month report
November 2021
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
November 2021 closed with 1,694 published CVEs. 199 criticals, 291 added to CISA KEV (73 ransomware-linked). unknown led volume, mostly via simple download monitor. Top weakness class — CWE-79 (227 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,694
— MoM— YoY
Severity mix
199 / 635
critical / high
KEV added
291
73 ransomware-linked
Nuclei coverage
12.0%
203 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
1575.3
n=203
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
140
n=9
Detection gap
KEV pressure, no Nuclei coverage
November 2021 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 3debian88 CVE
- KEV 3fedoraproject79 CVE
- KEV 2google91 CVE
- KEV 2ао "нппкт"74 CVE
- KEV 2ао «концерн вниинс»52 CVE
- KEV 2google inc33 CVE
- KEV 1ооо «русбитех-астра»58 CVE
- KEV 1fedora project19 CVE
Weakness × Vendor
What's spreading where in November 2021
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS787Out-of-bounds Write20Improper Input Validation89SQL Injection352CSRF416Use After Free125Out-of-bounds Read120Buffer Overflow22Path Traversal119Memory Buffer Boundsunknown62124251google112418182debian31582143313сообщество свободного программного обеспечения81265120312microsoft corp2721911fedoraproject510321161313ао "нппкт"21232422microsoft211ооо «русбитех-астра»21031213pypi42111023ао «концерн вниинс»2102211intel312
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #1unknown127 CVE
- #2google91 CVE
- #3debian88 CVE
- #4сообщество свободного программного обеспечения87 CVE
- #5microsoft corp86 CVE
- #6fedoraproject79 CVE
- #7ао "нппкт"74 CVE
- #8microsoft61 CVE
- #9ооо «русбитех-астра»58 CVE
- #10pypi56 CVE
Top vendors
Ranked by distinct CVE count this period.
- 127 CVE4 critCVSS 6.1NEWNuclei 127PoC 56simple download monitor (4) · accept donations with paypal (3) · qr redirector (2)
- 91 CVE3 critCVSS 7.1NEWKEV 2PoC 5tensorflow (34) · chrome (31) · android (25)
- 88 CVE8 critCVSS 7.6NEWKEV 3PoC 13debian linux (88)
- 87 CVE13 critCVSS 7.3NEWKEV 1Nuclei 5PoC 15debian gnu/linux (67) · busybox (14) · linux (6)
- 86 CVE3 critCVSS 7.2NEWKEV 5Nuclei 1PoC 2microsoft edge (28) · windows server 2019 (28) · windows server 2004 (server core installation) (27)
- 79 CVE9 critCVSS 7.5NEWKEV 3PoC 21fedora (79) · extra packages for enterprise linux (3)
- 74 CVE6 critCVSS 7.5NEWKEV 2PoC 11осон основа оnyx (74)
- 61 CVE1 critCVSS 7.0NEWKEV 5Nuclei 2PoC 1windows server 2016 (28) · windows server version 20h2 (27) · windows server 2019 (27)
- 58 CVE4 critCVSS 7.4NEWKEV 1PoC 8astra linux special edition (58) · astra linux special edition для «эльбрус» (11)
- 56 CVE2 critCVSS 6.5NEWPoC 5tensorflow-cpu (34) · tensorflow-gpu (34) · tensorflow (34)
- 52 CVE2 critCVSS 7.8NEWKEV 2PoC 4ос он «стрелец» (52)
- 50 CVECVSS 6.6NEWax201 firmware (12) · ac 9560 firmware (12) · ax210 firmware (12)
- 46 CVE18 critCVSS 7.9NEWNuclei 3PoC 3org.jenkins-ci.main:jenkins-core (13) · org.apache.ozone:ozone-main (7) · software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk (4)
- 46 CVE7 critCVSS 6.7NEWNuclei 2PoC 8concrete5/core (6) · moodle/moodle (4) · symfony/symfony (3)
- 45 CVECVSS 7.2NEWafter effects (11) · animate (10) · prelude (10)
- 44 CVE7 critCVSS 7.0NEWNuclei 1PoC 11aws-iot-device-sdk-v2 (4) · nodebb (3) · apostrophe (2)
- 43 CVECVSS 7.2NEWadobe after effects (11) · adobe prelude (11) · animate (10)
- 43 CVE1 critCVSS 6.0NEWsecurity key lifecycle manager (14) · security guardium key lifecycle manager (14) · infosphere information server (7)
- 40 CVECVSS 6.5NEWepyc 7443p firmware (21) · epyc 7313 firmware (21) · epyc 75f3 firmware (21)
- 38 CVE4 critCVSS 7.6NEWPoC 3opensuse leap (34) · suse linux enterprise server (12) · suse linux enterprise server for sap applications (9)
- 36 CVE5 critCVSS 7.2NEWPoC 6ред ос (36)
- 34 CVECVSS 6.5NEWPoC 4tensorflow (34)
- 33 CVE2 critCVSS 8.0NEWKEV 2PoC 2google chrome (32) · android (1)
- 33 CVE2 critCVSS 7.1NEWharmonyos (20) · magic ui (7) · emui (7)
- 32 CVE2 critCVSS 7.4NEWcloudlink (7) · emc cloud link (5) · dell emc streaming data platform (5)
- 29 CVE3 critCVSS 8.2NEWPoC 1apogee modular equiment controller firmware (13) · nucleus net (13) · talon tc compact firmware (13)
- 27 CVE11 critCVSS 7.6NEWPoC 4openshift container platform (12) · red hat enterprise linux (12) · red hat openshift container platform (3)
- 25 CVE7 critCVSS 8.1NEWNuclei 2PoC 2apache ozone (8) · apache traffic server (6) · traffic server (3)
- 24 CVE7 critCVSS 7.9NEWNuclei 2PoC 1ozone (8) · traffic server (6) · superset (2)
- 24 CVE5 critCVSS 6.8NEWteamcity (10) · youtrack mobile (6) · hub (4)
- 21 CVE4 critCVSS 7.4NEWPoC 21common services platform collector (4) · cisco common services platform collector software (4) · catalyst pon switch cgp-ont-4pvc firmware (3)
- 21 CVE4 critCVSS 7.3NEWPoC 21cisco common services platform collector (4) · catalyst pon cgp-ont-4tvcw (3) · catalyst pon cgp-ont-1p (3)
- 21 CVE2 critCVSS 6.4NEWNuclei 1PoC 1github.com/cloudflare/cfrpki (6) · github.com/hyperledger/fabric (2) · github.com/stevenweathers/thunderdome-planning-poker (1)
- 20 CVECVSS 5.6NEWfortinet fortiportal (5) · fortiportal (5) · fortiwlm (2)
- 20 CVE10 critCVSS 8.3NEWjenkins (13) · owasp dependency-check (1) · performance (1)
- 20 CVE10 critCVSS 8.3NEWjenkins (13) · jenkins squash tm publisher (squash4jenkins) plugin (1) · jenkins active choices plugin (1)
- 19 CVE3 critCVSS 7.0NEWKEV 1PoC 6fedora (19)
- 18 CVE3 critCVSS 7.7NEWqca6391 firmware (18) · wcd9380 firmware (17) · wcn6851 firmware (17)
- 18 CVE3 critCVSS 7.7NEWsnapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile (4) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (4) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon voice & music, snapdragon wearables (1)
- 16 CVECVSS 4.7NEWPoC 1gitlab (16)
- 15 CVE10 critCVSS 9.0NEWKEV 1Nuclei 2PoC 3manageengine supportcenter plus (4) · manageengine network configuration manager (3) · manageengine remote access plus (2)
- 14 CVE1 critCVSS 6.9NEWbusybox (14)
- 14 CVE10 critCVSS 8.8NEWiologik e2200 (8) · ioadmin (3) · nport iaw5250a-6i/o (3)
- 14 CVECVSS 8.0NEWPoC 1firefox (12) · thunderbird (10) · firefox esr (8)
- 14 CVE3 critCVSS 6.8NEWPoC 3h700s firmware (10) · h410s firmware (10) · h500s firmware (10)
- 14 CVE1 critCVSS 7.7NEWdrawings software development kit (6) · oda viewer (2) · oda prc software development kit (2)
- 14 CVECVSS 5.5NEWPoC 5wildbit viewer (14)
- 13 CVE4 critCVSS 8.4NEWfuturesmart 4 (4) · futuresmart 3 (3) · laserjet pro j8h61a firmware (2)
- 13 CVECVSS 5.9NEWPoC 13ox app suite (13)
- 13 CVECVSS 7.4NEWPoC 2альт 8 сп (13) · альт 8 сп рабочая станция (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | unknown | 127 | 4 | · | 127 | NEWNuclei 127PoC 56 | simple download monitor (4) · accept donations with paypal (3) · qr redirector (2) | — | |
| 2 | 91 | 3 | 2 | · | NEWKEV 2PoC 5 | tensorflow (34) · chrome (31) · android (25) | — | ||
| 3 | debian | 88 | 8 | 3 | · | NEWKEV 3PoC 13 | debian linux (88) | — | |
| 4 | сообщество свободного программного обеспечения | 87 | 13 | 1 | 5 | NEWKEV 1Nuclei 5PoC 15 | debian gnu/linux (67) · busybox (14) · linux (6) | — | |
| 5 | microsoft corp | 86 | 3 | 5 | 1 | NEWKEV 5Nuclei 1PoC 2 | microsoft edge (28) · windows server 2019 (28) · windows server 2004 (server core installation) (27) | — | |
| 6 | fedoraproject | 79 | 9 | 3 | · | NEWKEV 3PoC 21 | fedora (79) · extra packages for enterprise linux (3) | — | |
| 7 | ао "нппкт" | 74 | 6 | 2 | · | NEWKEV 2PoC 11 | осон основа оnyx (74) | — | |
| 8 | microsoft | 61 | 1 | 5 | 2 | NEWKEV 5Nuclei 2PoC 1 | windows server 2016 (28) · windows server version 20h2 (27) · windows server 2019 (27) | — | |
| 9 | ооо «русбитех-астра» | 58 | 4 | 1 | · | NEWKEV 1PoC 8 | astra linux special edition (58) · astra linux special edition для «эльбрус» (11) | — | |
| 10 | pypi | 56 | 2 | · | · | NEWPoC 5 | tensorflow-cpu (34) · tensorflow-gpu (34) · tensorflow (34) | — | |
| 11 | ао «концерн вниинс» | 52 | 2 | 2 | · | NEWKEV 2PoC 4 | ос он «стрелец» (52) | — | |
| 12 | intel | 50 | · | · | · | NEW | ax201 firmware (12) · ac 9560 firmware (12) · ax210 firmware (12) | — | |
| 13 | maven | 46 | 18 | · | 3 | NEWNuclei 3PoC 3 | org.jenkins-ci.main:jenkins-core (13) · org.apache.ozone:ozone-main (7) · software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk (4) | — | |
| 14 | packagist | 46 | 7 | · | 2 | NEWNuclei 2PoC 8 | concrete5/core (6) · moodle/moodle (4) · symfony/symfony (3) | — | |
| 15 | adobe | 45 | · | · | · | NEW | after effects (11) · animate (10) · prelude (10) | — | |
| 16 | npm | 44 | 7 | · | 1 | NEWNuclei 1PoC 11 | aws-iot-device-sdk-v2 (4) · nodebb (3) · apostrophe (2) | — | |
| 17 | adobe systems inc. | 43 | · | · | · | NEW | adobe after effects (11) · adobe prelude (11) · animate (10) | — | |
| 18 | ibm | 43 | 1 | · | · | NEW | security key lifecycle manager (14) · security guardium key lifecycle manager (14) · infosphere information server (7) | — | |
| 19 | amd | 40 | · | · | · | NEW | epyc 7443p firmware (21) · epyc 7313 firmware (21) · epyc 75f3 firmware (21) | — | |
| 20 | novell inc. | 38 | 4 | · | · | NEWPoC 3 | opensuse leap (34) · suse linux enterprise server (12) · suse linux enterprise server for sap applications (9) | — | |
| 21 | ооо «ред софт» | 36 | 5 | · | · | NEWPoC 6 | ред ос (36) | — | |
| 22 | tensorflow | 34 | · | · | · | NEWPoC 4 | tensorflow (34) | — | |
| 23 | google inc | 33 | 2 | 2 | · | NEWKEV 2PoC 2 | google chrome (32) · android (1) | — | |
| 24 | huawei | 33 | 2 | · | · | NEW | harmonyos (20) · magic ui (7) · emui (7) | — | |
| 25 | dell | 32 | 2 | · | · | NEW | cloudlink (7) · emc cloud link (5) · dell emc streaming data platform (5) | — | |
| 26 | siemens | 29 | 3 | · | · | NEWPoC 1 | apogee modular equiment controller firmware (13) · nucleus net (13) · talon tc compact firmware (13) | — | |
| 27 | red hat inc. | 27 | 11 | · | · | NEWPoC 4 | openshift container platform (12) · red hat enterprise linux (12) · red hat openshift container platform (3) | — | |
| 28 | apache software foundation | 25 | 7 | · | 2 | NEWNuclei 2PoC 2 | apache ozone (8) · apache traffic server (6) · traffic server (3) | — | |
| 29 | apache | 24 | 7 | · | 2 | NEWNuclei 2PoC 1 | ozone (8) · traffic server (6) · superset (2) | — | |
| 30 | jetbrains | 24 | 5 | · | · | NEW | teamcity (10) · youtrack mobile (6) · hub (4) | — | |
| 31 | cisco | 21 | 4 | · | · | NEWPoC 21 | common services platform collector (4) · cisco common services platform collector software (4) · catalyst pon switch cgp-ont-4pvc firmware (3) | — | |
| 32 | cisco systems inc. | 21 | 4 | · | · | NEWPoC 21 | cisco common services platform collector (4) · catalyst pon cgp-ont-4tvcw (3) · catalyst pon cgp-ont-1p (3) | — | |
| 33 | go | 21 | 2 | · | 1 | NEWNuclei 1PoC 1 | github.com/cloudflare/cfrpki (6) · github.com/hyperledger/fabric (2) · github.com/stevenweathers/thunderdome-planning-poker (1) | — | |
| 34 | fortinet | 20 | · | · | · | NEW | fortinet fortiportal (5) · fortiportal (5) · fortiwlm (2) | — | |
| 35 | jenkins | 20 | 10 | · | · | NEW | jenkins (13) · owasp dependency-check (1) · performance (1) | — | |
| 36 | jenkins project | 20 | 10 | · | · | NEW | jenkins (13) · jenkins squash tm publisher (squash4jenkins) plugin (1) · jenkins active choices plugin (1) | — | |
| 37 | fedora project | 19 | 3 | 1 | · | NEWKEV 1PoC 6 | fedora (19) | — | |
| 38 | qualcomm | 18 | 3 | · | · | NEW | qca6391 firmware (18) · wcd9380 firmware (17) · wcn6851 firmware (17) | — | |
| 39 | qualcomm, inc. | 18 | 3 | · | · | NEW | snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile (4) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (4) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon voice & music, snapdragon wearables (1) | — | |
| 40 | gitlab | 16 | · | · | · | NEWPoC 1 | gitlab (16) | — | |
| 41 | zohocorp | 15 | 10 | 1 | 2 | NEWKEV 1Nuclei 2PoC 3 | manageengine supportcenter plus (4) · manageengine network configuration manager (3) · manageengine remote access plus (2) | — | |
| 42 | busybox | 14 | 1 | · | · | NEW | busybox (14) | — | |
| 43 | moxa inc. | 14 | 10 | · | · | NEW | iologik e2200 (8) · ioadmin (3) · nport iaw5250a-6i/o (3) | — | |
| 44 | mozilla | 14 | · | · | · | NEWPoC 1 | firefox (12) · thunderbird (10) · firefox esr (8) | — | |
| 45 | netapp | 14 | 3 | · | · | NEWPoC 3 | h700s firmware (10) · h410s firmware (10) · h500s firmware (10) | — | |
| 46 | opendesign | 14 | 1 | · | · | NEW | drawings software development kit (6) · oda viewer (2) · oda prc software development kit (2) | — | |
| 47 | wildbit-soft | 14 | · | · | · | NEWPoC 5 | wildbit viewer (14) | — | |
| 48 | hp | 13 | 4 | · | · | NEW | futuresmart 4 (4) · futuresmart 3 (3) · laserjet pro j8h61a firmware (2) | — | |
| 49 | open-xchange | 13 | · | · | · | NEWPoC 13 | ox app suite (13) | — | |
| 50 | ао «ивк» | 13 | · | · | · | NEWPoC 2 | альт 8 сп (13) · альт 8 сп рабочая станция (1) | — |