month report

December 2021

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

December 2021 closed with 2,520 published CVEs. 358 criticals, 20 added to CISA KEV (3 ransomware-linked). netgear led volume, mostly via rbr850 firmware. Top weakness class — CWE-79 (237 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

2,520

— MoM— YoY

Severity mix

358 / 883

critical / high

KEV added

3 ransomware-linked

Nuclei coverage

6.7%

169 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

1544.4

n=169

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

503

n=13

Detection gap

KEV pressure, no Nuclei coverage

December 2021 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2google195 CVE
KEV 2microsoft68 CVE
KEV 2google inc46 CVE
KEV 1gitlab22 CVE

Weakness × Vendor

What's spreading where in December 2021

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#1netgear201 CVE
#2google195 CVE
#3сообщество свободного программного обеспечения117 CVE
#4debian108 CVE
#5microsoft corp96 CVE
#6ао "нппкт"93 CVE
#7fedoraproject90 CVE
#8ооо «русбитех-астра»77 CVE
#9unknown74 CVE
#10ао «концерн вниинс»73 CVE

Top vendors

Ranked by distinct CVE count this period.

1netgear—
201 CVE47 critCVSS 7.7
NEWNuclei 1PoC 1
rbr850 firmware (89) · rbk852 firmware (88) · rbs850 firmware (88)
2google—
195 CVE7 critCVSS 6.8
NEWKEV 2PoC 3
android (158) · chrome (36) · exposure notification verification server (1)
3сообщество свободного программного обеспечения—
117 CVE15 critCVSS 7.5
NEWKEV 4Nuclei 4PoC 23
debian gnu/linux (95) · linux (9) · vim (8)
4debian—
108 CVE10 critCVSS 7.5
NEWKEV 3Nuclei 4PoC 19
debian linux (108)
5microsoft corp—
96 CVE9 critCVSS 7.5
NEWKEV 3Nuclei 1PoC 6
windows 10 2004 (30) · windows 11 (29) · windows 10 20h2 (29)
6ао "нппкт"—
93 CVE7 critCVSS 7.6
NEWKEV 2Nuclei 4PoC 12
осон основа оnyx (93)
7fedoraproject—
90 CVE6 critCVSS 7.6
NEWKEV 2Nuclei 4PoC 18
fedora (90) · sssd (1) · extra packages for enterprise linux (1)
8ооо «русбитех-астра»—
77 CVE10 critCVSS 7.7
NEWKEV 1Nuclei 2PoC 13
astra linux special edition (77) · astra linux special edition для «эльбрус» (20) · astra linux common edition (4)
9unknown—
74 CVE10 critCVSS 6.5
NEWNuclei 74PoC 41
modern events calendar lite (2) · events manager (2) · get custom field values (2)
10ао «концерн вниинс»—
73 CVE5 critCVSS 7.6
NEWKEV 1Nuclei 3PoC 7
ос он «стрелец» (73)
11huawei—
69 CVE20 critCVSS 7.8
NEW
harmonyos (60) · emui (28) · magic ui (27)
12microsoft—
68 CVE7 critCVSS 7.5
NEWKEV 2PoC 2
windows server 2016 (30) · windows 10 version 21h1 (30) · windows 10 version 21h2 (30)
13packagist—
63 CVE10 critCVSS 6.8
NEWNuclei 5PoC 21
yetiforce/yetiforce-crm (6) · showdoc/showdoc (6) · snipe/snipe-it (5)
14crates.io—
55 CVE28 critCVSS 8.7
NEWPoC 2
rusqlite (7) · messagepack-rs (4) · libpulse-binding (3)
15siemens—
49 CVE4 critCVSS 7.7
NEWKEV 2Nuclei 2PoC 3
jt open toolkit (23) · jt utilities (23) · jttk (21)
16google inc—
46 CVE1 critCVSS 7.9
NEWKEV 2PoC 3
google chrome (36) · android (9) · android studio (1)
17ibm—
42 CVE4 critCVSS 6.7
NEW
spectrum copy data management (7) · cognos analytics (7) · db2 for linux, unix and windows (5)
18ооо «ред софт»—
41 CVE6 critCVSS 7.0
NEWKEV 2Nuclei 4PoC 2
ред ос (41)
19advantech co., ltd—
39 CVE8 critCVSS 8.2
NEWPoC 11
r-seenet (26) · wise-4010 (13) · wise-4050 (13)
20fortinet—
39 CVECVSS 6.7
NEW
fortiweb (17) · fortinet fortiweb (15) · fortios (8)
21maven—
31 CVE5 critCVSS 7.8
NEWKEV 2Nuclei 3PoC 5
io.atomix:atomix (7) · org.ops4j.pax.logging:pax-logging-log4j2 (5) · org.apache.logging.log4j:log4j-core (4)
22adobe systems inc.—
29 CVECVSS 6.0
NEW
adobe premiere rush (16) · dimension (6) · adobe bridge (3)
23red hat inc.—
29 CVE3 critCVSS 7.5
NEWKEV 3Nuclei 2PoC 3
red hat enterprise linux (22) · openshift application runtimes (6) · red hat integration camel k (6)
24adobe—
28 CVECVSS 5.9
NEW
premiere rush (16) · dimension (6) · bridge (3)
25apple—
28 CVE4 critCVSS 7.4
NEWKEV 1Nuclei 3PoC 5
mac os x (24) · macos (24) · iphone os (7)
26mozilla—
27 CVE2 critCVSS 6.8
NEW
firefox (25) · thunderbird (20) · firefox esr (19)
27netapp—
27 CVE4 critCVSS 7.7
NEWKEV 1Nuclei 2PoC 5
oncommand insight (12) · h410s firmware (6) · h500e firmware (6)
28advantech—
26 CVECVSS 6.7
NEWPoC 11
r-seenet (26)
29npm—
26 CVE5 critCVSS 7.1
NEWPoC 8
jsx-slack (2) · @backstage/plugin-scaffolder-backend (1) · comb (1)
30pypi—
26 CVE2 critCVSS 7.1
NEWNuclei 1PoC 5
numpy (4) · pyo (2) · mailman (1)
31lantronix—
24 CVE16 critCVSS 8.5
NEWNuclei 1PoC 12
premierwave 2050 firmware (23) · premierwave 2050 (1)
32gitlab—
22 CVECVSS 4.4
NEWKEV 1
gitlab (22) · gitlab runner (1)
33gpac—
22 CVECVSS 5.6
NEWPoC 6
gpac (22)
34mediatek inc.—
22 CVECVSS 7.5
NEW
mt7628 (20) · mt7629 (20) · mt7613 (20)
35mozilla corp.—
22 CVE1 critCVSS 6.9
NEW
firefox (21) · thunderbird (14) · firefox esr (12)
36mediatek—
20 CVECVSS 8.1
NEW
mt7915 firmware (20) · mt7622 firmware (20) · mt7613 firmware (20)
37fedora project—
19 CVECVSS 7.6
NEWPoC 2
fedora (19)
38huawei technologies co., ltd.—
19 CVE7 critCVSS 7.7
NEW
harmonyos (12) · emui (7) · magic ui (7)
39oracle—
19 CVE2 critCVSS 6.6
NEWNuclei 2PoC 6
http server (9) · zfs storage appliance kit (8) · communications cloud native core policy (6)
40samsung mobile—
18 CVECVSS 4.7
NEW
samsung mobile devices (10) · samsung internet (2) · samsung pay (2)
41ао «ивк»—
18 CVE2 critCVSS 7.6
NEW
альт 8 сп (15) · альт сп 10 (4)
42apache software foundation—
17 CVE6 critCVSS 8.1
NEWKEV 3Nuclei 6PoC 4
log4j (5) · http server (3) · apache log4j2 (3)
43trendnet—
17 CVE4 critCVSS 7.5
NEWNuclei 9PoC 2
tew-827dru firmware (17)
44novell inc.—
15 CVE1 critCVSS 6.9
NEWKEV 3Nuclei 2PoC 2
opensuse leap (12) · opensuse tumbleweed (7) · suse package hub (4)
45apache—
14 CVE5 critCVSS 8.0
NEWKEV 2Nuclei 5PoC 2
log4j (5) · http server (2) · sling commons messaging mail (1)
46sonicwall—
14 CVE5 critCVSS 8.4
NEWKEV 3Nuclei 3PoC 3
sma 400 firmware (10) · sma 410 firmware (10) · sonicwall sma100 (10)
47elecom—
13 CVECVSS 7.6
NEW
edwrc-2533gst2 firmware (6) · wrc-1167gst2a firmware (6) · wrc-1167gst2 firmware (6)
48elecom co.,ltd.—
13 CVECVSS 6.8
NEW
elecom lan routers (8) · elecom routers (3) · elecom lan router (2)
49fortinet inc.—
13 CVECVSS 7.6
NEW
fortios (6) · fortiweb (3) · fortios-6k7k (3)
50go—
13 CVECVSS 7.1
NEWKEV 1Nuclei 1PoC 1
github.com/grafana/grafana (2) · github.com/opencontainers/runc (2) · github.com/foxcpp/maddy (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	netgear	201	47	·	1	NEWNuclei 1PoC 1	rbr850 firmware (89) · rbk852 firmware (88) · rbs850 firmware (88)	—
2	google	195	7	2	·	NEWKEV 2PoC 3	android (158) · chrome (36) · exposure notification verification server (1)	—
3	сообщество свободного программного обеспечения	117	15	4	4	NEWKEV 4Nuclei 4PoC 23	debian gnu/linux (95) · linux (9) · vim (8)	—
4	debian	108	10	3	4	NEWKEV 3Nuclei 4PoC 19	debian linux (108)	—
5	microsoft corp	96	9	3	1	NEWKEV 3Nuclei 1PoC 6	windows 10 2004 (30) · windows 11 (29) · windows 10 20h2 (29)	—
6	ао "нппкт"	93	7	2	4	NEWKEV 2Nuclei 4PoC 12	осон основа оnyx (93)	—
7	fedoraproject	90	6	2	4	NEWKEV 2Nuclei 4PoC 18	fedora (90) · sssd (1) · extra packages for enterprise linux (1)	—
8	ооо «русбитех-астра»	77	10	1	2	NEWKEV 1Nuclei 2PoC 13	astra linux special edition (77) · astra linux special edition для «эльбрус» (20) · astra linux common edition (4)	—
9	unknown	74	10	·	74	NEWNuclei 74PoC 41	modern events calendar lite (2) · events manager (2) · get custom field values (2)	—
10	ао «концерн вниинс»	73	5	1	3	NEWKEV 1Nuclei 3PoC 7	ос он «стрелец» (73)	—
11	huawei	69	20	·	·	NEW	harmonyos (60) · emui (28) · magic ui (27)	—
12	microsoft	68	7	2	·	NEWKEV 2PoC 2	windows server 2016 (30) · windows 10 version 21h1 (30) · windows 10 version 21h2 (30)	—
13	packagist	63	10	·	5	NEWNuclei 5PoC 21	yetiforce/yetiforce-crm (6) · showdoc/showdoc (6) · snipe/snipe-it (5)	—
14	crates.io	55	28	·	·	NEWPoC 2	rusqlite (7) · messagepack-rs (4) · libpulse-binding (3)	—
15	siemens	49	4	2	2	NEWKEV 2Nuclei 2PoC 3	jt open toolkit (23) · jt utilities (23) · jttk (21)	—
16	google inc	46	1	2	·	NEWKEV 2PoC 3	google chrome (36) · android (9) · android studio (1)	—
17	ibm	42	4	·	·	NEW	spectrum copy data management (7) · cognos analytics (7) · db2 for linux, unix and windows (5)	—
18	ооо «ред софт»	41	6	2	4	NEWKEV 2Nuclei 4PoC 2	ред ос (41)	—
19	advantech co., ltd	39	8	·	·	NEWPoC 11	r-seenet (26) · wise-4010 (13) · wise-4050 (13)	—
20	fortinet	39	·	·	·	NEW	fortiweb (17) · fortinet fortiweb (15) · fortios (8)	—
21	maven	31	5	2	3	NEWKEV 2Nuclei 3PoC 5	io.atomix:atomix (7) · org.ops4j.pax.logging:pax-logging-log4j2 (5) · org.apache.logging.log4j:log4j-core (4)	—
22	adobe systems inc.	29	·	·	·	NEW	adobe premiere rush (16) · dimension (6) · adobe bridge (3)	—
23	red hat inc.	29	3	3	2	NEWKEV 3Nuclei 2PoC 3	red hat enterprise linux (22) · openshift application runtimes (6) · red hat integration camel k (6)	—
24	adobe	28	·	·	·	NEW	premiere rush (16) · dimension (6) · bridge (3)	—
25	apple	28	4	1	3	NEWKEV 1Nuclei 3PoC 5	mac os x (24) · macos (24) · iphone os (7)	—
26	mozilla	27	2	·	·	NEW	firefox (25) · thunderbird (20) · firefox esr (19)	—
27	netapp	27	4	1	2	NEWKEV 1Nuclei 2PoC 5	oncommand insight (12) · h410s firmware (6) · h500e firmware (6)	—
28	advantech	26	·	·	·	NEWPoC 11	r-seenet (26)	—
29	npm	26	5	·	·	NEWPoC 8	jsx-slack (2) · @backstage/plugin-scaffolder-backend (1) · comb (1)	—
30	pypi	26	2	·	1	NEWNuclei 1PoC 5	numpy (4) · pyo (2) · mailman (1)	—
31	lantronix	24	16	·	1	NEWNuclei 1PoC 12	premierwave 2050 firmware (23) · premierwave 2050 (1)	—
32	gitlab	22	·	1	·	NEWKEV 1	gitlab (22) · gitlab runner (1)	—
33	gpac	22	·	·	·	NEWPoC 6	gpac (22)	—
34	mediatek inc.	22	·	·	·	NEW	mt7628 (20) · mt7629 (20) · mt7613 (20)	—
35	mozilla corp.	22	1	·	·	NEW	firefox (21) · thunderbird (14) · firefox esr (12)	—
36	mediatek	20	·	·	·	NEW	mt7915 firmware (20) · mt7622 firmware (20) · mt7613 firmware (20)	—
37	fedora project	19	·	·	·	NEWPoC 2	fedora (19)	—
38	huawei technologies co., ltd.	19	7	·	·	NEW	harmonyos (12) · emui (7) · magic ui (7)	—
39	oracle	19	2	·	2	NEWNuclei 2PoC 6	http server (9) · zfs storage appliance kit (8) · communications cloud native core policy (6)	—
40	samsung mobile	18	·	·	·	NEW	samsung mobile devices (10) · samsung internet (2) · samsung pay (2)	—
41	ао «ивк»	18	2	·	·	NEW	альт 8 сп (15) · альт сп 10 (4)	—
42	apache software foundation	17	6	3	6	NEWKEV 3Nuclei 6PoC 4	log4j (5) · http server (3) · apache log4j2 (3)	—
43	trendnet	17	4	·	9	NEWNuclei 9PoC 2	tew-827dru firmware (17)	—
44	novell inc.	15	1	3	2	NEWKEV 3Nuclei 2PoC 2	opensuse leap (12) · opensuse tumbleweed (7) · suse package hub (4)	—
45	apache	14	5	2	5	NEWKEV 2Nuclei 5PoC 2	log4j (5) · http server (2) · sling commons messaging mail (1)	—
46	sonicwall	14	5	3	3	NEWKEV 3Nuclei 3PoC 3	sma 400 firmware (10) · sma 410 firmware (10) · sonicwall sma100 (10)	—
47	elecom	13	·	·	·	NEW	edwrc-2533gst2 firmware (6) · wrc-1167gst2a firmware (6) · wrc-1167gst2 firmware (6)	—
48	elecom co.,ltd.	13	·	·	·	NEW	elecom lan routers (8) · elecom routers (3) · elecom lan router (2)	—
49	fortinet inc.	13	·	·	·	NEW	fortios (6) · fortiweb (3) · fortios-6k7k (3)	—
50	go	13	·	1	1	NEWKEV 1Nuclei 1PoC 1	github.com/grafana/grafana (2) · github.com/opencontainers/runc (2) · github.com/foxcpp/maddy (1)	—