month report
December 2022
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
December 2022 closed with 2,862 published CVEs. 300 criticals, 9 added to CISA KEV (4 ransomware-linked). google led volume, mostly via android. Top weakness class — CWE-79 (342 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
2,862
— MoM— YoY
Severity mix
300 / 794
critical / high
KEV added
9
4 ransomware-linked
Nuclei coverage
7.8%
223 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
1179.9
n=223
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
2
n=4
Detection gap
KEV pressure, no Nuclei coverage
December 2022 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 2mozilla175 CVE
- KEV 2ооо «русбитех-астра»169 CVE
- KEV 2mozilla corp.167 CVE
- KEV 2ао «ивк»144 CVE
- KEV 2фссп россии77 CVE
- KEV 2ао «концерн вниинс»74 CVE
- KEV 2microsoft corp52 CVE
- KEV 1google266 CVE
Weakness × Vendor
What's spreading where in December 2022
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS787Out-of-bounds Write125Out-of-bounds Read707CWE-70789SQL Injection120Buffer Overflow22Path Traversal416Use After Free78OS Command Injection352CSRFgoogle624932319ао "нппкт"1341181302сообщество свободного программного обеспечения636234211mozilla10295120ооо «русбитех-астра»5321841231mozilla corp.10295120ао «ивк»72312420go171111218ооо «ред софт»71510415unknown43112tenda463165red hat inc.51361182
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #6mozilla corp.167 CVE
- #10unknown103 CVE
- #11tenda91 CVE
- #14фссп россии77 CVE
- #23unisoc (shanghai) technologies co., ltd.49 CVE
- #24unspecified49 CVE
- #26usememos47 CVE
- #30adobe39 CVE
- #31adobe systems inc.39 CVE
- #32nvidia32 CVE
Top vendors
Ranked by distinct CVE count this period.
- 266 CVE3 critCVSS 6.3KEV 1PoC 1android (257) · chrome (6) · tensorflow (2)
- 243 CVE25 critCVSS 7.4KEV 3Nuclei 2PoC 35осон основа оnyx (243)
- 210 CVE26 critCVSS 7.4Nuclei 2PoC 31debian gnu/linux (167) · linux (32) · xrdp (10)
- 175 CVE18 critCVSS 7.5KEV 2PoC 17firefox (156) · thunderbird (116) · firefox esr (103)
- 169 CVE22 critCVSS 7.5KEV 2PoC 22astra linux special edition (162) · astra linux special edition для «эльбрус» (23) · astra linux common edition (5)
- 167 CVE17 critCVSS 7.5NEWKEV 2PoC 16firefox (148) · thunderbird (100) · firefox esr (95)
- 144 CVE21 critCVSS 7.7KEV 2PoC 14альт 8 сп (139) · альт сп 10 (8)
- 126 CVE15 critCVSS 6.6Nuclei 1PoC 26github.com/usememos/memos (48) · helm.sh/helm/v3 (3) · github.com/alist-org/alist/v3 (3)
- 122 CVE16 critCVSS 7.5KEV 2Nuclei 1PoC 16ред ос (122)
- 103 CVE10 critCVSS 6.4NEWNuclei 103PoC 100contest gallery pro (17) · contest gallery (16) · popup manager (2)
- 91 CVE21 critCVSS 8.0NEWPoC 71f1203 firmware (22) · w30e firmware (21) · a15 firmware (14)
- 90 CVE7 critCVSS 7.1Nuclei 3PoC 10red hat enterprise linux (85) · red hat satellite (4) · red hat software collections (3)
- 78 CVE16 critCVSS 7.5Nuclei 2PoC 20debian linux (78)
- 77 CVE12 critCVSS 7.5NEWKEV 2PoC 10ос тд аис фссп россии (77)
- 74 CVE10 critCVSS 7.7KEV 2PoC 9ос он «стрелец» (74)
- 56 CVE8 critCVSS 7.1Nuclei 2PoC 8cn.hutool:hutool-json (3) · net.mingsoft:ms-mcms (3) · io.apiman:apiman-manager-api-rest-impl (2)
- 54 CVE6 critCVSS 7.5PoC 3ubuntu (54)
- 54 CVECVSS 7.5KEV 1PoC 1windows 10 version 1809 (26) · windows 10 version 21h1 (26) · windows 10 version 22h2 (26)
- 54 CVE6 critCVSS 7.1Nuclei 1PoC 9opensuse leap (46) · suse linux enterprise server (36) · suse linux enterprise server for sap applications (35)
- 54 CVE4 critCVSS 6.1Nuclei 7PoC 21feehi/feehicms (8) · typo3/cms (7) · typo3/cms-core (5)
- 52 CVECVSS 7.5KEV 2windows 10 20h2 (26) · windows 10 21h1 (26) · windows 10 21h2 (26)
- 51 CVE3 critCVSS 7.3KEV 1PoC 2macos (42) · iphone os (42) · ipados (40)
- 49 CVECVSS 6.0NEWsc9863a/sc9832e/sc7731e/t610/t310/t606/t760/t610/t618/t606/t612/t616/t760/t770/t820/s8000 (26) · sc9863a/sc9832e/sc7731e/t610/t310/t606/t760/t610/t618/t606/t612/t616/t760/t770/t820/s8001 (1) · sc9863a/sc9832e/sc7731e/t610/t310/t606/t760/t610/t618/t606/t612/t616/t760/t770/t820/s8002 (1)
- 49 CVECVSS 4.4NEWPoC 6movie ticket booking system (5) · house rental system (3) · wp-ban (2)
- 48 CVE7 critCVSS 6.7Nuclei 2PoC 9jsonwebtoken (4) · nadesiko3 (3) · oils (1)
- 47 CVE3 critCVSS 6.5NEWPoC 20usememos/memos (47) · memos (47)
- 44 CVE3 critCVSS 5.5Nuclei 2PoC 1teamcenter visualization v13.3 (12) · teamcenter visualization v13.2 (12) · teamcenter visualization (12)
- 42 CVE7 critCVSS 6.3Nuclei 1PoC 3rdiffweb (9) · graphite-web (3) · tensorflow-gpu (2)
- 40 CVECVSS 5.8aix (9) · vios (9) · security verify governance (6)
- 39 CVECVSS 5.3NEWexperience manager (34) · experience manager cloud service (34) · illustrator (4)
- 39 CVECVSS 5.4NEWadobe experience manager (34) · illustrator 2022 (4) · illustrator 2023 (4)
- 32 CVECVSS 6.3NEWcloud gaming (26) · virtual gpu (26) · gpu display driver (18)
- 29 CVE8 critCVSS 8.0harmonyos (24) · emui (18) · aslan-al10 firmware (3)
- 27 CVE1 critCVSS 6.4PoC 1linux kernel (27) · linux (3)
- 24 CVE6 critCVSS 7.5NEWPoC 12openimageio (24)
- 24 CVE6 critCVSS 7.5NEWPoC 12openimageio (24)
- 23 CVE5 critCVSS 7.4NEWPoC 11openimageio (23)
- 23 CVE10 critCVSS 8.3PoC 2роса хром (18) · роса кобальт (8) · rosa virtualization (6)
- 22 CVECVSS 4.9NEWsamsung mobile devices (18) · samsung pass (2) · samsung calendar (1)
- 21 CVE6 critCVSS 7.4PoC 2apache traffic server (3) · apache cxf (2) · apache zeppelin (2)
- 21 CVE20 critCVSS 9.8NEWPoC 9tew-755ap firmware (20) · tew-820ap firmware (1)
- 20 CVE2 critCVSS 7.6Nuclei 2PoC 1fedora (20) · extra packages for enterprise linux (1)
- 20 CVECVSS 7.7NEWwcd9380 firmware (19) · wcn6856 firmware (17) · wsa8835 firmware (17)
- 20 CVECVSS 7.6NEWsnapdragon mobile (4) · snapdragon auto, snapdragon compute, snapdragon industrial iot, snapdragon mobile, snapdragon wearables (2) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon wearables (2)
- 19 CVECVSS 7.5NEWPoC 19ac6 firmware (19)
- 18 CVE6 critCVSS 7.7PoC 1traffic server (3) · zeppelin (2) · cxf (2)
- 18 CVECVSS 6.3NEWNuclei 18PoC 17contest gallery (18)
- 18 CVECVSS 6.7NEWmt6762, mt6765, mt6768, mt6769, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6853t, mt6855, mt6873, mt6875, mt6877, mt6879, mt6883, mt6885, mt6889, mt6891, mt6893, mt6895, mt8385, mt8765, mt8766, mt8768, mt8781, mt8786, mt8788, mt8789, mt8791, mt8797 (4) · mt6833, mt6853, mt6855, mt6873, mt6877, mt6893, mt8791 (2) · mt6580, mt6739, mt6761, mt6765, mt6768, mt6771, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6873, mt6877, mt6879, mt6883, mt6895, mt6983, mt8168, mt8365, mt8385, mt8666, mt8667, mt8675, mt8766, mt8768, mt8781, mt8786, mt8788, mt8789, mt8791, mt8797 (1)
- 17 CVE2 critCVSS 6.6NEWPoC 16rails-html-sanitizer (4) · loofah (3) · resque-scheduler (2)
- 16 CVE16 critCVSS 9.8NEWPoC 1m50 firmware (15) · ew9 firmware (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | 266 | 3 | 1 | · | KEV 1PoC 1 | android (257) · chrome (6) · tensorflow (2) | — | ||
| 2 | ао "нппкт" | 243 | 25 | 3 | 2 | KEV 3Nuclei 2PoC 35 | осон основа оnyx (243) | — | |
| 3 | сообщество свободного программного обеспечения | 210 | 26 | · | 2 | Nuclei 2PoC 31 | debian gnu/linux (167) · linux (32) · xrdp (10) | — | |
| 4 | mozilla | 175 | 18 | 2 | · | KEV 2PoC 17 | firefox (156) · thunderbird (116) · firefox esr (103) | — | |
| 5 | ооо «русбитех-астра» | 169 | 22 | 2 | · | KEV 2PoC 22 | astra linux special edition (162) · astra linux special edition для «эльбрус» (23) · astra linux common edition (5) | — | |
| 6 | mozilla corp. | 167 | 17 | 2 | · | NEWKEV 2PoC 16 | firefox (148) · thunderbird (100) · firefox esr (95) | — | |
| 7 | ао «ивк» | 144 | 21 | 2 | · | KEV 2PoC 14 | альт 8 сп (139) · альт сп 10 (8) | — | |
| 8 | go | 126 | 15 | · | 1 | Nuclei 1PoC 26 | github.com/usememos/memos (48) · helm.sh/helm/v3 (3) · github.com/alist-org/alist/v3 (3) | — | |
| 9 | ооо «ред софт» | 122 | 16 | 2 | 1 | KEV 2Nuclei 1PoC 16 | ред ос (122) | — | |
| 10 | unknown | 103 | 10 | · | 103 | NEWNuclei 103PoC 100 | contest gallery pro (17) · contest gallery (16) · popup manager (2) | — | |
| 11 | tenda | 91 | 21 | · | · | NEWPoC 71 | f1203 firmware (22) · w30e firmware (21) · a15 firmware (14) | — | |
| 12 | red hat inc. | 90 | 7 | · | 3 | Nuclei 3PoC 10 | red hat enterprise linux (85) · red hat satellite (4) · red hat software collections (3) | — | |
| 13 | debian | 78 | 16 | · | 2 | Nuclei 2PoC 20 | debian linux (78) | — | |
| 14 | фссп россии | 77 | 12 | 2 | · | NEWKEV 2PoC 10 | ос тд аис фссп россии (77) | — | |
| 15 | ао «концерн вниинс» | 74 | 10 | 2 | · | KEV 2PoC 9 | ос он «стрелец» (74) | — | |
| 16 | maven | 56 | 8 | · | 2 | Nuclei 2PoC 8 | cn.hutool:hutool-json (3) · net.mingsoft:ms-mcms (3) · io.apiman:apiman-manager-api-rest-impl (2) | — | |
| 17 | canonical ltd. | 54 | 6 | · | · | PoC 3 | ubuntu (54) | — | |
| 18 | microsoft | 54 | · | 1 | · | KEV 1PoC 1 | windows 10 version 1809 (26) · windows 10 version 21h1 (26) · windows 10 version 22h2 (26) | — | |
| 19 | novell inc. | 54 | 6 | · | 1 | Nuclei 1PoC 9 | opensuse leap (46) · suse linux enterprise server (36) · suse linux enterprise server for sap applications (35) | — | |
| 20 | packagist | 54 | 4 | · | 7 | Nuclei 7PoC 21 | feehi/feehicms (8) · typo3/cms (7) · typo3/cms-core (5) | — | |
| 21 | microsoft corp | 52 | · | 2 | · | KEV 2 | windows 10 20h2 (26) · windows 10 21h1 (26) · windows 10 21h2 (26) | — | |
| 22 | apple | 51 | 3 | 1 | · | KEV 1PoC 2 | macos (42) · iphone os (42) · ipados (40) | — | |
| 23 | unisoc (shanghai) technologies co., ltd. | 49 | · | · | · | NEW | sc9863a/sc9832e/sc7731e/t610/t310/t606/t760/t610/t618/t606/t612/t616/t760/t770/t820/s8000 (26) · sc9863a/sc9832e/sc7731e/t610/t310/t606/t760/t610/t618/t606/t612/t616/t760/t770/t820/s8001 (1) · sc9863a/sc9832e/sc7731e/t610/t310/t606/t760/t610/t618/t606/t612/t616/t760/t770/t820/s8002 (1) | — | |
| 24 | unspecified | 49 | · | · | · | NEWPoC 6 | movie ticket booking system (5) · house rental system (3) · wp-ban (2) | — | |
| 25 | npm | 48 | 7 | · | 2 | Nuclei 2PoC 9 | jsonwebtoken (4) · nadesiko3 (3) · oils (1) | — | |
| 26 | usememos | 47 | 3 | · | · | NEWPoC 20 | usememos/memos (47) · memos (47) | — | |
| 27 | siemens | 44 | 3 | · | 2 | Nuclei 2PoC 1 | teamcenter visualization v13.3 (12) · teamcenter visualization v13.2 (12) · teamcenter visualization (12) | — | |
| 28 | pypi | 42 | 7 | · | 1 | Nuclei 1PoC 3 | rdiffweb (9) · graphite-web (3) · tensorflow-gpu (2) | — | |
| 29 | ibm | 40 | · | · | · | aix (9) · vios (9) · security verify governance (6) | — | ||
| 30 | adobe | 39 | · | · | · | NEW | experience manager (34) · experience manager cloud service (34) · illustrator (4) | — | |
| 31 | adobe systems inc. | 39 | · | · | · | NEW | adobe experience manager (34) · illustrator 2022 (4) · illustrator 2023 (4) | — | |
| 32 | nvidia | 32 | · | · | · | NEW | cloud gaming (26) · virtual gpu (26) · gpu display driver (18) | — | |
| 33 | huawei | 29 | 8 | · | · | harmonyos (24) · emui (18) · aslan-al10 firmware (3) | — | ||
| 34 | linux | 27 | 1 | · | · | PoC 1 | linux kernel (27) · linux (3) | — | |
| 35 | openimageio | 24 | 6 | · | · | NEWPoC 12 | openimageio (24) | — | |
| 36 | openimageio project | 24 | 6 | · | · | NEWPoC 12 | openimageio (24) | — | |
| 37 | larry gritz | 23 | 5 | · | · | NEWPoC 11 | openimageio (23) | — | |
| 38 | ао «нтц ит роса» | 23 | 10 | · | · | PoC 2 | роса хром (18) · роса кобальт (8) · rosa virtualization (6) | — | |
| 39 | samsung mobile | 22 | · | · | · | NEW | samsung mobile devices (18) · samsung pass (2) · samsung calendar (1) | — | |
| 40 | apache software foundation | 21 | 6 | · | · | PoC 2 | apache traffic server (3) · apache cxf (2) · apache zeppelin (2) | — | |
| 41 | trendnet | 21 | 20 | · | · | NEWPoC 9 | tew-755ap firmware (20) · tew-820ap firmware (1) | — | |
| 42 | fedoraproject | 20 | 2 | · | 2 | Nuclei 2PoC 1 | fedora (20) · extra packages for enterprise linux (1) | — | |
| 43 | qualcomm | 20 | · | · | · | NEW | wcd9380 firmware (19) · wcn6856 firmware (17) · wsa8835 firmware (17) | — | |
| 44 | qualcomm, inc. | 20 | · | · | · | NEW | snapdragon mobile (4) · snapdragon auto, snapdragon compute, snapdragon industrial iot, snapdragon mobile, snapdragon wearables (2) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon wearables (2) | — | |
| 45 | tendacn | 19 | · | · | · | NEWPoC 19 | ac6 firmware (19) | — | |
| 46 | apache | 18 | 6 | · | · | PoC 1 | traffic server (3) · zeppelin (2) · cxf (2) | — | |
| 47 | contest-gallery | 18 | · | · | 18 | NEWNuclei 18PoC 17 | contest gallery (18) | — | |
| 48 | mediatek, inc. | 18 | · | · | · | NEW | mt6762, mt6765, mt6768, mt6769, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6853t, mt6855, mt6873, mt6875, mt6877, mt6879, mt6883, mt6885, mt6889, mt6891, mt6893, mt6895, mt8385, mt8765, mt8766, mt8768, mt8781, mt8786, mt8788, mt8789, mt8791, mt8797 (4) · mt6833, mt6853, mt6855, mt6873, mt6877, mt6893, mt8791 (2) · mt6580, mt6739, mt6761, mt6765, mt6768, mt6771, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6873, mt6877, mt6879, mt6883, mt6895, mt6983, mt8168, mt8365, mt8385, mt8666, mt8667, mt8675, mt8766, mt8768, mt8781, mt8786, mt8788, mt8789, mt8791, mt8797 (1) | — | |
| 49 | rubygems | 17 | 2 | · | · | NEWPoC 16 | rails-html-sanitizer (4) · loofah (3) · resque-scheduler (2) | — | |
| 50 | ip-com | 16 | 16 | · | · | NEWPoC 1 | m50 firmware (15) · ew9 firmware (1) | — |