month report
February 2020
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
February 2020 closed with 1,491 published CVEs. 227 criticals, microsoft led volume, mostly via windows server 2016. Top weakness class — CWE-79 (165 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,491
— MoM— YoY
Severity mix
227 / 614
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
6.8%
101 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
2213.9
n=101
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
637
n=16
Detection gap
KEV pressure, no Nuclei coverage
February 2020 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 2cisco43 CVE
- KEV 2cisco systems inc.35 CVE
- KEV 1google66 CVE
- KEV 1google inc41 CVE
Weakness × Vendor
What's spreading where in February 2020
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS787Out-of-bounds Write20Improper Input Validation78OS Command Injection352CSRF287Improper Authentication125Out-of-bounds Read89SQL Injection200Information Exposure416Use After Freemicrosoft282111microsoft corp282111сообщество свободного программного обеспечения310821117debian3742627opensuse4910254fedoraproject2854517ооо «русбитех-астра»31081613google2147237redhat3461124ibm4152141novell inc.88165apple115661
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #12apple51 CVE
- #19adobe systems inc.41 CVE
- #28jenkins project26 CVE
- #31foxit18 CVE
- #33gitlab18 CVE
- #37moxa14 CVE
- #38moxa inc.14 CVE
- #44maxum13 CVE
- #46sap se13 CVE
- #47symantec13 CVE
Top vendors
Ranked by distinct CVE count this period.
- 101 CVECVSS 7.3KEV 4Nuclei 1PoC 6windows server 2016 (78) · windows 10 (77) · windows server (77)
- 99 CVECVSS 7.4KEV 4Nuclei 1PoC 6windows 10 1903 (77) · windows 10 1909 (76) · windows 10 1809 (76)
- 84 CVE10 critCVSS 7.5KEV 2Nuclei 5PoC 16debian gnu/linux (75) · linux (6) · coturn (2)
- 80 CVE12 critCVSS 7.5KEV 2Nuclei 7PoC 22debian linux (80) · x11-common (1)
- 79 CVE5 critCVSS 7.1KEV 1Nuclei 5PoC 15leap (47) · backports sle (32) · backports (3)
- 72 CVE11 critCVSS 7.7KEV 2Nuclei 6PoC 21fedora (72) · extra packages for enterprise linux (1)
- 67 CVE5 critCVSS 7.4KEV 2Nuclei 3PoC 13astra linux special edition (51) · astra linux common edition (23) · astra linux special edition для «эльбрус» (15)
- 66 CVE1 critCVSS 7.4KEV 1PoC 12chrome (42) · android (22) · gizmo5 (1)
- 58 CVE10 critCVSS 7.6KEV 1Nuclei 3PoC 12enterprise linux workstation (32) · enterprise linux server (31) · enterprise linux desktop (31)
- 53 CVE8 critCVSS 6.7spectrum protect plus (6) · security directory server (6) · db2 for linux- unix and windows (5)
- 52 CVE4 critCVSS 7.3KEV 1Nuclei 2PoC 6opensuse leap (48) · suse package hub for suse linux enterprise (21) · suse linux enterprise server for sap applications (5)
- 51 CVE1 critCVSS 7.2NEWKEV 1Nuclei 1PoC 5iphone os (34) · ipados (32) · ios (31)
- 49 CVE3 critCVSS 7.5KEV 1Nuclei 2PoC 4альт 8 сп (49)
- 49 CVE4 critCVSS 7.5KEV 2Nuclei 2PoC 7ос он «стрелец» (49)
- 45 CVE14 critCVSS 8.9PoC 1adobe framemaker (21) · framemaker (21) · adobe acrobat and reader (17)
- 45 CVE3 critCVSS 6.7Nuclei 1PoC 7ubuntu (45) · apport (4)
- 43 CVE2 critCVSS 7.3KEV 2PoC 40nx-os (8) · ucs manager (6) · linksys e4200 firmware (6)
- 42 CVE4 critCVSS 7.6KEV 1Nuclei 2PoC 7fedora (42)
- 41 CVE13 critCVSS 9.0NEWadobe framemaker (20) · adobe acrobat 2015 (17) · adobe acrobat 2017 (17)
- 41 CVE3 critCVSS 6.8Nuclei 2PoC 9ubuntu linux (39) · apport (4) · cloud-init (2)
- 41 CVECVSS 7.5KEV 1PoC 6google chrome (40) · kubernetes (1)
- 40 CVE4 critCVSS 6.7KEV 1Nuclei 3PoC 3org.apache.tomcat.embed:tomcat-embed-core (3) · org.jenkins-ci.plugins:pipeline-githubnotify-step (2) · org.apache.tomcat:tomcat (2)
- 40 CVE3 critCVSS 8.0Nuclei 1PoC 4red hat enterprise linux (36) · red hat software collections (2) · openshift container platform (2)
- 37 CVE17 critCVSS 8.0Nuclei 1PoC 12auth0-lock (1) · bodymen (1) · codecov (1)
- 35 CVE1 critCVSS 7.1KEV 2PoC 32nx-os (7) · fx-os (6) · unified computing system manager (5)
- 34 CVE1 critCVSS 6.9PoC 1secospace usg6600 firmware (17) · usg9500 firmware (17) · nip6800 firmware (16)
- 26 CVECVSS 6.4Nuclei 1pipeline github notify step (3) · git parameter (2) · harvest scm (2)
- 26 CVECVSS 6.5NEWNuclei 1jenkins pipeline github notify step plugin (3) · jenkins harvest scm plugin (2) · jenkins git parameter plugin (2)
- 23 CVECVSS 7.0PoC 7package hub (20) · suse linux enterprise server (1) · suse linux enterprise server 12 (1)
- 21 CVECVSS 5.1PoC 2nextcloud server (15) · nextcloud (4) · talk (2)
- 18 CVECVSS 7.5NEWphantompdf (10) · reader (8)
- 18 CVECVSS 7.5phantompdf (18) · reader (14)
- 18 CVE1 critCVSS 6.3NEWgitlab (18)
- 16 CVE3 critCVSS 6.9KEV 1Nuclei 1PoC 2active iq unified manager (6) · data availability services (6) · steelstore cloud integrated storage (5)
- 16 CVE2 critCVSS 7.4Nuclei 3PoC 9moodle/moodle (2) · silverstripe/framework (2) · buddypress/buddypress (1)
- 15 CVE1 critCVSS 7.6Nuclei 1PoC 2осон основа оnyx (15)
- 14 CVE1 critCVSS 7.9NEWPoC 4awk-3131a firmware (12) · iologik 2512 firmware (1) · iologik 2512-hspa firmware (1)
- 14 CVE1 critCVSS 8.2NEWPoC 4moxa awk-3131a (12) · moxa ioxpress configuration utility (1) · moxa mgate 5105-mb-eip (1)
- 14 CVE3 critCVSS 8.3qcs605 firmware (12) · sdm439 firmware (11) · sm8150 firmware (11)
- 14 CVE3 critCVSS 8.1snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2)
- 14 CVE1 critCVSS 6.5Nuclei 1netweaver (4) · host agent (2) · s\/4hana (2)
- 13 CVECVSS 5.3Nuclei 5PoC 1jira server (10) · jira data center (7) · jira (4)
- 13 CVE5 critCVSS 9.0PoC 6dir-100 firmware (5) · dsr-250n firmware (2) · dch-m225 firmware (2)
- 13 CVECVSS 6.2NEWNuclei 1PoC 11rumpus ftp (8) · rumpus (5)
- 13 CVE8 critCVSS 8.0Nuclei 2PoC 2ansible (7) · pyyaml (1) · django (1)
- 13 CVECVSS 6.5NEWNuclei 1sap netweaver (sap basis) (2) · sap host agent (2) · sap landscape management (2)
- 13 CVECVSS 6.0NEWendpoint protection (7) · endpoint protection manager (5) · data loss prevention enforce\/detection servers (1)
- 12 CVECVSS 6.3PoC 2linux kernel (12)
- 11 CVE4 critCVSS 6.9KEV 1Nuclei 4PoC 2communications instant messaging server (3) · agile engineering data management (3) · graalvm (3)
- 10 CVE2 critCVSS 7.5PoC 9bson (1) · matestack-ui-core (1) · moped (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | microsoft | 101 | · | 4 | 1 | KEV 4Nuclei 1PoC 6 | windows server 2016 (78) · windows 10 (77) · windows server (77) | — | |
| 2 | microsoft corp | 99 | · | 4 | 1 | KEV 4Nuclei 1PoC 6 | windows 10 1903 (77) · windows 10 1909 (76) · windows 10 1809 (76) | — | |
| 3 | сообщество свободного программного обеспечения | 84 | 10 | 2 | 5 | KEV 2Nuclei 5PoC 16 | debian gnu/linux (75) · linux (6) · coturn (2) | — | |
| 4 | debian | 80 | 12 | 2 | 7 | KEV 2Nuclei 7PoC 22 | debian linux (80) · x11-common (1) | — | |
| 5 | opensuse | 79 | 5 | 1 | 5 | KEV 1Nuclei 5PoC 15 | leap (47) · backports sle (32) · backports (3) | — | |
| 6 | fedoraproject | 72 | 11 | 2 | 6 | KEV 2Nuclei 6PoC 21 | fedora (72) · extra packages for enterprise linux (1) | — | |
| 7 | ооо «русбитех-астра» | 67 | 5 | 2 | 3 | KEV 2Nuclei 3PoC 13 | astra linux special edition (51) · astra linux common edition (23) · astra linux special edition для «эльбрус» (15) | — | |
| 8 | 66 | 1 | 1 | · | KEV 1PoC 12 | chrome (42) · android (22) · gizmo5 (1) | — | ||
| 9 | redhat | 58 | 10 | 1 | 3 | KEV 1Nuclei 3PoC 12 | enterprise linux workstation (32) · enterprise linux server (31) · enterprise linux desktop (31) | — | |
| 10 | ibm | 53 | 8 | · | · | spectrum protect plus (6) · security directory server (6) · db2 for linux- unix and windows (5) | — | ||
| 11 | novell inc. | 52 | 4 | 1 | 2 | KEV 1Nuclei 2PoC 6 | opensuse leap (48) · suse package hub for suse linux enterprise (21) · suse linux enterprise server for sap applications (5) | — | |
| 12 | apple | 51 | 1 | 1 | 1 | NEWKEV 1Nuclei 1PoC 5 | iphone os (34) · ipados (32) · ios (31) | — | |
| 13 | ао «ивк» | 49 | 3 | 1 | 2 | KEV 1Nuclei 2PoC 4 | альт 8 сп (49) | — | |
| 14 | ао «концерн вниинс» | 49 | 4 | 2 | 2 | KEV 2Nuclei 2PoC 7 | ос он «стрелец» (49) | — | |
| 15 | adobe | 45 | 14 | · | · | PoC 1 | adobe framemaker (21) · framemaker (21) · adobe acrobat and reader (17) | — | |
| 16 | canonical ltd. | 45 | 3 | · | 1 | Nuclei 1PoC 7 | ubuntu (45) · apport (4) | — | |
| 17 | cisco | 43 | 2 | 2 | · | KEV 2PoC 40 | nx-os (8) · ucs manager (6) · linksys e4200 firmware (6) | — | |
| 18 | fedora project | 42 | 4 | 1 | 2 | KEV 1Nuclei 2PoC 7 | fedora (42) | — | |
| 19 | adobe systems inc. | 41 | 13 | · | · | NEW | adobe framemaker (20) · adobe acrobat 2015 (17) · adobe acrobat 2017 (17) | — | |
| 20 | canonical | 41 | 3 | · | 2 | Nuclei 2PoC 9 | ubuntu linux (39) · apport (4) · cloud-init (2) | — | |
| 21 | google inc | 41 | · | 1 | · | KEV 1PoC 6 | google chrome (40) · kubernetes (1) | — | |
| 22 | maven | 40 | 4 | 1 | 3 | KEV 1Nuclei 3PoC 3 | org.apache.tomcat.embed:tomcat-embed-core (3) · org.jenkins-ci.plugins:pipeline-githubnotify-step (2) · org.apache.tomcat:tomcat (2) | — | |
| 23 | red hat inc. | 40 | 3 | · | 1 | Nuclei 1PoC 4 | red hat enterprise linux (36) · red hat software collections (2) · openshift container platform (2) | — | |
| 24 | npm | 37 | 17 | · | 1 | Nuclei 1PoC 12 | auth0-lock (1) · bodymen (1) · codecov (1) | — | |
| 25 | cisco systems inc. | 35 | 1 | 2 | · | KEV 2PoC 32 | nx-os (7) · fx-os (6) · unified computing system manager (5) | — | |
| 26 | huawei | 34 | 1 | · | · | PoC 1 | secospace usg6600 firmware (17) · usg9500 firmware (17) · nip6800 firmware (16) | — | |
| 27 | jenkins | 26 | · | · | 1 | Nuclei 1 | pipeline github notify step (3) · git parameter (2) · harvest scm (2) | — | |
| 28 | jenkins project | 26 | · | · | 1 | NEWNuclei 1 | jenkins pipeline github notify step plugin (3) · jenkins harvest scm plugin (2) · jenkins git parameter plugin (2) | — | |
| 29 | suse | 23 | · | · | · | PoC 7 | package hub (20) · suse linux enterprise server (1) · suse linux enterprise server 12 (1) | — | |
| 30 | nextcloud | 21 | · | · | · | PoC 2 | nextcloud server (15) · nextcloud (4) · talk (2) | — | |
| 31 | foxit | 18 | · | · | · | NEW | phantompdf (10) · reader (8) | — | |
| 32 | foxitsoftware | 18 | · | · | · | phantompdf (18) · reader (14) | — | ||
| 33 | gitlab | 18 | 1 | · | · | NEW | gitlab (18) | — | |
| 34 | netapp | 16 | 3 | 1 | 1 | KEV 1Nuclei 1PoC 2 | active iq unified manager (6) · data availability services (6) · steelstore cloud integrated storage (5) | — | |
| 35 | packagist | 16 | 2 | · | 3 | Nuclei 3PoC 9 | moodle/moodle (2) · silverstripe/framework (2) · buddypress/buddypress (1) | — | |
| 36 | ао "нппкт" | 15 | 1 | · | 1 | Nuclei 1PoC 2 | осон основа оnyx (15) | — | |
| 37 | moxa | 14 | 1 | · | · | NEWPoC 4 | awk-3131a firmware (12) · iologik 2512 firmware (1) · iologik 2512-hspa firmware (1) | — | |
| 38 | moxa inc. | 14 | 1 | · | · | NEWPoC 4 | moxa awk-3131a (12) · moxa ioxpress configuration utility (1) · moxa mgate 5105-mb-eip (1) | — | |
| 39 | qualcomm | 14 | 3 | · | · | qcs605 firmware (12) · sdm439 firmware (11) · sm8150 firmware (11) | — | ||
| 40 | qualcomm, inc. | 14 | 3 | · | · | snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2) | — | ||
| 41 | sap | 14 | 1 | · | 1 | Nuclei 1 | netweaver (4) · host agent (2) · s\/4hana (2) | — | |
| 42 | atlassian | 13 | · | · | 5 | Nuclei 5PoC 1 | jira server (10) · jira data center (7) · jira (4) | — | |
| 43 | dlink | 13 | 5 | · | · | PoC 6 | dir-100 firmware (5) · dsr-250n firmware (2) · dch-m225 firmware (2) | — | |
| 44 | maxum | 13 | · | · | 1 | NEWNuclei 1PoC 11 | rumpus ftp (8) · rumpus (5) | — | |
| 45 | pypi | 13 | 8 | · | 2 | Nuclei 2PoC 2 | ansible (7) · pyyaml (1) · django (1) | — | |
| 46 | sap se | 13 | · | · | 1 | NEWNuclei 1 | sap netweaver (sap basis) (2) · sap host agent (2) · sap landscape management (2) | — | |
| 47 | symantec | 13 | · | · | · | NEW | endpoint protection (7) · endpoint protection manager (5) · data loss prevention enforce\/detection servers (1) | — | |
| 48 | linux | 12 | · | · | · | PoC 2 | linux kernel (12) | — | |
| 49 | oracle | 11 | 4 | 1 | 4 | KEV 1Nuclei 4PoC 2 | communications instant messaging server (3) · agile engineering data management (3) · graalvm (3) | — | |
| 50 | rubygems | 10 | 2 | · | · | PoC 9 | bson (1) · matestack-ui-core (1) · moped (1) | — |