CVE Tools
Sign in
month report

September 2022

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

September 2022 closed with 2,210 published CVEs. 299 criticals, 24 added to CISA KEV (5 ransomware-linked). google led volume, mostly via android. Top weakness class — CWE-787 (268 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
2,210
— MoM— YoY
Severity mix
299 / 905
critical / high
KEV added
24
5 ransomware-linked
Nuclei coverage
10.0%
221 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
1267.5
n=221
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
97
n=8
Detection gap

KEV pressure, no Nuclei coverage

September 2022 · vendors with active exploitation listed by CISA but no public detection template.

Weakness × Vendor

What's spreading where in September 2022

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

787Out-of-bounds Write79XSS89SQL Injection125Out-of-bounds Read352CSRF20Improper Input Validation416Use After Free22Path Traversal287Improper Authentication200Information Exposuregoogle3516119202сообщество свободного программного обеспечения2231962211ао "нппкт"26151728ооо «русбитех-астра»19251732pypi31151631maven7187134fedoraproject17512162011microsoft corp4111129ооо «ред софт»17436481debian161174111apple16110424adobe151326151

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1google
    166 CVE10 critCVSS 6.9
    KEV 3PoC 4
    android (64) · tensorflow (59) · chrome (42)
  • 2сообщество свободного программного обеспечения
    128 CVE9 critCVSS 7.0
    KEV 1Nuclei 3PoC 31
    debian gnu/linux (81) · linux (36) · vim (11)
  • 3ао "нппкт"
    115 CVE2 critCVSS 7.2
    KEV 3PoC 22
    осон основа оnyx (115)
  • 4ооо «русбитех-астра»
    115 CVE3 critCVSS 7.1
    KEV 3PoC 28
    astra linux special edition (108) · astra linux special edition для «эльбрус» (16) · astra linux common edition (2)
  • 5pypi
    114 CVE4 critCVSS 6.1
    PoC 10
    tensorflow (58) · tensorflow-cpu (56) · tensorflow-gpu (56)
  • 6maven
    108 CVE14 critCVSS 7.0
    Nuclei 1PoC 6
    com.fasterxml.woodstox:woodstox-core (5) · com.liferay.portal:release.dxp.bom (5) · org.yaml:snakeyaml (4)
  • 7fedoraproject
    98 CVE3 critCVSS 7.5
    KEV 3Nuclei 1PoC 19
    fedora (98) · extra packages for enterprise linux (4)
  • 8microsoft corp
    88 CVE4 critCVSS 8.0
    KEV 4PoC 3
    windows server 2022 (server core installation) (44) · windows server 2022 (44) · windows server 2019 (server core installation) (43)
  • 9ооо «ред софт»
    83 CVE8 critCVSS 6.6
    KEV 1Nuclei 2PoC 18
    ред ос (83)
  • 10debian
    80 CVE3 critCVSS 6.5
    Nuclei 1PoC 18
    debian linux (79) · logcheck (1)
  • 11apple
    72 CVE5 critCVSS 7.2
    KEV 1
    macos (64) · iphone os (42) · ipados (38)
  • 12adobe
    66 CVECVSS 6.6
    NEWNuclei 1
    indesign (17) · experience manager (14) · bridge (12)
  • 13microsoft
    66 CVE3 critCVSS 8.0
    KEV 1
    windows server 2022 (44) · windows server 2019 (server core installation) (43) · windows server 2019 (43)
  • 14adobe systems inc.
    65 CVECVSS 6.7
    NEW
    adobe indesign (17) · adobe experience manager (14) · adobe bridge (12)
  • 15google inc
    63 CVE1 critCVSS 8.0
    NEWKEV 3PoC 4
    google chrome (41) · android (20) · chrome os (3)
  • 16tensorflow
    59 CVECVSS 6.0
    tensorflow (59)
  • 17unknown
    55 CVE2 critCVSS 5.9
    NEWNuclei 55PoC 20
    ketchup restaurant reservations (2) · wp popup builder – popup forms , marketing popup & newsletter (2) · classified listing pro - classified ads & business directory plugin (2)
  • 18qualcomm
    54 CVE5 critCVSS 7.8
    NEW
    wcd9370 firmware (41) · wcd9380 firmware (40) · wsa8830 firmware (40)
  • 19qualcomm, inc.
    54 CVE5 critCVSS 7.9
    NEW
    snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (10) · snapdragon auto (8) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon industrial iot, snapdragon mobile, snapdragon wearables (5)
  • 20packagist
    51 CVE6 critCVSS 6.2
    Nuclei 8PoC 18
    typo3/cms-core (7) · typo3/cms (6) · moodle/moodle (5)
  • 21go
    47 CVE6 critCVSS 7.2
    Nuclei 2PoC 11
    github.com/rancher/rancher (3) · github.com/hashicorp/consul (2) · github.com/grafana/grafana (2)
  • 22ао «концерн вниинс»
    44 CVE1 critCVSS 8.0
    KEV 3PoC 5
    ос он «стрелец» (44)
  • 23npm
    43 CVE10 critCVSS 7.4
    PoC 11
    steal (8) · matrix-js-sdk (4) · parse-server (3)
  • 24red hat inc.
    42 CVE2 critCVSS 6.8
    PoC 11
    red hat enterprise linux (36) · red hat virtualization (6) · red hat integration camel for spring boot (3)
  • 25samsung mobile
    40 CVECVSS 4.5
    NEW
    samsung mobile devices (21) · samsung pay (3) · com.samsung.android.waterplugin (2)
  • 26tenda
    39 CVE21 critCVSS 8.7
    NEWPoC 23
    ac21 firmware (10) · i9 firmware (8) · ac18 firmware (8)
  • 27huawei
    37 CVE9 critCVSS 7.8
    emui (32) · harmonyos (27) · magic ui (20)
  • 28linux
    36 CVECVSS 6.2
    PoC 8
    linux kernel (36) · kernel (6)
  • 29ао «ивк»
    36 CVECVSS 6.7
    PoC 11
    альт 8 сп (33) · альт сп 10 (5)
  • 30samsung
    35 CVECVSS 5.8
    NEWPoC 3
    mtower (11) · tizenrt (4) · samsung pay (3)
  • 31jenkins
    32 CVE4 critCVSS 6.9
    NEW
    cons3rt (4) · build-publisher (3) · ns-nd integration performance publisher (3)
  • 32jenkins project
    32 CVE4 critCVSS 6.9
    NEW
    jenkins cons3rt plugin (4) · jenkins build-publisher plugin (3) · jenkins ns-nd integration performance publisher plugin (3)
  • 33apache software foundation
    30 CVE5 critCVSS 7.3
    Nuclei 2PoC 1
    apache ofbiz (5) · apache airflow (4) · apache pulsar (4)
  • 34ibm
    29 CVECVSS 6.4
    cognos analytics (7) · websphere application server (3) · aix (2)
  • 35otfcc project
    29 CVECVSS 6.5
    NEWPoC 29
    otfcc (29)
  • 36apache
    26 CVE5 critCVSS 7.3
    Nuclei 2PoC 1
    ofbiz (5) · pulsar (4) · airflow (4)
  • 37arubanetworks
    26 CVECVSS 7.3
    clearpass policy manager (14) · aos-cx (12)
  • 38canonical ltd.
    25 CVECVSS 6.9
    PoC 9
    ubuntu (25)
  • 39dell
    23 CVE3 critCVSS 6.5
    NEW
    vostro 3710 firmware (11) · inspiron 3910 firmware (11) · cpg bios (11)
  • 40fedora project
    23 CVE2 critCVSS 6.8
    PoC 7
    fedora (23) · fedora epel (1)
  • 41mediatek, inc.
    23 CVE1 critCVSS 6.5
    NEW
    mt6833, mt6853, mt6855, mt6873, mt6877, mt6879, mt6883, mt6885, mt6889, mt6893, mt6895, mt6983, mt8791, mt8797 (6) · mt6879, mt6895, mt6983 (2) · mt6761, mt6765, mt6768, mt6771, mt6779, mt6781, mt6785, mt6833, mt6853, mt6875, mt6877, mt6879, mt6885, mt6893, mt6895, mt6983 (2)
  • 42redhat
    23 CVECVSS 6.6
    Nuclei 1PoC 3
    enterprise linux (9) · openshift container platform (4) · single sign-on (3)
  • 43siemens
    23 CVE1 critCVSS 6.6
    parasolid v35.0 (20) · parasolid (20) · parasolid v33.1 (20)
  • 44ikus060
    22 CVE2 critCVSS 6.5
    NEWPoC 8
    ikus060/rdiffweb (20) · ikus060/minarca (2)
  • 45ikus-soft
    22 CVE2 critCVSS 6.5
    NEWPoC 8
    rdiffweb (20) · minarca (2)
  • 46cisco systems inc.
    21 CVECVSS 5.8
    NEWKEV 1PoC 19
    cisco ios xe (9) · catalyst sd-wan manager (5) · sd-wan vbond orchestrator software (3)
  • 47jflyfox
    21 CVE2 critCVSS 7.8
    NEWPoC 13
    jfinal cms (21)
  • 48cisco
    20 CVECVSS 5.4
    NEWKEV 1PoC 19
    ios xe (8) · cisco ios xe software (6) · sd-wan (5)
  • 49qualcomm technologies inc.
    20 CVECVSS 7.8
    NEW
    wcd9375 (18) · sd 8 gen1 5g (18) · wcn6855 (18)
  • 50ansys
    19 CVECVSS 7.8
    NEW
    spaceclaim (19)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-787268
2CWE-79252
3CWE-89162
4CWE-12590
5CWE-35267
6CWE-2064
7CWE-41660
8CWE-2257
9CWE-28753
10CWE-20045
11CWE-43438
12CWE-61738
13CWE-86238
14CWE-28436
15CWE-7836
16CWE-12035
17CWE-47632
18CWE-12231
19CWE-40031
20CWE-26928