month report
November 2022
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
November 2022 closed with 2,135 published CVEs. 284 criticals, 10 added to CISA KEV (2 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via debian gnu/linux. Top weakness class — CWE-79 (294 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
2,135
— MoM— YoY
Severity mix
284 / 748
critical / high
KEV added
10
2 ransomware-linked
Nuclei coverage
11.7%
250 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
1204.1
n=250
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
91
n=8
Detection gap
KEV pressure, no Nuclei coverage
November 2022 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 7microsoft65 CVE
- KEV 6microsoft corp100 CVE
- KEV 2ао "нппкт"139 CVE
- KEV 2google137 CVE
- KEV 2ооо «русбитех-астра»111 CVE
- KEV 2google inc60 CVE
- KEV 1apple95 CVE
Weakness × Vendor
What's spreading where in November 2022
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS787Out-of-bounds Write89SQL Injection352CSRF20Improper Input Validation22Path Traversal200Information Exposure416Use After Free707CWE-707434Unrestricted File Uploadсообщество свободного программного обеспечения527161125ао "нппкт"12351130google1815130ооо «русбитех-астра»1265124microsoft corp7312apple11721127maven927311051packagist4433131fedoraproject26132ооо «ред софт»77115324debian19214microsoft4
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #1сообщество свободного программного обеспечения148 CVE
- #2ао "нппкт"139 CVE
- #3google137 CVE
- #4ооо «русбитех-астра»111 CVE
- #5microsoft corp100 CVE
- #6apple95 CVE
- #7maven93 CVE
- #8packagist80 CVE
- #9fedoraproject69 CVE
- #10ооо «ред софт»67 CVE
Top vendors
Ranked by distinct CVE count this period.
- 148 CVE8 critCVSS 6.9NEWNuclei 5PoC 24debian gnu/linux (118) · linux (19) · webkitgtk (10)
- 139 CVE3 critCVSS 6.9NEWKEV 2PoC 19осон основа оnyx (139)
- 137 CVE2 critCVSS 7.0NEWKEV 2PoC 14chrome (65) · android (47) · tensorflow (23)
- 111 CVE4 critCVSS 7.0NEWKEV 2PoC 15astra linux special edition (110) · astra linux special edition для «эльбрус» (12)
- 100 CVE1 critCVSS 7.3NEWKEV 6PoC 5windows server 2022 (39) · windows 11 (38) · windows server 2019 (37)
- 95 CVE3 critCVSS 6.9NEWKEV 1PoC 5macos (79) · iphone os (74) · ipados (53)
- 93 CVE20 critCVSS 6.9NEWNuclei 6PoC 10com.liferay.portal:release.portal.bom (11) · com.liferay.portal:release.dxp.bom (8) · org.jeecgframework.boot:jeecg-module-system (4)
- 80 CVE8 critCVSS 6.2NEWNuclei 9PoC 23concrete5/concrete5 (12) · librenms/librenms (8) · tribalsystems/zenario (7)
- 69 CVE5 critCVSS 6.6NEWNuclei 1PoC 13fedora (69) · extra packages for enterprise linux (2)
- 67 CVE8 critCVSS 6.6NEWKEV 1Nuclei 3PoC 12ред ос (67)
- 65 CVE4 critCVSS 7.1NEWPoC 15debian linux (65)
- 65 CVE2 critCVSS 7.4NEWKEV 7PoC 2windows server 2022 (38) · windows server 2019 (36) · windows 10 version 22h2 (36)
- 64 CVE7 critCVSS 6.6NEWNuclei 64PoC 48wp user merger (3) · oauth client by digitialpixies (2) · role based pricing for woocommerce (2)
- 60 CVE2 critCVSS 7.3NEWKEV 2PoC 4google chrome (58) · chrome os (4) · android studio (2)
- 59 CVE6 critCVSS 5.8NEWNuclei 1PoC 13tensorflow (25) · tensorflow-gpu (24) · tensorflow-cpu (24)
- 58 CVECVSS 6.7NEWxmm 7560 firmware (9) · active management technology firmware (4) · nuc kit wireless adapter driver installer (4)
- 46 CVECVSS 6.0NEWPoC 46cisco firepower management center (21) · secure firewall management center (21) · firepower threat defense (13)
- 46 CVECVSS 6.0NEWPoC 45cisco firepower management center (20) · firepower threat defense (12) · cisco identity services engine (5)
- 43 CVE3 critCVSS 5.7NEWcics tx (11) · infosphere information server (10) · robotic process automation for cloud pak (3)
- 42 CVE5 critCVSS 7.8NEWPoC 9red hat enterprise linux (41) · migration toolkit for applications (5) · migration toolkit for runtimes (5)
- 39 CVE5 critCVSS 7.5NEWPoC 6opensuse leap (32) · opensuse tumbleweed (17) · suse linux enterprise server for sap applications (11)
- 37 CVE1 critCVSS 6.9NEWPoC 11роса хром (22) · rosa virtualization 3.0 (11) · rosa virtualization (7)
- 35 CVE4 critCVSS 6.6NEWKEV 1Nuclei 2PoC 4hummus (4) · muhammara (4) · sweetalert2 (4)
- 34 CVE4 critCVSS 6.8NEWNuclei 1PoC 3fedora (33) · coreos (1)
- 34 CVE8 critCVSS 7.1NEWNuclei 2PoC 3github.com/ibax-io/go-ibax (5) · github.com/grafana/grafana (3) · github.com/lightningnetwork/lnd (2)
- 34 CVE18 critCVSS 8.5NEWNuclei 3PoC 9w15e firmware (10) · ac18 firmware (9) · ac23 firmware (8)
- 33 CVE1 critCVSS 6.8NEWPoC 6альт 8 сп (25) · альт сп 10 (9)
- 29 CVE1 critCVSS 6.6NEWarubaos (16) · sd-wan (16) · edgeconnect enterprise (13)
- 28 CVE8 critCVSS 7.9NEWNuclei 1PoC 1apache airflow (8) · apache dolphinscheduler (3) · ivy (2)
- 28 CVECVSS 6.7NEWPoC 8ubuntu (28)
- 28 CVECVSS 4.3NEWPoC 7gpac (2) · hospital management center (2) · student attendance management system (2)
- 27 CVE8 critCVSS 7.8NEWNuclei 1airflow (9) · dolphinscheduler (3) · archiva (2)
- 26 CVECVSS 7.2NEWkernel (25) · insydeh2o (1)
- 24 CVE4 critCVSS 6.6NEWPoC 1ns-nd integration performance publisher (3) · delete log (2) · cluster statistics (2)
- 24 CVE4 critCVSS 6.6NEWPoC 1jenkins ns-nd integration performance publisher plugin (3) · jenkins cluster statistics plugin (2) · jenkins delete log plugin (2)
- 24 CVE10 critCVSS 8.3NEWtap-323 series (8) · moxa tap-213 (8) · moxa awk-1131a (8)
- 23 CVECVSS 5.2NEWPoC 8tensorflow (23)
- 22 CVE4 critCVSS 7.0NEWsyngo dynamics cardiovascular imaging and information system (7) · syngo dynamics (7) · teamcenter visualization v13.3 (6)
- 22 CVE3 critCVSS 7.5NEWwebsoft hcm (22)
- 20 CVE5 critCVSS 7.6NEWemui (20) · harmonyos (20)
- 20 CVECVSS 6.4NEWPoC 1oracle exadata (19) · oracle vm server for x86 (17) · openjdk (1)
- 20 CVECVSS 6.3NEWxen (20)
- 19 CVECVSS 6.8NEWNuclei 1aruba edgeconnect enterprise software (13) · hpe nimble storage hybrid flash arrays; nimble storage secondary flash arrays (3) · hewlett packard enterprise officeconnect 1820, 1850, and 1920s network switches (1)
- 18 CVECVSS 6.7NEWmt6762, mt6768, mt6769, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6853t, mt6855, mt6873, mt6875, mt6877, mt6879, mt6883, mt6885, mt6889, mt6891, mt6893, mt6895, mt6983, mt8168, mt8185, mt8365, mt8696, mt8768, mt8786, mt8789, mt8791, mt8797, mt8798 (3) · mt6879, mt6895, mt6983 (2) · mt6983, mt8871, mt8891 (2)
- 18 CVECVSS 7.1NEWPoC 6h410s firmware (12) · h700s firmware (12) · h300s firmware (12)
- 18 CVECVSS 6.3NEWxen (18)
- 17 CVECVSS 5.7NEWfortios (4) · fortinet fortiadc (3) · fortiadc (3)
- 17 CVE2 critCVSS 6.4NEWNuclei 2liferay portal (17) · digital experience platform (14) · dxp (7)
- 17 CVECVSS 6.6NEWPoC 1linux kernel (16) · layer 2 tunneling protocol (1) · linux_kernel (1)
- 16 CVE1 critCVSS 6.7NEWPoC 4canteen management system (16)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 148 | 8 | · | 5 | NEWNuclei 5PoC 24 | debian gnu/linux (118) · linux (19) · webkitgtk (10) | — | |
| 2 | ао "нппкт" | 139 | 3 | 2 | · | NEWKEV 2PoC 19 | осон основа оnyx (139) | — | |
| 3 | 137 | 2 | 2 | · | NEWKEV 2PoC 14 | chrome (65) · android (47) · tensorflow (23) | — | ||
| 4 | ооо «русбитех-астра» | 111 | 4 | 2 | · | NEWKEV 2PoC 15 | astra linux special edition (110) · astra linux special edition для «эльбрус» (12) | — | |
| 5 | microsoft corp | 100 | 1 | 6 | · | NEWKEV 6PoC 5 | windows server 2022 (39) · windows 11 (38) · windows server 2019 (37) | — | |
| 6 | apple | 95 | 3 | 1 | · | NEWKEV 1PoC 5 | macos (79) · iphone os (74) · ipados (53) | — | |
| 7 | maven | 93 | 20 | · | 6 | NEWNuclei 6PoC 10 | com.liferay.portal:release.portal.bom (11) · com.liferay.portal:release.dxp.bom (8) · org.jeecgframework.boot:jeecg-module-system (4) | — | |
| 8 | packagist | 80 | 8 | · | 9 | NEWNuclei 9PoC 23 | concrete5/concrete5 (12) · librenms/librenms (8) · tribalsystems/zenario (7) | — | |
| 9 | fedoraproject | 69 | 5 | · | 1 | NEWNuclei 1PoC 13 | fedora (69) · extra packages for enterprise linux (2) | — | |
| 10 | ооо «ред софт» | 67 | 8 | 1 | 3 | NEWKEV 1Nuclei 3PoC 12 | ред ос (67) | — | |
| 11 | debian | 65 | 4 | · | · | NEWPoC 15 | debian linux (65) | — | |
| 12 | microsoft | 65 | 2 | 7 | · | NEWKEV 7PoC 2 | windows server 2022 (38) · windows server 2019 (36) · windows 10 version 22h2 (36) | — | |
| 13 | unknown | 64 | 7 | · | 64 | NEWNuclei 64PoC 48 | wp user merger (3) · oauth client by digitialpixies (2) · role based pricing for woocommerce (2) | — | |
| 14 | google inc | 60 | 2 | 2 | · | NEWKEV 2PoC 4 | google chrome (58) · chrome os (4) · android studio (2) | — | |
| 15 | pypi | 59 | 6 | · | 1 | NEWNuclei 1PoC 13 | tensorflow (25) · tensorflow-gpu (24) · tensorflow-cpu (24) | — | |
| 16 | intel | 58 | · | · | · | NEW | xmm 7560 firmware (9) · active management technology firmware (4) · nuc kit wireless adapter driver installer (4) | — | |
| 17 | cisco | 46 | · | · | · | NEWPoC 46 | cisco firepower management center (21) · secure firewall management center (21) · firepower threat defense (13) | — | |
| 18 | cisco systems inc. | 46 | · | · | · | NEWPoC 45 | cisco firepower management center (20) · firepower threat defense (12) · cisco identity services engine (5) | — | |
| 19 | ibm | 43 | 3 | · | · | NEW | cics tx (11) · infosphere information server (10) · robotic process automation for cloud pak (3) | — | |
| 20 | red hat inc. | 42 | 5 | · | · | NEWPoC 9 | red hat enterprise linux (41) · migration toolkit for applications (5) · migration toolkit for runtimes (5) | — | |
| 21 | novell inc. | 39 | 5 | · | · | NEWPoC 6 | opensuse leap (32) · opensuse tumbleweed (17) · suse linux enterprise server for sap applications (11) | — | |
| 22 | ао «нтц ит роса» | 37 | 1 | · | · | NEWPoC 11 | роса хром (22) · rosa virtualization 3.0 (11) · rosa virtualization (7) | — | |
| 23 | npm | 35 | 4 | 1 | 2 | NEWKEV 1Nuclei 2PoC 4 | hummus (4) · muhammara (4) · sweetalert2 (4) | — | |
| 24 | fedora project | 34 | 4 | · | 1 | NEWNuclei 1PoC 3 | fedora (33) · coreos (1) | — | |
| 25 | go | 34 | 8 | · | 2 | NEWNuclei 2PoC 3 | github.com/ibax-io/go-ibax (5) · github.com/grafana/grafana (3) · github.com/lightningnetwork/lnd (2) | — | |
| 26 | tenda | 34 | 18 | · | 3 | NEWNuclei 3PoC 9 | w15e firmware (10) · ac18 firmware (9) · ac23 firmware (8) | — | |
| 27 | ао «ивк» | 33 | 1 | · | · | NEWPoC 6 | альт 8 сп (25) · альт сп 10 (9) | — | |
| 28 | arubanetworks | 29 | 1 | · | · | NEW | arubaos (16) · sd-wan (16) · edgeconnect enterprise (13) | — | |
| 29 | apache software foundation | 28 | 8 | · | 1 | NEWNuclei 1PoC 1 | apache airflow (8) · apache dolphinscheduler (3) · ivy (2) | — | |
| 30 | canonical ltd. | 28 | · | · | · | NEWPoC 8 | ubuntu (28) | — | |
| 31 | unspecified | 28 | · | · | · | NEWPoC 7 | gpac (2) · hospital management center (2) · student attendance management system (2) | — | |
| 32 | apache | 27 | 8 | · | 1 | NEWNuclei 1 | airflow (9) · dolphinscheduler (3) · archiva (2) | — | |
| 33 | insyde | 26 | · | · | · | NEW | kernel (25) · insydeh2o (1) | — | |
| 34 | jenkins | 24 | 4 | · | · | NEWPoC 1 | ns-nd integration performance publisher (3) · delete log (2) · cluster statistics (2) | — | |
| 35 | jenkins project | 24 | 4 | · | · | NEWPoC 1 | jenkins ns-nd integration performance publisher plugin (3) · jenkins cluster statistics plugin (2) · jenkins delete log plugin (2) | — | |
| 36 | moxa inc. | 24 | 10 | · | · | NEW | tap-323 series (8) · moxa tap-213 (8) · moxa awk-1131a (8) | — | |
| 37 | tensorflow | 23 | · | · | · | NEWPoC 8 | tensorflow (23) | — | |
| 38 | siemens | 22 | 4 | · | · | NEW | syngo dynamics cardiovascular imaging and information system (7) · syngo dynamics (7) · teamcenter visualization v13.3 (6) | — | |
| 39 | ооо "вебсофт девелопмент" | 22 | 3 | · | · | NEW | websoft hcm (22) | — | |
| 40 | huawei | 20 | 5 | · | · | NEW | emui (20) · harmonyos (20) | — | |
| 41 | oracle corp. | 20 | · | · | · | NEWPoC 1 | oracle exadata (19) · oracle vm server for x86 (17) · openjdk (1) | — | |
| 42 | xen | 20 | · | · | · | NEW | xen (20) | — | |
| 43 | hewlett packard enterprise (hpe) | 19 | · | · | 1 | NEWNuclei 1 | aruba edgeconnect enterprise software (13) · hpe nimble storage hybrid flash arrays; nimble storage secondary flash arrays (3) · hewlett packard enterprise officeconnect 1820, 1850, and 1920s network switches (1) | — | |
| 44 | mediatek, inc. | 18 | · | · | · | NEW | mt6762, mt6768, mt6769, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6853t, mt6855, mt6873, mt6875, mt6877, mt6879, mt6883, mt6885, mt6889, mt6891, mt6893, mt6895, mt6983, mt8168, mt8185, mt8365, mt8696, mt8768, mt8786, mt8789, mt8791, mt8797, mt8798 (3) · mt6879, mt6895, mt6983 (2) · mt6983, mt8871, mt8891 (2) | — | |
| 45 | netapp | 18 | · | · | · | NEWPoC 6 | h410s firmware (12) · h700s firmware (12) · h300s firmware (12) | — | |
| 46 | the linux foundation | 18 | · | · | · | NEW | xen (18) | — | |
| 47 | fortinet | 17 | · | · | · | NEW | fortios (4) · fortinet fortiadc (3) · fortiadc (3) | — | |
| 48 | liferay | 17 | 2 | · | 2 | NEWNuclei 2 | liferay portal (17) · digital experience platform (14) · dxp (7) | — | |
| 49 | linux | 17 | · | · | · | NEWPoC 1 | linux kernel (16) · layer 2 tunneling protocol (1) · linux_kernel (1) | — | |
| 50 | canteen management system project | 16 | 1 | · | · | NEWPoC 4 | canteen management system (16) | — |