month report

May 2022

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

May 2022 closed with 2,205 published CVEs. 405 criticals, 83 added to CISA KEV (18 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via debian gnu/linux. Top weakness class — CWE-79 (298 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

2,205

— MoM— YoY

Severity mix

405 / 864

critical / high

KEV added

18 ransomware-linked

Nuclei coverage

11.1%

244 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

1390.3

n=244

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=6

Detection gap

KEV pressure, no Nuclei coverage

May 2022 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2apple92 CVE
KEV 2microsoft75 CVE
KEV 2microsoft corp75 CVE
KEV 1ооо «русбитех-астра»73 CVE
KEV 1cisco48 CVE
KEV 1cisco systems inc.48 CVE

Weakness × Vendor

What's spreading where in May 2022

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#2unknown105 CVE
#3adobe97 CVE
#21totolink40 CVE
#22intel corp.38 CVE
#24intel37 CVE
#29adobe systems inc.32 CVE
#30amd32 CVE
#32siemens ag31 CVE
#33фссп россии30 CVE
#36mediatek, inc.28 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
115 CVE10 critCVSS 7.2
KEV 1Nuclei 3PoC 33
debian gnu/linux (94) · vim (20) · linux (16)
2unknown—
105 CVE16 critCVSS 6.3
NEWNuclei 105PoC 52
vikbooking hotel booking engine & pms (4) · wpqa builder plugin (3) · adrotate – ad manager & adsense ads (2)
3adobe—
97 CVECVSS 6.8
NEW
acrobat reader dc (64) · acrobat (64) · acrobat dc (64)
4apple—
92 CVE7 critCVSS 7.1
KEV 2PoC 12
macos (83) · mac os x (30) · iphone os (26)
5google—
86 CVE1 critCVSS 6.1
PoC 9
android (58) · tensorflow (24) · fuchsia (2)
6maven—
77 CVE8 critCVSS 6.9
Nuclei 8PoC 10
org.jenkins-ci.plugins:autocomplete-parameter (3) · org.jenkins-ci.plugins:ssh (3) · org.jenkins-ci.plugins:mercurial (3)
7microsoft—
75 CVE3 critCVSS 7.5
KEV 2PoC 1
windows server version 20h2 (59) · windows server 2022 (57) · windows server 2019 (57)
8microsoft corp—
75 CVE3 critCVSS 7.4
KEV 2PoC 1
windows server 20h2 (server core installation) (59) · windows server 2022 (server core installation) (57) · windows server 2019 (57)
9debian—
73 CVE8 critCVSS 7.6
KEV 1Nuclei 1PoC 29
debian linux (73) · dpkg (1)
10ооо «русбитех-астра»—
73 CVE5 critCVSS 7.2
KEV 1PoC 24
astra linux special edition (72) · astra linux special edition для «эльбрус» (37) · astra linux common edition (1)
11fedoraproject—
71 CVE11 critCVSS 7.5
Nuclei 2PoC 22
fedora (71)
12ооо «ред софт»—
68 CVE9 critCVSS 7.4
KEV 1Nuclei 2PoC 19
ред ос (64) · ред база данных (4)
13ао "нппкт"—
54 CVE6 critCVSS 7.4
KEV 1Nuclei 1PoC 17
осон основа оnyx (54)
14ао «ивк»—
50 CVE5 critCVSS 7.3
Nuclei 2PoC 17
альт 8 сп (43) · альт сп 10 (12)
15cisco—
48 CVE3 critCVSS 6.5
KEV 1PoC 48
firepower threat defense (12) · cisco common services platform collector software (9) · common services platform collector (9)
16cisco systems inc.—
48 CVE3 critCVSS 6.4
KEV 1PoC 48
firepower threat defense (12) · cisco common services platform collector (9) · adaptive security appliance (6)
17f5—
45 CVE2 critCVSS 6.3
KEV 1Nuclei 1PoC 1
big-ip access policy manager (36) · big-ip application security manager (30) · big-ip advanced firewall manager (28)
18pypi—
45 CVE6 critCVSS 6.1
PoC 9
tensorflow-cpu (25) · tensorflow (25) · tensorflow-gpu (25)
19go—
44 CVE6 critCVSS 7.7
Nuclei 1PoC 2
github.com/hashicorp/go-getter/gcs/v2 (4) · github.com/hashicorp/go-getter (4) · github.com/rancher/rancher (4)
20npm—
44 CVE5 critCVSS 7.3
Nuclei 1PoC 10
strapi (3) · @strapi/strapi (3) · convict (2)
21totolink—
40 CVE31 critCVSS 9.1
NEWNuclei 1PoC 22
n600r firmware (19) · a3100r firmware (9) · a7100ru firmware (9)
22intel corp.—
38 CVECVSS 6.2
NEW
optane ssd 900p series (8) · optane memory h20 with solid state storage (8) · optane memory h10 with solid state storage (8)
23ibm—
37 CVE3 critCVSS 6.6
robotic process automation (5) · guardium data encryption (4) · robotic process automation as a service (3)
24intel—
37 CVECVSS 6.4
NEW
core i9-10920x firmware (8) · optane ssd p5800x firmware (8) · optane ssd dc p4800x firmware (8)
25netapp—
37 CVE5 critCVSS 7.1
PoC 10
h700s firmware (20) · h300s firmware (20) · h410s firmware (20)
26red hat inc.—
35 CVE4 critCVSS 7.1
Nuclei 2PoC 10
red hat enterprise linux (29) · red hat jboss fuse (4) · openshift container platform (3)
27packagist—
34 CVE5 critCVSS 7.3
Nuclei 8PoC 13
moodle/moodle (5) · facturascripts/facturascripts (3) · microweber/microweber (3)
28siemens—
33 CVE3 critCVSS 7.0
7kg8500-0aa10-0aa0 firmware (11) · 7kg8500-0aa10-2aa0 firmware (11) · 7kg8500-0aa30-0aa0 firmware (11)
29adobe systems inc.—
32 CVECVSS 7.5
NEW
photoshop 2022 (14) · photoshop 2021 (14) · adobe framemaker (10)
30amd—
32 CVECVSS 6.0
NEW
epyc 7713 firmware (19) · epyc 7713p firmware (19) · epyc 7763 firmware (19)
31fedora project—
31 CVE4 critCVSS 7.5
Nuclei 1PoC 12
fedora (31)
32siemens ag—
31 CVE3 critCVSS 7.0
NEW
sicam p850 (11) · sicam p855 (11) · desigo pxc4 (8)
33фссп россии—
30 CVE3 critCVSS 7.4
NEWNuclei 1PoC 10
ос тд аис фссп россии (30)
34jenkins—
28 CVECVSS 6.5
blue ocean (3) · autocomplete parameter (3) · ssh (3)
35jenkins project—
28 CVECVSS 6.5
jenkins ssh plugin (3) · jenkins autocomplete parameter plugin (3) · jenkins blue ocean plugin (2)
36mediatek, inc.—
28 CVECVSS 6.3
NEW
mt6580, mt6739, mt6761, mt6762, mt6765, mt6768, mt6769, mt6771, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6853t, mt6873, mt6875, mt6877, mt6879, mt6883, mt6885, mt6889, mt6891, mt6893, mt6895, mt6983, mt8163, mt8167, mt8168, mt8173, mt8185, mt8321, mt8362a, mt8365, mt8735, mt8735b, mt8765, mt8766, mt8768, mt8786, mt8788, mt8789, mt8791, mt8797 (8) · mt6580, mt6735, mt6737, mt6739, mt6750, mt6750s, mt6753, mt6757, mt6757c, mt6757cd, mt6757ch, mt6761, mt6762, mt6763, mt6765, mt6768, mt6769, mt6771, mt6779, mt6781, mt6785, mt6797, mt6833, mt6853, mt6853t, mt6873, mt6875, mt6877, mt6883, mt6885, mt6889, mt6893, mt8167, mt8168, mt8173, mt8185, mt8321, mt8362a, mt8365, mt8385, mt8666, mt8675, mt8695, mt8696, mt8765, mt8766, mt8768, mt8786, mt8788, mt8789, mt8791, mt8797 (4) · mt9011, mt9215, mt9216, mt9220, mt9221, mt9255, mt9256, mt9266, mt9269, mt9285, mt9286, mt9288, mt9600, mt9602, mt9610, mt9611, mt9612, mt9613, mt9615, mt9617, mt9629, mt9630, mt9631, mt9632, mt9636, mt9638, mt9639, mt9650, mt9652, mt9666, mt9669, mt9670, mt9675, mt9685, mt9686, mt9688 (4)
37ао «нтц ит роса»—
27 CVE3 critCVSS 7.5
Nuclei 2PoC 8
rosa virtualization (14) · роса хром (13) · rosa virtualization 3.0 (7)
38novell inc.—
25 CVE2 critCVSS 7.2
Nuclei 1PoC 11
suse linux enterprise server (20) · suse linux enterprise desktop (18) · suse linux enterprise server for sap applications (18)
39tenda—
24 CVE10 critCVSS 8.5
NEWPoC 12
ax1806 firmware (6) · ac18 firmware (6) · ax12 firmware (3)
40tensorflow—
24 CVECVSS 5.7
PoC 8
tensorflow (24)
41hcl software—
23 CVE1 critCVSS 6.1
NEWPoC 3
bigfix platform (5) · sametime (5) · hcl bigfix mobile / modern client management (3)
42chshcms—
22 CVE1 critCVSS 7.7
NEWPoC 10
cscms music portal system (21) · cscms (1)
43hcltech—
22 CVE1 critCVSS 6.2
PoC 3
sametime (5) · bigfix platform (5) · bigfix mobile (3)
44arubanetworks—
21 CVE10 critCVSS 8.5
clearpass policy manager (19) · 2540 firmware (2) · 2615 firmware (2)
45dlink—
20 CVE18 critCVSS 9.5
Nuclei 2PoC 8
dir-816 firmware (8) · dir-882 firmware (4) · dir-816l firmware (2)
46vim—
20 CVECVSS 7.4
NEWPoC 9
vim (20) · vim/vim (20)
47wedding management system project—
20 CVE1 critCVSS 7.7
NEWPoC 10
wedding management system (20)
48inhand networks—
19 CVECVSS 8.0
NEWPoC 8
inrouter302 (19)
49inhandnetworks—
19 CVECVSS 8.0
NEWPoC 8
ir302 firmware (16) · inrouter302 firmware (3)
50ао «концерн вниинс»—
19 CVE2 critCVSS 7.7
PoC 5
ос он «стрелец» (19)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	115	10	1	3	KEV 1Nuclei 3PoC 33	debian gnu/linux (94) · vim (20) · linux (16)	—
2	unknown	105	16	·	105	NEWNuclei 105PoC 52	vikbooking hotel booking engine & pms (4) · wpqa builder plugin (3) · adrotate – ad manager & adsense ads (2)	—
3	adobe	97	·	·	·	NEW	acrobat reader dc (64) · acrobat (64) · acrobat dc (64)	—
4	apple	92	7	2	·	KEV 2PoC 12	macos (83) · mac os x (30) · iphone os (26)	—
5	google	86	1	·	·	PoC 9	android (58) · tensorflow (24) · fuchsia (2)	—
6	maven	77	8	·	8	Nuclei 8PoC 10	org.jenkins-ci.plugins:autocomplete-parameter (3) · org.jenkins-ci.plugins:ssh (3) · org.jenkins-ci.plugins:mercurial (3)	—
7	microsoft	75	3	2	·	KEV 2PoC 1	windows server version 20h2 (59) · windows server 2022 (57) · windows server 2019 (57)	—
8	microsoft corp	75	3	2	·	KEV 2PoC 1	windows server 20h2 (server core installation) (59) · windows server 2022 (server core installation) (57) · windows server 2019 (57)	—
9	debian	73	8	1	1	KEV 1Nuclei 1PoC 29	debian linux (73) · dpkg (1)	—
10	ооо «русбитех-астра»	73	5	1	·	KEV 1PoC 24	astra linux special edition (72) · astra linux special edition для «эльбрус» (37) · astra linux common edition (1)	—
11	fedoraproject	71	11	·	2	Nuclei 2PoC 22	fedora (71)	—
12	ооо «ред софт»	68	9	1	2	KEV 1Nuclei 2PoC 19	ред ос (64) · ред база данных (4)	—
13	ао "нппкт"	54	6	1	1	KEV 1Nuclei 1PoC 17	осон основа оnyx (54)	—
14	ао «ивк»	50	5	·	2	Nuclei 2PoC 17	альт 8 сп (43) · альт сп 10 (12)	—
15	cisco	48	3	1	·	KEV 1PoC 48	firepower threat defense (12) · cisco common services platform collector software (9) · common services platform collector (9)	—
16	cisco systems inc.	48	3	1	·	KEV 1PoC 48	firepower threat defense (12) · cisco common services platform collector (9) · adaptive security appliance (6)	—
17	f5	45	2	1	1	KEV 1Nuclei 1PoC 1	big-ip access policy manager (36) · big-ip application security manager (30) · big-ip advanced firewall manager (28)	—
18	pypi	45	6	·	·	PoC 9	tensorflow-cpu (25) · tensorflow (25) · tensorflow-gpu (25)	—
19	go	44	6	·	1	Nuclei 1PoC 2	github.com/hashicorp/go-getter/gcs/v2 (4) · github.com/hashicorp/go-getter (4) · github.com/rancher/rancher (4)	—
20	npm	44	5	·	1	Nuclei 1PoC 10	strapi (3) · @strapi/strapi (3) · convict (2)	—
21	totolink	40	31	·	1	NEWNuclei 1PoC 22	n600r firmware (19) · a3100r firmware (9) · a7100ru firmware (9)	—
22	intel corp.	38	·	·	·	NEW	optane ssd 900p series (8) · optane memory h20 with solid state storage (8) · optane memory h10 with solid state storage (8)	—
23	ibm	37	3	·	·		robotic process automation (5) · guardium data encryption (4) · robotic process automation as a service (3)	—
24	intel	37	·	·	·	NEW	core i9-10920x firmware (8) · optane ssd p5800x firmware (8) · optane ssd dc p4800x firmware (8)	—
25	netapp	37	5	·	·	PoC 10	h700s firmware (20) · h300s firmware (20) · h410s firmware (20)	—
26	red hat inc.	35	4	·	2	Nuclei 2PoC 10	red hat enterprise linux (29) · red hat jboss fuse (4) · openshift container platform (3)	—
27	packagist	34	5	·	8	Nuclei 8PoC 13	moodle/moodle (5) · facturascripts/facturascripts (3) · microweber/microweber (3)	—
28	siemens	33	3	·	·		7kg8500-0aa10-0aa0 firmware (11) · 7kg8500-0aa10-2aa0 firmware (11) · 7kg8500-0aa30-0aa0 firmware (11)	—
29	adobe systems inc.	32	·	·	·	NEW	photoshop 2022 (14) · photoshop 2021 (14) · adobe framemaker (10)	—
30	amd	32	·	·	·	NEW	epyc 7713 firmware (19) · epyc 7713p firmware (19) · epyc 7763 firmware (19)	—
31	fedora project	31	4	·	1	Nuclei 1PoC 12	fedora (31)	—
32	siemens ag	31	3	·	·	NEW	sicam p850 (11) · sicam p855 (11) · desigo pxc4 (8)	—
33	фссп россии	30	3	·	1	NEWNuclei 1PoC 10	ос тд аис фссп россии (30)	—
34	jenkins	28	·	·	·		blue ocean (3) · autocomplete parameter (3) · ssh (3)	—
35	jenkins project	28	·	·	·		jenkins ssh plugin (3) · jenkins autocomplete parameter plugin (3) · jenkins blue ocean plugin (2)	—
36	mediatek, inc.	28	·	·	·	NEW	mt6580, mt6739, mt6761, mt6762, mt6765, mt6768, mt6769, mt6771, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6853t, mt6873, mt6875, mt6877, mt6879, mt6883, mt6885, mt6889, mt6891, mt6893, mt6895, mt6983, mt8163, mt8167, mt8168, mt8173, mt8185, mt8321, mt8362a, mt8365, mt8735, mt8735b, mt8765, mt8766, mt8768, mt8786, mt8788, mt8789, mt8791, mt8797 (8) · mt6580, mt6735, mt6737, mt6739, mt6750, mt6750s, mt6753, mt6757, mt6757c, mt6757cd, mt6757ch, mt6761, mt6762, mt6763, mt6765, mt6768, mt6769, mt6771, mt6779, mt6781, mt6785, mt6797, mt6833, mt6853, mt6853t, mt6873, mt6875, mt6877, mt6883, mt6885, mt6889, mt6893, mt8167, mt8168, mt8173, mt8185, mt8321, mt8362a, mt8365, mt8385, mt8666, mt8675, mt8695, mt8696, mt8765, mt8766, mt8768, mt8786, mt8788, mt8789, mt8791, mt8797 (4) · mt9011, mt9215, mt9216, mt9220, mt9221, mt9255, mt9256, mt9266, mt9269, mt9285, mt9286, mt9288, mt9600, mt9602, mt9610, mt9611, mt9612, mt9613, mt9615, mt9617, mt9629, mt9630, mt9631, mt9632, mt9636, mt9638, mt9639, mt9650, mt9652, mt9666, mt9669, mt9670, mt9675, mt9685, mt9686, mt9688 (4)	—
37	ао «нтц ит роса»	27	3	·	2	Nuclei 2PoC 8	rosa virtualization (14) · роса хром (13) · rosa virtualization 3.0 (7)	—
38	novell inc.	25	2	·	1	Nuclei 1PoC 11	suse linux enterprise server (20) · suse linux enterprise desktop (18) · suse linux enterprise server for sap applications (18)	—
39	tenda	24	10	·	·	NEWPoC 12	ax1806 firmware (6) · ac18 firmware (6) · ax12 firmware (3)	—
40	tensorflow	24	·	·	·	PoC 8	tensorflow (24)	—
41	hcl software	23	1	·	·	NEWPoC 3	bigfix platform (5) · sametime (5) · hcl bigfix mobile / modern client management (3)	—
42	chshcms	22	1	·	·	NEWPoC 10	cscms music portal system (21) · cscms (1)	—
43	hcltech	22	1	·	·	PoC 3	sametime (5) · bigfix platform (5) · bigfix mobile (3)	—
44	arubanetworks	21	10	·	·		clearpass policy manager (19) · 2540 firmware (2) · 2615 firmware (2)	—
45	dlink	20	18	·	2	Nuclei 2PoC 8	dir-816 firmware (8) · dir-882 firmware (4) · dir-816l firmware (2)	—
46	vim	20	·	·	·	NEWPoC 9	vim (20) · vim/vim (20)	—
47	wedding management system project	20	1	·	·	NEWPoC 10	wedding management system (20)	—
48	inhand networks	19	·	·	·	NEWPoC 8	inrouter302 (19)	—
49	inhandnetworks	19	·	·	·	NEWPoC 8	ir302 firmware (16) · inrouter302 firmware (3)	—
50	ао «концерн вниинс»	19	2	·	·	PoC 5	ос он «стрелец» (19)	—