month report
September 2021
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
September 2021 closed with 1,933 published CVEs. 214 criticals, apple led volume, mostly via macos. Top weakness class — CWE-79 (269 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,933
— MoM— YoY
Severity mix
214 / 812
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
12.3%
237 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
1633.3
n=237
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
57
n=30
Detection gap
KEV pressure, no Nuclei coverage
September 2021 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 8apple218 CVE
- KEV 6apple inc.43 CVE
- KEV 3novell inc.19 CVE
- KEV 1adobe148 CVE
- KEV 1adobe systems inc.141 CVE
Weakness × Vendor
What's spreading where in September 2021
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS787Out-of-bounds Write476NULL Pointer Dereference20Improper Input Validation125Out-of-bounds Read22Path Traversal89SQL Injection352CSRF416Use After Free78OS Command Injectionapple438152138сообщество свободного программного обеспечения7651418111414adobe625715221104adobe systems inc.625715191104ооо «русбитех-астра»2394178114ао "нппкт"5372167116debian1354181013microsoft corp14114microsoft14114unknown4622312fedoraproject1337514ibm2511
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #1apple218 CVE
- #2сообщество свободного программного обеспечения188 CVE
- #3adobe148 CVE
- #4adobe systems inc.141 CVE
- #5ооо «русбитех-астра»105 CVE
- #6ао "нппкт"101 CVE
- #7debian89 CVE
- #8microsoft corp87 CVE
- #9microsoft85 CVE
- #10unknown85 CVE
Top vendors
Ranked by distinct CVE count this period.
- 218 CVE11 critCVSS 7.0NEWKEV 8PoC 5macos (172) · iphone os (142) · ipados (118)
- 188 CVE10 critCVSS 7.2NEWKEV 9Nuclei 11PoC 51debian gnu/linux (174) · gpac (22) · webkitgtk (16)
- 148 CVE11 critCVSS 6.8NEWKEV 1acrobat reader (37) · acrobat dc (37) · acrobat reader dc (37)
- 141 CVE11 critCVSS 6.8NEWKEV 1adobe acrobat 2020 (36) · adobe acrobat reader 2017 (36) · adobe acrobat 2017 (36)
- 105 CVE2 critCVSS 7.7NEWKEV 3Nuclei 3PoC 21astra linux special edition (105) · astra linux special edition для «эльбрус» (43) · astra linux common edition (7)
- 101 CVE2 critCVSS 7.5NEWKEV 6Nuclei 3PoC 11осон основа оnyx (101)
- 89 CVE3 critCVSS 7.0NEWKEV 1Nuclei 5PoC 17debian linux (89)
- 87 CVE1 critCVSS 7.3NEWKEV 7Nuclei 1PoC 4windows 10 2004 (33) · windows 10 20h2 (33) · windows 10 1909 (33)
- 85 CVE1 critCVSS 7.3NEWKEV 7Nuclei 1PoC 3windows server 2019 (33) · windows server version 2004 (33) · windows 10 version 21h1 (33)
- 85 CVE4 critCVSS 6.3NEWNuclei 85PoC 39timetable and event schedule by motopress (4) · postx – gutenberg blocks for post grid (4) · availability calendar (2)
- 59 CVE3 critCVSS 7.7NEWKEV 1Nuclei 3PoC 5fedora (59) · extra packages for enterprise linux (1)
- 58 CVE2 critCVSS 5.5NEWjazz for service management (13) · tivoli netcool\/omnibus webgui (12) · tivoli netcool/omnibus (11)
- 58 CVE9 critCVSS 7.4NEWKEV 1Nuclei 3PoC 2scalance w1750d firmware (14) · solid edge (10) · solid edge se2021 (10)
- 54 CVE2 critCVSS 7.8NEWKEV 1Nuclei 3PoC 2ос он «стрелец» (54)
- 51 CVE4 critCVSS 8.4NEWNuclei 1PoC 51ios xe (22) · cisco ios xe software (17) · ios xr (12)
- 50 CVE4 critCVSS 7.3NEWNuclei 1PoC 50cisco ios xe (20) · cisco ios xr (12) · cisco ios xe sd-wan (6)
- 48 CVE2 critCVSS 7.2NEWKEV 1Nuclei 3PoC 9альт 8 сп (45) · альт сп 10 (16)
- 47 CVE6 critCVSS 7.2NEWNuclei 1PoC 10ghost (3) · parse-server (3) · immer (2)
- 47 CVE14 critCVSS 7.7NEWNuclei 2PoC 4magento/community-edition (24) · magento/project-community-edition (23) · pimcore/pimcore (3)
- 43 CVE1 critCVSS 6.8NEWKEV 6PoC 3ios (41) · ipados (39) · tvos (38)
- 37 CVE9 critCVSS 8.0NEWqca6574au firmware (35) · sa8155p firmware (35) · qca6696 firmware (35)
- 37 CVE9 critCVSS 7.8NEWsnapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon voice & music, snapdragon wearables (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (3)
- 33 CVE6 critCVSS 7.7NEWKEV 1Nuclei 1PoC 5business one (7) · contact center (4) · cloud connector (4)
- 33 CVE6 critCVSS 7.4NEWKEV 1Nuclei 1PoC 5sap business one (7) · sap contact center (4) · sap cloud connector (4)
- 32 CVECVSS 6.1NEWPoC 12swftools (32)
- 31 CVE4 critCVSS 7.6NEWKEV 1Nuclei 1big-ip application security manager (24) · big-ip access policy manager (20) · big-ip domain name system (17)
- 29 CVE1 critCVSS 8.0NEWKEV 3Nuclei 2PoC 1fedora (29)
- 29 CVE3 critCVSS 7.5NEWNuclei 1PoC 7wasmtime (3) · openvpn-monitor (3) · parlai (2)
- 26 CVE1 critCVSS 5.6NEWandroid (25) · chrome (1) · chrome os readiness tool (1)
- 26 CVE10 critCVSS 7.9NEWNuclei 2PoC 3org.apache.dubbo:dubbo (4) · org.apache.zeppelin:zeppelin (3) · org.http4s:http4s-server_2.11 (2)
- 22 CVE11 critCVSS 8.4NEWKEV 1Nuclei 6http server (4) · dubbo (4) · zeppelin (3)
- 22 CVE11 critCVSS 8.3NEWKEV 1Nuclei 6http server (4) · apache dubbo (4) · apache http server (4)
- 22 CVE1 critCVSS 6.2NEWPoC 9gpac (22)
- 21 CVECVSS 7.7NEWntfs-3g (21)
- 21 CVECVSS 7.7NEWntfs-3g (21)
- 20 CVE1 critCVSS 7.1NEWKEV 2Nuclei 12PoC 2vcenter server (19) · cloud foundation (18) · fusion (1)
- 19 CVE1 critCVSS 6.9NEWKEV 2Nuclei 12PoC 2vmware vcenter server (19) · vmware cloud foundation (17)
- 19 CVECVSS 7.9NEWKEV 3opensuse leap (17) · suse linux enterprise server (3) · suse package hub for suse linux enterprise (1)
- 18 CVE1 critCVSS 6.9NEWKEV 4Nuclei 2PoC 1red hat enterprise linux (12) · red hat software collections (5) · jboss core services (3)
- 18 CVECVSS 4.4NEWsamsung mobile devices (14) · penup (1) · samsung capture (1)
- 17 CVE3 critCVSS 7.5NEWKEV 1Nuclei 3PoC 2clustered data ontap (9) · cloud backup (9) · h500e firmware (6)
- 17 CVE10 critCVSS 8.9NEWKEV 2Nuclei 9PoC 4manageengine admanager plus (8) · manageengine adselfservice plus (3) · manageengine remote access plus (3)
- 16 CVECVSS 6.6NEWPoC 1k8s.io/kubernetes (5) · github.com/pomerium/pomerium (3) · github.com/hashicorp/consul (2)
- 16 CVECVSS 5.7NEWNuclei 4PoC 5jeesns (16)
- 15 CVE1 critCVSS 7.1NEWPoC 1arubaos (15) · sd-wan (11)
- 15 CVE3 critCVSS 5.9NEWNuclei 2PoC 3jira data center (10) · jira server (10) · data center (8)
- 14 CVE2 critCVSS 7.1NEWconcrete cms (14)
- 14 CVE4 critCVSS 7.4NEWKEV 1Nuclei 4PoC 2http server (5) · peoplesoft enterprise peopletools (5) · zfs storage appliance kit (5)
- 13 CVE7 critCVSS 9.0NEWNuclei 2riskbuster terminator e6l45 (13) · ecs router controller-ecs firmware (13) · ecs router controller ecs (flash) (13)
- 13 CVECVSS 7.2NEWgoogle chrome (8) · kubernetes (5)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | apple | 218 | 11 | 8 | · | NEWKEV 8PoC 5 | macos (172) · iphone os (142) · ipados (118) | — | |
| 2 | сообщество свободного программного обеспечения | 188 | 10 | 9 | 11 | NEWKEV 9Nuclei 11PoC 51 | debian gnu/linux (174) · gpac (22) · webkitgtk (16) | — | |
| 3 | adobe | 148 | 11 | 1 | · | NEWKEV 1 | acrobat reader (37) · acrobat dc (37) · acrobat reader dc (37) | — | |
| 4 | adobe systems inc. | 141 | 11 | 1 | · | NEWKEV 1 | adobe acrobat 2020 (36) · adobe acrobat reader 2017 (36) · adobe acrobat 2017 (36) | — | |
| 5 | ооо «русбитех-астра» | 105 | 2 | 3 | 3 | NEWKEV 3Nuclei 3PoC 21 | astra linux special edition (105) · astra linux special edition для «эльбрус» (43) · astra linux common edition (7) | — | |
| 6 | ао "нппкт" | 101 | 2 | 6 | 3 | NEWKEV 6Nuclei 3PoC 11 | осон основа оnyx (101) | — | |
| 7 | debian | 89 | 3 | 1 | 5 | NEWKEV 1Nuclei 5PoC 17 | debian linux (89) | — | |
| 8 | microsoft corp | 87 | 1 | 7 | 1 | NEWKEV 7Nuclei 1PoC 4 | windows 10 2004 (33) · windows 10 20h2 (33) · windows 10 1909 (33) | — | |
| 9 | microsoft | 85 | 1 | 7 | 1 | NEWKEV 7Nuclei 1PoC 3 | windows server 2019 (33) · windows server version 2004 (33) · windows 10 version 21h1 (33) | — | |
| 10 | unknown | 85 | 4 | · | 85 | NEWNuclei 85PoC 39 | timetable and event schedule by motopress (4) · postx – gutenberg blocks for post grid (4) · availability calendar (2) | — | |
| 11 | fedoraproject | 59 | 3 | 1 | 3 | NEWKEV 1Nuclei 3PoC 5 | fedora (59) · extra packages for enterprise linux (1) | — | |
| 12 | ibm | 58 | 2 | · | · | NEW | jazz for service management (13) · tivoli netcool\/omnibus webgui (12) · tivoli netcool/omnibus (11) | — | |
| 13 | siemens | 58 | 9 | 1 | 3 | NEWKEV 1Nuclei 3PoC 2 | scalance w1750d firmware (14) · solid edge (10) · solid edge se2021 (10) | — | |
| 14 | ао «концерн вниинс» | 54 | 2 | 1 | 3 | NEWKEV 1Nuclei 3PoC 2 | ос он «стрелец» (54) | — | |
| 15 | cisco | 51 | 4 | · | 1 | NEWNuclei 1PoC 51 | ios xe (22) · cisco ios xe software (17) · ios xr (12) | — | |
| 16 | cisco systems inc. | 50 | 4 | · | 1 | NEWNuclei 1PoC 50 | cisco ios xe (20) · cisco ios xr (12) · cisco ios xe sd-wan (6) | — | |
| 17 | ао «ивк» | 48 | 2 | 1 | 3 | NEWKEV 1Nuclei 3PoC 9 | альт 8 сп (45) · альт сп 10 (16) | — | |
| 18 | npm | 47 | 6 | · | 1 | NEWNuclei 1PoC 10 | ghost (3) · parse-server (3) · immer (2) | — | |
| 19 | packagist | 47 | 14 | · | 2 | NEWNuclei 2PoC 4 | magento/community-edition (24) · magento/project-community-edition (23) · pimcore/pimcore (3) | — | |
| 20 | apple inc. | 43 | 1 | 6 | · | NEWKEV 6PoC 3 | ios (41) · ipados (39) · tvos (38) | — | |
| 21 | qualcomm | 37 | 9 | · | · | NEW | qca6574au firmware (35) · sa8155p firmware (35) · qca6696 firmware (35) | — | |
| 22 | qualcomm, inc. | 37 | 9 | · | · | NEW | snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon voice & music, snapdragon wearables (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (3) | — | |
| 23 | sap | 33 | 6 | 1 | 1 | NEWKEV 1Nuclei 1PoC 5 | business one (7) · contact center (4) · cloud connector (4) | — | |
| 24 | sap se | 33 | 6 | 1 | 1 | NEWKEV 1Nuclei 1PoC 5 | sap business one (7) · sap contact center (4) · sap cloud connector (4) | — | |
| 25 | swftools | 32 | · | · | · | NEWPoC 12 | swftools (32) | — | |
| 26 | f5 | 31 | 4 | 1 | 1 | NEWKEV 1Nuclei 1 | big-ip application security manager (24) · big-ip access policy manager (20) · big-ip domain name system (17) | — | |
| 27 | fedora project | 29 | 1 | 3 | 2 | NEWKEV 3Nuclei 2PoC 1 | fedora (29) | — | |
| 28 | pypi | 29 | 3 | · | 1 | NEWNuclei 1PoC 7 | wasmtime (3) · openvpn-monitor (3) · parlai (2) | — | |
| 29 | 26 | 1 | · | · | NEW | android (25) · chrome (1) · chrome os readiness tool (1) | — | ||
| 30 | maven | 26 | 10 | · | 2 | NEWNuclei 2PoC 3 | org.apache.dubbo:dubbo (4) · org.apache.zeppelin:zeppelin (3) · org.http4s:http4s-server_2.11 (2) | — | |
| 31 | apache | 22 | 11 | 1 | 6 | NEWKEV 1Nuclei 6 | http server (4) · dubbo (4) · zeppelin (3) | — | |
| 32 | apache software foundation | 22 | 11 | 1 | 6 | NEWKEV 1Nuclei 6 | http server (4) · apache dubbo (4) · apache http server (4) | — | |
| 33 | gpac | 22 | 1 | · | · | NEWPoC 9 | gpac (22) | — | |
| 34 | tuxera | 21 | · | · | · | NEW | ntfs-3g (21) | — | |
| 35 | tuxera inc. | 21 | · | · | · | NEW | ntfs-3g (21) | — | |
| 36 | vmware | 20 | 1 | 2 | 12 | NEWKEV 2Nuclei 12PoC 2 | vcenter server (19) · cloud foundation (18) · fusion (1) | — | |
| 37 | broadcom inc. | 19 | 1 | 2 | 12 | NEWKEV 2Nuclei 12PoC 2 | vmware vcenter server (19) · vmware cloud foundation (17) | — | |
| 38 | novell inc. | 19 | · | 3 | · | NEWKEV 3 | opensuse leap (17) · suse linux enterprise server (3) · suse package hub for suse linux enterprise (1) | — | |
| 39 | red hat inc. | 18 | 1 | 4 | 2 | NEWKEV 4Nuclei 2PoC 1 | red hat enterprise linux (12) · red hat software collections (5) · jboss core services (3) | — | |
| 40 | samsung mobile | 18 | · | · | · | NEW | samsung mobile devices (14) · penup (1) · samsung capture (1) | — | |
| 41 | netapp | 17 | 3 | 1 | 3 | NEWKEV 1Nuclei 3PoC 2 | clustered data ontap (9) · cloud backup (9) · h500e firmware (6) | — | |
| 42 | zohocorp | 17 | 10 | 2 | 9 | NEWKEV 2Nuclei 9PoC 4 | manageengine admanager plus (8) · manageengine adselfservice plus (3) · manageengine remote access plus (3) | — | |
| 43 | go | 16 | · | · | · | NEWPoC 1 | k8s.io/kubernetes (5) · github.com/pomerium/pomerium (3) · github.com/hashicorp/consul (2) | — | |
| 44 | jeesns | 16 | · | · | 4 | NEWNuclei 4PoC 5 | jeesns (16) | — | |
| 45 | arubanetworks | 15 | 1 | · | · | NEWPoC 1 | arubaos (15) · sd-wan (11) | — | |
| 46 | atlassian | 15 | 3 | · | 2 | NEWNuclei 2PoC 3 | jira data center (10) · jira server (10) · data center (8) | — | |
| 47 | concretecms | 14 | 2 | · | · | NEW | concrete cms (14) | — | |
| 48 | oracle | 14 | 4 | 1 | 4 | NEWKEV 1Nuclei 4PoC 2 | http server (5) · peoplesoft enterprise peopletools (5) · zfs storage appliance kit (5) | — | |
| 49 | ecoa | 13 | 7 | · | 2 | NEWNuclei 2 | riskbuster terminator e6l45 (13) · ecs router controller-ecs firmware (13) · ecs router controller ecs (flash) (13) | — | |
| 50 | google inc | 13 | · | · | · | NEW | google chrome (8) · kubernetes (5) | — |