month report

November 2020

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

November 2020 closed with 1,485 published CVEs. 167 criticals, microsoft led volume, mostly via windows 10 version 1909. Top weakness class — CWE-79 (120 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,485

— MoM— YoY

Severity mix

167 / 548

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

3.2%

48 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

1936.2

n=48

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

365

n=10

Detection gap

KEV pressure, no Nuclei coverage

November 2020 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3google72 CVE
KEV 3ооо «русбитех-астра»59 CVE
KEV 3google inc43 CVE
KEV 2microsoft113 CVE
KEV 1microsoft corp113 CVE
KEV 1canonical ltd.15 CVE
KEV 1vmware10 CVE

Weakness × Vendor

What's spreading where in November 2020

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#39trend micro15 CVE
#40trendmicro15 CVE
#44mongodb13 CVE
#45mongodb inc.13 CVE
#47ооо «открытая мобильная платформа»11 CVE
#48c-data10 CVE
#49cdatatec10 CVE
#53hcltech9 CVE
#54mitsubishielectric9 CVE
#55mitsubishi electric corporation9 CVE

Top vendors

Ranked by distinct CVE count this period.

1microsoft—
113 CVE1 critCVSS 7.1
KEV 2PoC 4
windows 10 version 1909 (52) · windows 10 version 1903 for x64-based systems (52) · windows 10 version 1903 for 32-bit systems (51)
2microsoft corp—
113 CVE1 critCVSS 7.1
KEV 1PoC 3
windows 10 1903 (52) · windows 10 1909 (52) · windows 10 20h2 (51)
3сообщество свободного программного обеспечения—
101 CVE11 critCVSS 7.1
KEV 5Nuclei 4PoC 22
debian gnu/linux (85) · linux (19) · drupal (3)
4intel—
96 CVE4 critCVSS 6.2
active management technology firmware (9) · bios (9) · converged security and manageability engine (7)
5debian—
95 CVE10 critCVSS 7.4
KEV 4Nuclei 5PoC 15
debian linux (95)
6intel corp.—
94 CVE4 critCVSS 6.5
2nd generation intel xeon scalable processor (11) · intel converged security and manageability engine (9) · active management technology (9)
7fedoraproject—
82 CVE4 critCVSS 7.4
KEV 5Nuclei 3PoC 12
fedora (82)
8google—
72 CVE9 critCVSS 8.1
KEV 3PoC 7
chrome (46) · android (25) · firebase\/util (1)
9ао "нппкт"—
67 CVE5 critCVSS 7.7
KEV 4Nuclei 4PoC 14
осон основа оnyx (67)
10ао «концерн вниинс»—
62 CVE4 critCVSS 7.8
KEV 3Nuclei 2PoC 9
ос он «стрелец» (62)
11ооо «русбитех-астра»—
59 CVE2 critCVSS 7.5
KEV 3PoC 13
astra linux special edition (51) · astra linux common edition (40) · astra linux special edition для «эльбрус» (12)
12cisco—
50 CVE5 critCVSS 7.7
PoC 50
cisco iot field network director (iot-fnd) (10) · iot field network director (10) · cisco sd-wan vmanage (7)
13cisco systems inc.—
49 CVE5 critCVSS 7.0
PoC 49
cisco sd-wan (11) · iot field network director (10) · cisco webex meetings server (6)
14qualcomm—
48 CVE14 critCVSS 8.3
PoC 3
sdx55 firmware (33) · sm8150 firmware (32) · sm8250 firmware (31)
15qualcomm, inc.—
48 CVE14 critCVSS 8.3
PoC 3
snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (5) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (4)
16maven—
47 CVE6 critCVSS 6.4
Nuclei 2PoC 11
org.jenkins-ci.plugins:active-directory (5) · org.craftercms:crafter-studio (4) · com.typesafe.play:play (3)
17google inc—
43 CVE5 critCVSS 8.3
KEV 3PoC 6
google chrome (42) · android (1)
18ibm—
42 CVE2 critCVSS 5.8
PoC 1
sterling b2b integrator (8) · cloud pak for security (5) · sterling file gateway (4)
19opensuse—
42 CVE3 critCVSS 8.2
KEV 3Nuclei 1PoC 8
backports sle (39) · leap (10)
20fedora project—
41 CVE4 critCVSS 8.0
KEV 2Nuclei 2PoC 7
fedora (41)
21red hat inc.—
39 CVE4 critCVSS 7.3
KEV 1Nuclei 2PoC 8
red hat enterprise linux (33) · red hat virtualization (3) · red hat software collections (3)
22packagist—
35 CVE1 critCVSS 6.2
KEV 2Nuclei 3PoC 9
magento/community-edition (8) · moodle/moodle (6) · magento/project-community-edition (4)
23novell inc.—
34 CVE4 critCVSS 7.0
KEV 3Nuclei 3PoC 10
opensuse leap (32) · suse openstack cloud crowbar (2) · suse enterprise storage (2)
24npm—
32 CVE4 critCVSS 7.2
Nuclei 1PoC 9
systeminformation (2) · axios (1) · browserless-chrome (1)
25netapp—
31 CVE3 critCVSS 6.7
KEV 1Nuclei 1PoC 3
cloud backup (14) · solidfire bios (6) · hci storage node bios (6)
26schneider-electric—
30 CVE2 critCVSS 8.2
interactive graphical scada system (9) · ecostruxure control expert (5) · webreports (5)
27adobe—
25 CVE1 critCVSS 5.8
acrobat reader (15) · acrobat dc (14) · acrobat (14)
28adobe systems inc.—
25 CVE1 critCVSS 5.7
adobe acrobat reader document cloud (14) · adobe acrobat 2017 (14) · adobe acrobat 2020 (14)
29ао «ивк»—
24 CVE4 critCVSS 7.7
KEV 2Nuclei 3PoC 4
альт 8 сп (24) · альт сп 10 (1)
30schneider electric—
23 CVE2 critCVSS 7.6
webreports (6) · modicon m100 (4) · modicon m221 (4)
31jenkins—
21 CVE3 critCVSS 5.9
PoC 7
active directory (5) · kubernetes (3) · mercurial (2)
32jenkins project—
21 CVE3 critCVSS 5.9
PoC 7
jenkins active directory plugin (5) · jenkins kubernetes plugin (3) · jenkins mercurial plugin (2)
33pypi—
21 CVE6 critCVSS 7.5
KEV 2Nuclei 5PoC 8
salt (3) · moin (2) · datasette-graphql (1)
34sap—
18 CVE4 critCVSS 7.0
PoC 4
solution manager (4) · netweaver application server abap (2) · commerce cloud \(accelerator payment mock\) (2)
35sap se—
18 CVE4 critCVSS 7.0
PoC 4
sap solution manager (java stack) (4) · sap commerce cloud (accelerator payment mock) (2) · sap netweaver as abap (web dynpro) (2)
36linux—
17 CVECVSS 5.9
PoC 7
linux kernel (17)
37canonical ltd.—
15 CVE5 critCVSS 8.0
KEV 1PoC 6
ubuntu (15)
38go—
15 CVE4 critCVSS 7.4
Nuclei 1PoC 1
github.com/ethereum/go-ethereum (3) · github.com/nats-io/jwt (2) · github.com/hashicorp/consul (2)
39trend micro—
15 CVE1 critCVSS 7.5
NEWPoC 3
trend micro interscan messaging security virtual appliance (imsva) (6) · trend micro interscan web security virtual appliance (4) · trend micro security (consumer) (3)
40trendmicro—
15 CVE1 critCVSS 7.5
NEWPoC 3
interscan messaging security virtual appliance (6) · interscan web security virtual appliance (4) · maximum security 2020 (3)
41jetbrains—
14 CVE1 critCVSS 6.0
youtrack (6) · teamcity (3) · toolbox (2)
42redhat—
14 CVECVSS 6.5
PoC 1
enterprise linux (5) · keycloak (3) · advanced cluster management for kubernetes (2)
43gitlab—
13 CVECVSS 5.4
PoC 1
gitlab (12) · gitlab ce/ee (9) · gitlab ee (3)
44mongodb—
13 CVECVSS 6.8
NEW
mongodb (12) · ops manager (1)
45mongodb inc.—
13 CVECVSS 6.8
NEW
mongodb server (12) · mongodb ops manager (1)
46oracle—
12 CVE1 critCVSS 6.7
KEV 1Nuclei 3PoC 2
graalvm (3) · communications offline mediation controller (3) · jd edwards enterpriseone tools (3)
47ооо «открытая мобильная платформа»—
11 CVECVSS 6.6
NEWPoC 4
ос аврора (8) · аврора центр (3)
48c-data—
10 CVE7 critCVSS 8.9
NEWPoC 3
9288 (10) · 97016 (10) · 97024p (10)
49cdatatec—
10 CVE7 critCVSS 8.9
NEWPoC 3
72408a firmware (10) · 9008a firmware (10) · 9016a firmware (10)
50vmware—
10 CVE3 critCVSS 8.4
KEV 1
sd-wan orchestrator (6) · cloud foundation (3) · esxi (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	microsoft	113	1	2	·	KEV 2PoC 4	windows 10 version 1909 (52) · windows 10 version 1903 for x64-based systems (52) · windows 10 version 1903 for 32-bit systems (51)	—
2	microsoft corp	113	1	1	·	KEV 1PoC 3	windows 10 1903 (52) · windows 10 1909 (52) · windows 10 20h2 (51)	—
3	сообщество свободного программного обеспечения	101	11	5	4	KEV 5Nuclei 4PoC 22	debian gnu/linux (85) · linux (19) · drupal (3)	—
4	intel	96	4	·	·		active management technology firmware (9) · bios (9) · converged security and manageability engine (7)	—
5	debian	95	10	4	5	KEV 4Nuclei 5PoC 15	debian linux (95)	—
6	intel corp.	94	4	·	·		2nd generation intel xeon scalable processor (11) · intel converged security and manageability engine (9) · active management technology (9)	—
7	fedoraproject	82	4	5	3	KEV 5Nuclei 3PoC 12	fedora (82)	—
8	google	72	9	3	·	KEV 3PoC 7	chrome (46) · android (25) · firebase\/util (1)	—
9	ао "нппкт"	67	5	4	4	KEV 4Nuclei 4PoC 14	осон основа оnyx (67)	—
10	ао «концерн вниинс»	62	4	3	2	KEV 3Nuclei 2PoC 9	ос он «стрелец» (62)	—
11	ооо «русбитех-астра»	59	2	3	·	KEV 3PoC 13	astra linux special edition (51) · astra linux common edition (40) · astra linux special edition для «эльбрус» (12)	—
12	cisco	50	5	·	·	PoC 50	cisco iot field network director (iot-fnd) (10) · iot field network director (10) · cisco sd-wan vmanage (7)	—
13	cisco systems inc.	49	5	·	·	PoC 49	cisco sd-wan (11) · iot field network director (10) · cisco webex meetings server (6)	—
14	qualcomm	48	14	·	·	PoC 3	sdx55 firmware (33) · sm8150 firmware (32) · sm8250 firmware (31)	—
15	qualcomm, inc.	48	14	·	·	PoC 3	snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (5) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (4)	—
16	maven	47	6	·	2	Nuclei 2PoC 11	org.jenkins-ci.plugins:active-directory (5) · org.craftercms:crafter-studio (4) · com.typesafe.play:play (3)	—
17	google inc	43	5	3	·	KEV 3PoC 6	google chrome (42) · android (1)	—
18	ibm	42	2	·	·	PoC 1	sterling b2b integrator (8) · cloud pak for security (5) · sterling file gateway (4)	—
19	opensuse	42	3	3	1	KEV 3Nuclei 1PoC 8	backports sle (39) · leap (10)	—
20	fedora project	41	4	2	2	KEV 2Nuclei 2PoC 7	fedora (41)	—
21	red hat inc.	39	4	1	2	KEV 1Nuclei 2PoC 8	red hat enterprise linux (33) · red hat virtualization (3) · red hat software collections (3)	—
22	packagist	35	1	2	3	KEV 2Nuclei 3PoC 9	magento/community-edition (8) · moodle/moodle (6) · magento/project-community-edition (4)	—
23	novell inc.	34	4	3	3	KEV 3Nuclei 3PoC 10	opensuse leap (32) · suse openstack cloud crowbar (2) · suse enterprise storage (2)	—
24	npm	32	4	·	1	Nuclei 1PoC 9	systeminformation (2) · axios (1) · browserless-chrome (1)	—
25	netapp	31	3	1	1	KEV 1Nuclei 1PoC 3	cloud backup (14) · solidfire bios (6) · hci storage node bios (6)	—
26	schneider-electric	30	2	·	·		interactive graphical scada system (9) · ecostruxure control expert (5) · webreports (5)	—
27	adobe	25	1	·	·		acrobat reader (15) · acrobat dc (14) · acrobat (14)	—
28	adobe systems inc.	25	1	·	·		adobe acrobat reader document cloud (14) · adobe acrobat 2017 (14) · adobe acrobat 2020 (14)	—
29	ао «ивк»	24	4	2	3	KEV 2Nuclei 3PoC 4	альт 8 сп (24) · альт сп 10 (1)	—
30	schneider electric	23	2	·	·		webreports (6) · modicon m100 (4) · modicon m221 (4)	—
31	jenkins	21	3	·	·	PoC 7	active directory (5) · kubernetes (3) · mercurial (2)	—
32	jenkins project	21	3	·	·	PoC 7	jenkins active directory plugin (5) · jenkins kubernetes plugin (3) · jenkins mercurial plugin (2)	—
33	pypi	21	6	2	5	KEV 2Nuclei 5PoC 8	salt (3) · moin (2) · datasette-graphql (1)	—
34	sap	18	4	·	·	PoC 4	solution manager (4) · netweaver application server abap (2) · commerce cloud \(accelerator payment mock\) (2)	—
35	sap se	18	4	·	·	PoC 4	sap solution manager (java stack) (4) · sap commerce cloud (accelerator payment mock) (2) · sap netweaver as abap (web dynpro) (2)	—
36	linux	17	·	·	·	PoC 7	linux kernel (17)	—
37	canonical ltd.	15	5	1	·	KEV 1PoC 6	ubuntu (15)	—
38	go	15	4	·	1	Nuclei 1PoC 1	github.com/ethereum/go-ethereum (3) · github.com/nats-io/jwt (2) · github.com/hashicorp/consul (2)	—
39	trend micro	15	1	·	·	NEWPoC 3	trend micro interscan messaging security virtual appliance (imsva) (6) · trend micro interscan web security virtual appliance (4) · trend micro security (consumer) (3)	—
40	trendmicro	15	1	·	·	NEWPoC 3	interscan messaging security virtual appliance (6) · interscan web security virtual appliance (4) · maximum security 2020 (3)	—
41	jetbrains	14	1	·	·		youtrack (6) · teamcity (3) · toolbox (2)	—
42	redhat	14	·	·	·	PoC 1	enterprise linux (5) · keycloak (3) · advanced cluster management for kubernetes (2)	—
43	gitlab	13	·	·	·	PoC 1	gitlab (12) · gitlab ce/ee (9) · gitlab ee (3)	—
44	mongodb	13	·	·	·	NEW	mongodb (12) · ops manager (1)	—
45	mongodb inc.	13	·	·	·	NEW	mongodb server (12) · mongodb ops manager (1)	—
46	oracle	12	1	1	3	KEV 1Nuclei 3PoC 2	graalvm (3) · communications offline mediation controller (3) · jd edwards enterpriseone tools (3)	—
47	ооо «открытая мобильная платформа»	11	·	·	·	NEWPoC 4	ос аврора (8) · аврора центр (3)	—
48	c-data	10	7	·	·	NEWPoC 3	9288 (10) · 97016 (10) · 97024p (10)	—
49	cdatatec	10	7	·	·	NEWPoC 3	72408a firmware (10) · 9008a firmware (10) · 9016a firmware (10)	—
50	vmware	10	3	1	·	KEV 1	sd-wan orchestrator (6) · cloud foundation (3) · esxi (2)	—