month report
October 2021
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
October 2021 closed with 1,759 published CVEs. 195 criticals, oracle led volume, mostly via mysql. Top weakness class — CWE-79 (293 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,759
— MoM— YoY
Severity mix
195 / 662
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
10.8%
190 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
1604.1
n=190
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
28
n=18
Detection gap
KEV pressure, no Nuclei coverage
October 2021 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 6microsoft corp94 CVE
- KEV 5google111 CVE
- KEV 5google inc30 CVE
- KEV 3microsoft72 CVE
- KEV 2samsung mobile33 CVE
- KEV 1apple46 CVE
Weakness × Vendor
What's spreading where in October 2021
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS787Out-of-bounds Write89SQL Injection22Path Traversal125Out-of-bounds Read20Improper Input Validation434Unrestricted File Upload416Use After Free78OS Command Injection352CSRForacle35212oracle corporation21google1411204191netapp372222fedoraproject41532112microsoft corp2311ао "нппкт"1934214сообщество свободного программного обеспечения11254110debian28221101microsoft21unknown556111huawei23643
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #2oracle corporation137 CVE
- #11unknown68 CVE
- #17apple46 CVE
- #19juniper42 CVE
- #20juniper networks42 CVE
- #24samsung mobile33 CVE
- #35arubanetworks24 CVE
- #38zohocorp20 CVE
- #40auvesy17 CVE
- #43corel15 CVE
Top vendors
Ranked by distinct CVE count this period.
- 161 CVE5 critCVSS 6.3KEV 2Nuclei 9PoC 7mysql (41) · openjdk (13) · graalvm (11)
- 137 CVE2 critCVSS 5.9NEWNuclei 4PoC 1mysql server (44) · java se jdk and jre (12) · outside in technology (10)
- 111 CVE2 critCVSS 6.5KEV 5PoC 6android (81) · chrome (28) · extensible service proxy (1)
- 102 CVE3 critCVSS 5.8KEV 2Nuclei 5PoC 7oncommand insight (70) · snapcenter (54) · active iq unified manager (14)
- 100 CVE7 critCVSS 6.7KEV 8Nuclei 5PoC 12fedora (100)
- 94 CVE3 critCVSS 7.1KEV 6PoC 4windows server 2004 (server core installation) (44) · windows server 2022 (44) · windows server 2022 (server core installation) (43)
- 82 CVE5 critCVSS 6.8KEV 7Nuclei 5PoC 11осон основа оnyx (82)
- 79 CVE5 critCVSS 6.8KEV 2Nuclei 3PoC 10debian gnu/linux (66) · linux (9) · webkitgtk (4)
- 75 CVE2 critCVSS 6.8KEV 3Nuclei 2PoC 8debian linux (75)
- 72 CVE1 critCVSS 7.1KEV 3PoC 2windows server version 20h2 (44) · windows server version 2004 (44) · windows server 2022 (43)
- 68 CVE1 critCVSS 5.8NEWNuclei 68PoC 32formidable form builder – contact form, survey & quiz forms plugin for wordpress (2) · weather effect – christmas santa snow falling (2) · appointment hour booking – wordpress booking plugin (2)
- 67 CVE8 critCVSS 6.9emui (38) · magic ui (38) · harmonyos (22)
- 61 CVE4 critCVSS 7.0KEV 5Nuclei 1PoC 7astra linux special edition (57) · astra linux special edition для «эльбрус» (13) · astra linux common edition (3)
- 55 CVE4 critCVSS 6.9KEV 7Nuclei 4PoC 7ос он «стрелец» (55)
- 52 CVECVSS 5.8PoC 52firepower threat defense (20) · cisco adaptive security appliance (asa) software (11) · asa 5512-x firmware (10)
- 50 CVECVSS 6.4PoC 50firepower threat defense (17) · adaptive security appliance (10) · cisco identity services engine (6)
- 46 CVE1 critCVSS 7.1NEWKEV 1macos (38) · ipados (29) · iphone os (29)
- 44 CVE4 critCVSS 6.7sterling b2b integrator (17) · sterling file gateway (10) · rational collaborative lifecycle management (5)
- 42 CVE1 critCVSS 7.0NEWNuclei 2PoC 41junos (32) · junos os evolved (14) · session and resource control (3)
- 42 CVE1 critCVSS 7.0NEWNuclei 2PoC 41junos os (32) · junos os evolved (14) · src series (3)
- 39 CVE4 critCVSS 6.8KEV 4Nuclei 3PoC 5fedora (39)
- 36 CVECVSS 5.1PoC 2gitlab (36)
- 34 CVE3 critCVSS 6.3KEV 3Nuclei 5PoC 4альт 8 сп (34) · альт сп 10 (1)
- 33 CVECVSS 5.4NEWKEV 2samsung mobile devices (25) · samsung notes (7) · galaxy store (1)
- 32 CVE4 critCVSS 6.8Nuclei 4PoC 11grumpydictator/firefly-iii (4) · snipe/snipe-it (3) · typo3/cms-core (2)
- 31 CVECVSS 7.9PoC 2wcd9380 firmware (29) · wcd9370 firmware (28) · wcd9375 firmware (28)
- 31 CVECVSS 7.9PoC 2snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon wearables (8) · snapdragon auto, snapdragon connectivity, snapdragon industrial iot, snapdragon mobile (2) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2)
- 30 CVE2 critCVSS 7.2KEV 5PoC 4google chrome (28) · android (2)
- 30 CVE2 critCVSS 6.6KEV 2Nuclei 2PoC 4opensuse leap (25) · suse linux enterprise server (9) · suse linux enterprise desktop (8)
- 30 CVE5 critCVSS 7.5PoC 2sinec nms (15) · scalance w1750d firmware (6) · sinec infrastructure network services (3)
- 29 CVE8 critCVSS 7.7Nuclei 2PoC 6cobbler (3) · onionshare-cli (2) · apache-superset (2)
- 28 CVECVSS 6.4Nuclei 1PoC 4ред ос (28)
- 27 CVE5 critCVSS 7.0Nuclei 1PoC 4org.webjars.npm:jquery-ui (3) · edu.stanford.nlp:stanford-corenlp (2) · org.apache.storm:storm (2)
- 26 CVE3 critCVSS 6.5KEV 2Nuclei 3PoC 2java se (12) · openjdk (11) · graalvm enterprise edition (11)
- 24 CVE4 critCVSS 7.6NEWclearpass policy manager (18) · aruba instant (6)
- 24 CVE8 critCVSS 8.0Nuclei 2PoC 6aaptjs (6) · jquery-ui (3) · kindeditor (2)
- 20 CVECVSS 6.8Nuclei 1red hat enterprise linux (19) · red hat build of openjdk (7) · red hat software collections (4)
- 20 CVE15 critCVSS 9.1NEWNuclei 14PoC 1manageengine admanager plus (16) · manageengine opmanager (2) · manageengine applications manager (1)
- 17 CVE4 critCVSS 7.8KEV 2Nuclei 4PoC 3apache openoffice (5) · apache http server (3) · openoffice (3)
- 17 CVE6 critCVSS 8.1NEWversiondog (17)
- 15 CVE4 critCVSS 7.6KEV 2Nuclei 4PoC 3openoffice (5) · http server (3) · storm (2)
- 15 CVECVSS 6.2ubuntu (15) · apport (2)
- 15 CVECVSS 6.7NEWpresentations 2020 (5) · pdf fusion (3) · photopaint 2020 (3)
- 15 CVECVSS 6.7NEWcorel presentations (5) · pdf fusion (3) · coreldraw (2)
- 15 CVE2 critCVSS 6.4KEV 1Nuclei 1PoC 2github.com/docker/docker (2) · github.com/foxcpp/maddy (2) · github.com/hashicorp/vault (2)
- 14 CVECVSS 6.8NEWfortigate ips (13) · forticlientems (1)
- 14 CVECVSS 6.1NEWPoC 1mediawiki (14)
- 14 CVECVSS 6.2NEWNuclei 1PoC 1rosa virtualization (5) · роса кобальт (5) · роса хром (3)
- 13 CVE2 critCVSS 6.6acrobat reader (7) · acrobat dc (6) · acrobat reader dc (6)
- 13 CVECVSS 6.0NEWremote service manager (13)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | oracle | 161 | 5 | 2 | 9 | KEV 2Nuclei 9PoC 7 | mysql (41) · openjdk (13) · graalvm (11) | — | |
| 2 | oracle corporation | 137 | 2 | · | 4 | NEWNuclei 4PoC 1 | mysql server (44) · java se jdk and jre (12) · outside in technology (10) | — | |
| 3 | 111 | 2 | 5 | · | KEV 5PoC 6 | android (81) · chrome (28) · extensible service proxy (1) | — | ||
| 4 | netapp | 102 | 3 | 2 | 5 | KEV 2Nuclei 5PoC 7 | oncommand insight (70) · snapcenter (54) · active iq unified manager (14) | — | |
| 5 | fedoraproject | 100 | 7 | 8 | 5 | KEV 8Nuclei 5PoC 12 | fedora (100) | — | |
| 6 | microsoft corp | 94 | 3 | 6 | · | KEV 6PoC 4 | windows server 2004 (server core installation) (44) · windows server 2022 (44) · windows server 2022 (server core installation) (43) | — | |
| 7 | ао "нппкт" | 82 | 5 | 7 | 5 | KEV 7Nuclei 5PoC 11 | осон основа оnyx (82) | — | |
| 8 | сообщество свободного программного обеспечения | 79 | 5 | 2 | 3 | KEV 2Nuclei 3PoC 10 | debian gnu/linux (66) · linux (9) · webkitgtk (4) | — | |
| 9 | debian | 75 | 2 | 3 | 2 | KEV 3Nuclei 2PoC 8 | debian linux (75) | — | |
| 10 | microsoft | 72 | 1 | 3 | · | KEV 3PoC 2 | windows server version 20h2 (44) · windows server version 2004 (44) · windows server 2022 (43) | — | |
| 11 | unknown | 68 | 1 | · | 68 | NEWNuclei 68PoC 32 | formidable form builder – contact form, survey & quiz forms plugin for wordpress (2) · weather effect – christmas santa snow falling (2) · appointment hour booking – wordpress booking plugin (2) | — | |
| 12 | huawei | 67 | 8 | · | · | emui (38) · magic ui (38) · harmonyos (22) | — | ||
| 13 | ооо «русбитех-астра» | 61 | 4 | 5 | 1 | KEV 5Nuclei 1PoC 7 | astra linux special edition (57) · astra linux special edition для «эльбрус» (13) · astra linux common edition (3) | — | |
| 14 | ао «концерн вниинс» | 55 | 4 | 7 | 4 | KEV 7Nuclei 4PoC 7 | ос он «стрелец» (55) | — | |
| 15 | cisco | 52 | · | · | · | PoC 52 | firepower threat defense (20) · cisco adaptive security appliance (asa) software (11) · asa 5512-x firmware (10) | — | |
| 16 | cisco systems inc. | 50 | · | · | · | PoC 50 | firepower threat defense (17) · adaptive security appliance (10) · cisco identity services engine (6) | — | |
| 17 | apple | 46 | 1 | 1 | · | NEWKEV 1 | macos (38) · ipados (29) · iphone os (29) | — | |
| 18 | ibm | 44 | 4 | · | · | sterling b2b integrator (17) · sterling file gateway (10) · rational collaborative lifecycle management (5) | — | ||
| 19 | juniper | 42 | 1 | · | 2 | NEWNuclei 2PoC 41 | junos (32) · junos os evolved (14) · session and resource control (3) | — | |
| 20 | juniper networks | 42 | 1 | · | 2 | NEWNuclei 2PoC 41 | junos os (32) · junos os evolved (14) · src series (3) | — | |
| 21 | fedora project | 39 | 4 | 4 | 3 | KEV 4Nuclei 3PoC 5 | fedora (39) | — | |
| 22 | gitlab | 36 | · | · | · | PoC 2 | gitlab (36) | — | |
| 23 | ао «ивк» | 34 | 3 | 3 | 5 | KEV 3Nuclei 5PoC 4 | альт 8 сп (34) · альт сп 10 (1) | — | |
| 24 | samsung mobile | 33 | · | 2 | · | NEWKEV 2 | samsung mobile devices (25) · samsung notes (7) · galaxy store (1) | — | |
| 25 | packagist | 32 | 4 | · | 4 | Nuclei 4PoC 11 | grumpydictator/firefly-iii (4) · snipe/snipe-it (3) · typo3/cms-core (2) | — | |
| 26 | qualcomm | 31 | · | · | · | PoC 2 | wcd9380 firmware (29) · wcd9370 firmware (28) · wcd9375 firmware (28) | — | |
| 27 | qualcomm, inc. | 31 | · | · | · | PoC 2 | snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon wearables (8) · snapdragon auto, snapdragon connectivity, snapdragon industrial iot, snapdragon mobile (2) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2) | — | |
| 28 | google inc | 30 | 2 | 5 | · | KEV 5PoC 4 | google chrome (28) · android (2) | — | |
| 29 | novell inc. | 30 | 2 | 2 | 2 | KEV 2Nuclei 2PoC 4 | opensuse leap (25) · suse linux enterprise server (9) · suse linux enterprise desktop (8) | — | |
| 30 | siemens | 30 | 5 | · | · | PoC 2 | sinec nms (15) · scalance w1750d firmware (6) · sinec infrastructure network services (3) | — | |
| 31 | pypi | 29 | 8 | · | 2 | Nuclei 2PoC 6 | cobbler (3) · onionshare-cli (2) · apache-superset (2) | — | |
| 32 | ооо «ред софт» | 28 | · | · | 1 | Nuclei 1PoC 4 | ред ос (28) | — | |
| 33 | maven | 27 | 5 | · | 1 | Nuclei 1PoC 4 | org.webjars.npm:jquery-ui (3) · edu.stanford.nlp:stanford-corenlp (2) · org.apache.storm:storm (2) | — | |
| 34 | oracle corp. | 26 | 3 | 2 | 3 | KEV 2Nuclei 3PoC 2 | java se (12) · openjdk (11) · graalvm enterprise edition (11) | — | |
| 35 | arubanetworks | 24 | 4 | · | · | NEW | clearpass policy manager (18) · aruba instant (6) | — | |
| 36 | npm | 24 | 8 | · | 2 | Nuclei 2PoC 6 | aaptjs (6) · jquery-ui (3) · kindeditor (2) | — | |
| 37 | red hat inc. | 20 | · | · | 1 | Nuclei 1 | red hat enterprise linux (19) · red hat build of openjdk (7) · red hat software collections (4) | — | |
| 38 | zohocorp | 20 | 15 | · | 14 | NEWNuclei 14PoC 1 | manageengine admanager plus (16) · manageengine opmanager (2) · manageengine applications manager (1) | — | |
| 39 | apache software foundation | 17 | 4 | 2 | 4 | KEV 2Nuclei 4PoC 3 | apache openoffice (5) · apache http server (3) · openoffice (3) | — | |
| 40 | auvesy | 17 | 6 | · | · | NEW | versiondog (17) | — | |
| 41 | apache | 15 | 4 | 2 | 4 | KEV 2Nuclei 4PoC 3 | openoffice (5) · http server (3) · storm (2) | — | |
| 42 | canonical ltd. | 15 | · | · | · | ubuntu (15) · apport (2) | — | ||
| 43 | corel | 15 | · | · | · | NEW | presentations 2020 (5) · pdf fusion (3) · photopaint 2020 (3) | — | |
| 44 | corel corp. | 15 | · | · | · | NEW | corel presentations (5) · pdf fusion (3) · coreldraw (2) | — | |
| 45 | go | 15 | 2 | 1 | 1 | KEV 1Nuclei 1PoC 2 | github.com/docker/docker (2) · github.com/foxcpp/maddy (2) · github.com/hashicorp/vault (2) | — | |
| 46 | fortinet inc. | 14 | · | · | · | NEW | fortigate ips (13) · forticlientems (1) | — | |
| 47 | mediawiki | 14 | · | · | · | NEWPoC 1 | mediawiki (14) | — | |
| 48 | ао «нтц ит роса» | 14 | · | · | 1 | NEWNuclei 1PoC 1 | rosa virtualization (5) · роса кобальт (5) · роса хром (3) | — | |
| 49 | adobe | 13 | 2 | · | · | acrobat reader (7) · acrobat dc (6) · acrobat reader dc (6) | — | ||
| 50 | cybozu | 13 | · | · | · | NEW | remote service manager (13) | — |