month report

January 2022

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

January 2022 closed with 2,210 published CVEs. 210 criticals, 40 added to CISA KEV (9 ransomware-linked). oracle led volume, mostly via mysql. Top weakness class — CWE-79 (234 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

2,210

— MoM— YoY

Severity mix

210 / 821

critical / high

KEV added

9 ransomware-linked

Nuclei coverage

7.6%

169 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

1507.4

n=169

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

104

n=11

Detection gap

KEV pressure, no Nuclei coverage

January 2022 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2microsoft102 CVE
KEV 2ооо «открытая мобильная платформа»20 CVE
KEV 1ао «ивк»123 CVE
KEV 1reolink79 CVE
KEV 1google52 CVE
KEV 1siemens22 CVE

Weakness × Vendor

What's spreading where in January 2022

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#1oracle185 CVE
#2oracle corp.167 CVE
#3oracle corporation163 CVE
#4ао «ивк»123 CVE
#5debian111 CVE
#6сообщество свободного программного обеспечения106 CVE
#7netapp105 CVE
#8microsoft102 CVE
#9packagist88 CVE
#10microsoft corp83 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle—
185 CVE14 critCVSS 6.5
NEWKEV 2Nuclei 19PoC 7
mysql (72) · weblogic server (19) · jre (17)
2oracle corp.—
167 CVE10 critCVSS 6.1
NEWKEV 1Nuclei 18PoC 2
mysql cluster (44) · mysql server (29) · graalvm enterprise edition (17)
3oracle corporation—
163 CVE8 critCVSS 5.7
NEWKEV 1Nuclei 17PoC 2
mysql cluster (44) · mysql server (29) · java se jdk and jre (16)
4ао «ивк»—
123 CVE8 critCVSS 5.9
NEWKEV 1PoC 13
альт 8 сп (116) · альт сп 10 (9) · альт 8 сп сервер (5)
5debian—
111 CVE18 critCVSS 7.1
NEWKEV 2Nuclei 6PoC 31
debian linux (111)
6сообщество свободного программного обеспечения—
106 CVE16 critCVSS 6.9
NEWKEV 4Nuclei 3PoC 29
debian gnu/linux (93) · linux (15) · vim (14)
7netapp—
105 CVE2 critCVSS 5.5
NEWKEV 1Nuclei 1PoC 5
oncommand workflow automation (94) · oncommand insight (91) · active iq unified manager (33)
8microsoft—
102 CVE6 critCVSS 7.2
NEWKEV 2PoC 5
windows server 2019 (79) · windows server 2019 (server core installation) (79) · windows server version 20h2 (78)
9packagist—
88 CVE5 critCVSS 6.3
NEWNuclei 5PoC 25
remdex/livehelperchat (11) · pimcore/pimcore (10) · moodle/moodle (9)
10microsoft corp—
83 CVE7 critCVSS 7.1
NEWKEV 2Nuclei 1PoC 5
windows server 2022 (63) · windows server 2019 (63) · windows 10 1809 (62)
11reolink—
79 CVE3 critCVSS 7.7
NEWKEV 1PoC 46
rlc-410w firmware (79) · reolink rlc-410w (9)
12bentley—
78 CVECVSS 6.9
NEW
microstation (76) · bentley view (76) · view (76)
13fedoraproject—
77 CVE4 critCVSS 6.5
NEWKEV 1Nuclei 4PoC 20
fedora (77) · extra packages for enterprise linux (3)
14maven—
75 CVE15 critCVSS 7.0
NEWNuclei 11PoC 14
net.mingsoft:ms-mcms (6) · org.apache.kylin:kylin (6) · org.jenkins-ci.plugins:publish-over-ssh (5)
15huawei—
73 CVE10 critCVSS 7.3
NEW
harmonyos (66) · emui (32) · magic ui (28)
16unknown—
73 CVE2 critCVSS 6.5
NEWNuclei 73PoC 33
booster for woocommerce (3) · all in one seo – best wordpress seo plugin – easily improve seo rankings & increase traffic (2) · eventcalendar (2)
17ооо «русбитех-астра»—
71 CVE12 critCVSS 7.4
NEWKEV 3Nuclei 1PoC 17
astra linux special edition (71) · astra linux special edition для «эльбрус» (33) · astra linux common edition (3)
18red hat inc.—
64 CVE9 critCVSS 6.5
NEWPoC 9
red hat enterprise linux (57) · red hat software collections (25) · red hat build of openjdk (5)
19ао "нппкт"—
59 CVE13 critCVSS 7.5
NEWKEV 2Nuclei 1PoC 15
осон основа оnyx (59)
20ооо «ред софт»—
53 CVE8 critCVSS 6.9
NEWKEV 1Nuclei 1PoC 13
ред ос (53)
21google—
52 CVE3 critCVSS 6.6
NEWKEV 1
android (49) · fuchsia (1) · google-protobuf (1)
22ао «нтц ит роса»—
52 CVE8 critCVSS 7.2
NEWKEV 1Nuclei 1PoC 12
rosa virtualization (19) · роса кобальт (18) · роса хром (16)
23adobe systems inc.—
48 CVE1 critCVSS 6.3
NEW
adobe acrobat 2020 (26) · adobe acrobat document cloud (26) · adobe acrobat reader 2017 (26)
24netapp inc.—
48 CVE1 critCVSS 5.5
NEWNuclei 1
oncommand workflow automation (46) · oncommand insight (45) · active iq unified manager for vmware vsphere (22)
25adobe—
46 CVE1 critCVSS 6.4
NEW
acrobat (26) · acrobat dc (26) · acrobat reader (26)
26gpac—
46 CVECVSS 5.8
NEWPoC 13
gpac (46)
27ао «концерн вниинс»—
45 CVE6 critCVSS 7.0
NEWKEV 2Nuclei 2PoC 8
ос он «стрелец» (45)
28cesanta—
44 CVECVSS 6.1
NEWPoC 23
mjs (44)
29npm—
41 CVE5 critCVSS 7.2
NEWNuclei 2PoC 14
node-forge (4) · marked (2) · shelljs (2)
30pypi—
40 CVE3 critCVSS 6.4
NEWPoC 4
onionshare-cli (9) · calibreweb (6) · pillow (3)
31qualcomm—
40 CVE4 critCVSS 7.8
NEW
wcd9375 firmware (39) · wcd9370 firmware (39) · wcd9380 firmware (39)
32qualcomm, inc.—
40 CVE4 critCVSS 7.7
NEW
snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon voice & music, snapdragon wired infrastructure and networking (6) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables, snapdragon wired infrastructure and networking (4) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon voice & music, snapdragon wearables (3)
33apache—
32 CVE7 critCVSS 7.6
NEWNuclei 4PoC 2
kylin (6) · james (4) · shenyu (4)
34apache software foundation—
32 CVE7 critCVSS 7.8
NEWNuclei 4PoC 2
apache kylin (6) · apache shenyu (incubating) (4) · apache james (4)
35jsish—
31 CVECVSS 5.6
NEWPoC 13
jsish (31)
36jerryscript—
27 CVECVSS 6.0
NEWPoC 13
jerryscript (27)
37juniper—
27 CVECVSS 6.9
NEWPoC 26
junos (25) · junos os evolved (4) · contrail service orchestration (1)
38juniper networks—
27 CVECVSS 6.9
NEWPoC 26
junos os (25) · junos os evolved (5) · contrail service orchestration (1)
39f5—
25 CVECVSS 6.8
NEW
big-ip advanced firewall manager (18) · big-ip access policy manager (17) · big-ip application security manager (16)
40ibm corp.—
24 CVE9 critCVSS 8.1
NEWPoC 3
ibm qradar siem (8) · ibm cloud pak system (6) · cognos controller (4)
41jenkins—
24 CVECVSS 5.7
NEWNuclei 1PoC 7
publish over ssh (5) · bitbucket branch source (2) · mailer (2)
42jenkins project—
24 CVECVSS 5.7
NEWNuclei 1PoC 7
jenkins publish over ssh plugin (5) · jenkins bitbucket branch source plugin (2) · jenkins mailer plugin (2)
43juniper networks inc.—
24 CVECVSS 6.9
NEWPoC 23
junos (22) · junos os evolved (3) · contrail service orchestration (1)
44ibm—
23 CVE2 critCVSS 6.8
NEW
security verify access (5) · cognos controller (4) · security guardium insights (3)
45fedora project—
22 CVE3 critCVSS 6.8
NEWKEV 2Nuclei 2PoC 5
fedora (22)
46siemens—
22 CVE4 critCVSS 7.7
NEWKEV 1PoC 5
sinema remote connect server (10) · comos v10.2 (4) · comos v10.3 (4)
47novell inc.—
21 CVE6 critCVSS 7.0
NEWKEV 1Nuclei 1PoC 1
opensuse leap (12) · suse linux enterprise server (10) · suse linux enterprise desktop (8)
48schneider-electric—
21 CVE1 critCVSS 7.3
NEW
network management card 3 firmware (6) · network management card 2 firmware (6) · evlink parking evw2 firmware (5)
49ооо «открытая мобильная платформа»—
20 CVE10 critCVSS 8.8
NEWKEV 2PoC 3
ос аврора (20)
50cisco—
18 CVE1 critCVSS 6.1
NEWPoC 16
security manager (13) · cisco security manager (13) · cisco firepower threat defense software (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	185	14	2	19	NEWKEV 2Nuclei 19PoC 7	mysql (72) · weblogic server (19) · jre (17)	—
2	oracle corp.	167	10	1	18	NEWKEV 1Nuclei 18PoC 2	mysql cluster (44) · mysql server (29) · graalvm enterprise edition (17)	—
3	oracle corporation	163	8	1	17	NEWKEV 1Nuclei 17PoC 2	mysql cluster (44) · mysql server (29) · java se jdk and jre (16)	—
4	ао «ивк»	123	8	1	·	NEWKEV 1PoC 13	альт 8 сп (116) · альт сп 10 (9) · альт 8 сп сервер (5)	—
5	debian	111	18	2	6	NEWKEV 2Nuclei 6PoC 31	debian linux (111)	—
6	сообщество свободного программного обеспечения	106	16	4	3	NEWKEV 4Nuclei 3PoC 29	debian gnu/linux (93) · linux (15) · vim (14)	—
7	netapp	105	2	1	1	NEWKEV 1Nuclei 1PoC 5	oncommand workflow automation (94) · oncommand insight (91) · active iq unified manager (33)	—
8	microsoft	102	6	2	·	NEWKEV 2PoC 5	windows server 2019 (79) · windows server 2019 (server core installation) (79) · windows server version 20h2 (78)	—
9	packagist	88	5	·	5	NEWNuclei 5PoC 25	remdex/livehelperchat (11) · pimcore/pimcore (10) · moodle/moodle (9)	—
10	microsoft corp	83	7	2	1	NEWKEV 2Nuclei 1PoC 5	windows server 2022 (63) · windows server 2019 (63) · windows 10 1809 (62)	—
11	reolink	79	3	1	·	NEWKEV 1PoC 46	rlc-410w firmware (79) · reolink rlc-410w (9)	—
12	bentley	78	·	·	·	NEW	microstation (76) · bentley view (76) · view (76)	—
13	fedoraproject	77	4	1	4	NEWKEV 1Nuclei 4PoC 20	fedora (77) · extra packages for enterprise linux (3)	—
14	maven	75	15	·	11	NEWNuclei 11PoC 14	net.mingsoft:ms-mcms (6) · org.apache.kylin:kylin (6) · org.jenkins-ci.plugins:publish-over-ssh (5)	—
15	huawei	73	10	·	·	NEW	harmonyos (66) · emui (32) · magic ui (28)	—
16	unknown	73	2	·	73	NEWNuclei 73PoC 33	booster for woocommerce (3) · all in one seo – best wordpress seo plugin – easily improve seo rankings & increase traffic (2) · eventcalendar (2)	—
17	ооо «русбитех-астра»	71	12	3	1	NEWKEV 3Nuclei 1PoC 17	astra linux special edition (71) · astra linux special edition для «эльбрус» (33) · astra linux common edition (3)	—
18	red hat inc.	64	9	·	·	NEWPoC 9	red hat enterprise linux (57) · red hat software collections (25) · red hat build of openjdk (5)	—
19	ао "нппкт"	59	13	2	1	NEWKEV 2Nuclei 1PoC 15	осон основа оnyx (59)	—
20	ооо «ред софт»	53	8	1	1	NEWKEV 1Nuclei 1PoC 13	ред ос (53)	—
21	google	52	3	1	·	NEWKEV 1	android (49) · fuchsia (1) · google-protobuf (1)	—
22	ао «нтц ит роса»	52	8	1	1	NEWKEV 1Nuclei 1PoC 12	rosa virtualization (19) · роса кобальт (18) · роса хром (16)	—
23	adobe systems inc.	48	1	·	·	NEW	adobe acrobat 2020 (26) · adobe acrobat document cloud (26) · adobe acrobat reader 2017 (26)	—
24	netapp inc.	48	1	·	1	NEWNuclei 1	oncommand workflow automation (46) · oncommand insight (45) · active iq unified manager for vmware vsphere (22)	—
25	adobe	46	1	·	·	NEW	acrobat (26) · acrobat dc (26) · acrobat reader (26)	—
26	gpac	46	·	·	·	NEWPoC 13	gpac (46)	—
27	ао «концерн вниинс»	45	6	2	2	NEWKEV 2Nuclei 2PoC 8	ос он «стрелец» (45)	—
28	cesanta	44	·	·	·	NEWPoC 23	mjs (44)	—
29	npm	41	5	·	2	NEWNuclei 2PoC 14	node-forge (4) · marked (2) · shelljs (2)	—
30	pypi	40	3	·	·	NEWPoC 4	onionshare-cli (9) · calibreweb (6) · pillow (3)	—
31	qualcomm	40	4	·	·	NEW	wcd9375 firmware (39) · wcd9370 firmware (39) · wcd9380 firmware (39)	—
32	qualcomm, inc.	40	4	·	·	NEW	snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon voice & music, snapdragon wired infrastructure and networking (6) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables, snapdragon wired infrastructure and networking (4) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon voice & music, snapdragon wearables (3)	—
33	apache	32	7	·	4	NEWNuclei 4PoC 2	kylin (6) · james (4) · shenyu (4)	—
34	apache software foundation	32	7	·	4	NEWNuclei 4PoC 2	apache kylin (6) · apache shenyu (incubating) (4) · apache james (4)	—
35	jsish	31	·	·	·	NEWPoC 13	jsish (31)	—
36	jerryscript	27	·	·	·	NEWPoC 13	jerryscript (27)	—
37	juniper	27	·	·	·	NEWPoC 26	junos (25) · junos os evolved (4) · contrail service orchestration (1)	—
38	juniper networks	27	·	·	·	NEWPoC 26	junos os (25) · junos os evolved (5) · contrail service orchestration (1)	—
39	f5	25	·	·	·	NEW	big-ip advanced firewall manager (18) · big-ip access policy manager (17) · big-ip application security manager (16)	—
40	ibm corp.	24	9	·	·	NEWPoC 3	ibm qradar siem (8) · ibm cloud pak system (6) · cognos controller (4)	—
41	jenkins	24	·	·	1	NEWNuclei 1PoC 7	publish over ssh (5) · bitbucket branch source (2) · mailer (2)	—
42	jenkins project	24	·	·	1	NEWNuclei 1PoC 7	jenkins publish over ssh plugin (5) · jenkins bitbucket branch source plugin (2) · jenkins mailer plugin (2)	—
43	juniper networks inc.	24	·	·	·	NEWPoC 23	junos (22) · junos os evolved (3) · contrail service orchestration (1)	—
44	ibm	23	2	·	·	NEW	security verify access (5) · cognos controller (4) · security guardium insights (3)	—
45	fedora project	22	3	2	2	NEWKEV 2Nuclei 2PoC 5	fedora (22)	—
46	siemens	22	4	1	·	NEWKEV 1PoC 5	sinema remote connect server (10) · comos v10.2 (4) · comos v10.3 (4)	—
47	novell inc.	21	6	1	1	NEWKEV 1Nuclei 1PoC 1	opensuse leap (12) · suse linux enterprise server (10) · suse linux enterprise desktop (8)	—
48	schneider-electric	21	1	·	·	NEW	network management card 3 firmware (6) · network management card 2 firmware (6) · evlink parking evw2 firmware (5)	—
49	ооо «открытая мобильная платформа»	20	10	2	·	NEWKEV 2PoC 3	ос аврора (20)	—
50	cisco	18	1	·	·	NEWPoC 16	security manager (13) · cisco security manager (13) · cisco firepower threat defense software (2)	—