC 6 | dolibarr/dolibarr (4) · centreon/centreon (3) · nilsteampassnet/teampass (3) | — | |
| 41 | irfanview | 18 | · | · | · | irfanview (18) | — | ||
| 42 | npm | 18 | 9 | · | 1 | Nuclei 1PoC 4 | sequelize (3) · realms-shim (2) · safer-eval (2) | — | |
| 43 | the linux foundation | 18 | 1 | · | · | NEW | xen (18) | — | |
| 44 | xen | 18 | 1 | · | · | xen (18) | — | ||
| 45 | pypi | 17 | 4 | · | 1 | Nuclei 1PoC 3 | ansible (2) · keyring (1) · koji (1) | — | |
| 46 | ао "нппкт" | 17 | 6 | · | · | ×3.4PoC 5 | осон основа оnyx (17) | — | |
| 47 | isc | 15 | · | · | · | NEW | bind (11) · bind 9 (8) · kea (3) | — | |
| 48 | ао «ивк» | 14 | 3 | 1 | 3 | KEV 1Nuclei 3PoC 6 | альт 8 сп (13) · альт сп 10 (2) | — | |
| 49 | dlink | 13 | 7 | · | 1 | Nuclei 1PoC 5 | dir-865l firmware (3) · dir-846 firmware (2) · dir-412 firmware (2) | — | |
| 50 | 13 | 1 | 1 | · | KEV 1PoC 2 | android (10) · chrome (1) · chrome os (1) | — |