CVE Tools
Sign in
month report

April 2023

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

April 2023 closed with 2,356 published CVEs. 284 criticals, 17 added to CISA KEV (6 ransomware-linked). microsoft corp led volume, mostly via windows server 2022 (server core installation). Top weakness class — CWE-79 (412 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
2,356
— MoM— YoY
Severity mix
284 / 711
critical / high
KEV added
17
6 ransomware-linked
Nuclei coverage
13.3%
314 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
1060.3
n=314
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
36
n=17
Detection gap

KEV pressure, no Nuclei coverage

April 2023 · vendors with active exploitation listed by CISA but no public detection template.

Weakness × Vendor

What's spreading where in April 2023

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS89SQL Injection787Out-of-bounds Write125Out-of-bounds Read20Improper Input Validation22Path Traversal416Use After Free77Command Injection400Resource Consumption434Unrestricted File Uploadmicrosoft corp3448192microsoft314892сообщество свободного программного обеспечения31124321023google22101161sourcecodester236613maven15311121oracle corp.3oracle3oracle corporation3packagist4473314ао "нппкт"10422134ооо «русбитех-астра»15311141

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1microsoft corp
    111 CVE3 critCVSS 7.4
    NEWKEV 4PoC 6
    windows server 2022 (server core installation) (73) · windows server 2022 (73) · windows server 2019 (server core installation) (70)
  • 2microsoft
    104 CVE3 critCVSS 7.4
    NEWKEV 2PoC 6
    windows server 2022 (73) · windows server 2019 (server core installation) (70) · windows server 2019 (70)
  • 3сообщество свободного программного обеспечения
    102 CVE15 critCVSS 6.7
    NEWNuclei 3PoC 32
    debian gnu/linux (47) · linux (32) · xwiki platform (13)
  • 4google
    100 CVE2 critCVSS 7.1
    NEWKEV 2
    android (79) · chrome (20) · espv2 (1)
  • 5sourcecodester
    98 CVECVSS 5.4
    NEWNuclei 1PoC 90
    online computer and laptop store (19) · vehicle service management system (9) · online payroll system (9)
  • 6maven
    94 CVE40 critCVSS 7.7
    NEWNuclei 9PoC 20
    org.xwiki.platform:xwiki-platform-oldcore (5) · tech.powerjob:powerjob (5) · org.xwiki.platform:xwiki-platform-web-templates (4)
  • 7oracle corp.
    92 CVECVSS 5.5
    NEWNuclei 3PoC 2
    mysql server (23) · vm virtualbox (10) · graalvm enterprise edition (8)
  • 8oracle
    91 CVECVSS 5.4
    NEWNuclei 3PoC 1
    mysql server (18) · vm virtualbox (10) · graalvm (8)
  • 9oracle corporation
    91 CVECVSS 5.5
    NEWNuclei 3PoC 1
    mysql server (23) · vm virtualbox (10) · java se jdk and jre (7)
  • 10packagist
    91 CVE8 critCVSS 6.4
    NEWNuclei 10PoC 27
    pimcore/pimcore (16) · thorsten/phpmyfaq (15) · concrete5/concrete5 (10)
  • 11ао "нппкт"
    81 CVE2 critCVSS 6.4
    NEWKEV 3Nuclei 1PoC 6
    осон основа оnyx (81)
  • 12ооо «русбитех-астра»
    77 CVE1 critCVSS 6.6
    NEWKEV 3PoC 13
    astra linux special edition (77) · astra linux special edition для «эльбрус» (6) · astra linux common edition (4)
  • 13ао «ивк»
    65 CVE2 critCVSS 5.5
    NEWPoC 10
    альт 8 сп (63) · альт сп 10 (45)
  • 14adobe
    57 CVE1 critCVSS 7.3
    NEW
    acrobat (16) · acrobat dc (16) · acrobat reader (16)
  • 15adobe systems inc.
    57 CVE1 critCVSS 7.4
    NEW
    adobe acrobat reader document cloud (16) · adobe acrobat 2020 (16) · adobe acrobat reader 2020 (16)
  • 16fedoraproject
    54 CVE1 critCVSS 6.5
    NEWKEV 2Nuclei 1PoC 4
    fedora (54) · extra packages for enterprise linux (1)
  • 17unknown
    54 CVE2 critCVSS 6.1
    NEWNuclei 54PoC 54
    w4 post list (3) · simple giveaways (3) · gallery by bestwebsoft (2)
  • 18ооо «ред софт»
    54 CVE5 critCVSS 6.5
    NEWPoC 6
    ред ос (54)
  • 19debian
    48 CVE1 critCVSS 6.6
    NEWKEV 2PoC 6
    debian linux (48)
  • 20linux
    43 CVECVSS 5.9
    NEWPoC 5
    linux kernel (43)
  • 21cisco systems inc.
    42 CVECVSS 6.2
    NEWKEV 1Nuclei 1PoC 40
    cisco small business rv325 (19) · cisco small business rv320 (19) · cisco small business rv016 (17)
  • 22cisco
    40 CVECVSS 6.2
    NEWKEV 1Nuclei 1PoC 40
    cisco small business rv series router firmware (20) · rv325 firmware (19) · rv320 firmware (19)
  • 23oretnom23
    40 CVECVSS 5.7
    NEWPoC 38
    online computer and laptop store (19) · service provider management system (7) · ac repair and services system (6)
  • 24nvidia
    38 CVECVSS 6.3
    NEW
    virtual gpu (15) · nvidia dgx servers (11) · vgpu software (guest driver - windows), nvidia cloud gaming (guest driver - windows) (5)
  • 25xwiki
    38 CVE27 critCVSS 8.8
    NEWNuclei 4PoC 16
    xwiki (37) · xwiki-platform (36) · xwiki-commons (2)
  • 26campcodes
    37 CVECVSS 6.0
    NEWPoC 37
    advanced online voting system (9) · coffee shop pos system (8) · online thesis archiving system (6)
  • 27npm
    37 CVE9 critCVSS 7.0
    NEWNuclei 2PoC 8
    vm2 (3) · @strapi/plugin-users-permissions (3) · @openzeppelin/contracts-upgradeable (2)
  • 28pypi
    34 CVE6 critCVSS 6.9
    NEWKEV 1Nuclei 3PoC 6
    apache-superset (4) · modoboa (3) · wagtail (2)
  • 29ао «нтц ит роса»
    34 CVECVSS 6.4
    NEWPoC 4
    rosa virtualization 3.0 (16) · роса кобальт (10) · роса хром (9)
  • 30qualcomm
    33 CVE8 critCVSS 8.0
    NEW
    qca4004 firmware (23) · wcd9306 firmware (23) · snapdragon x5 lte modem firmware (23)
  • 31qualcomm, inc.
    33 CVE8 critCVSS 8.1
    NEW
    snapdragon (33)
  • 32red hat inc.
    33 CVE2 critCVSS 6.8
    NEWKEV 1Nuclei 1PoC 8
    red hat enterprise linux (30) · openshift serverless (4) · openshift developer tools and services (4)
  • 33netapp
    32 CVECVSS 5.3
    NEWKEV 1PoC 1
    oncommand insight (21) · active iq unified manager (18) · snapcenter (14)
  • 34tenda
    32 CVE31 critCVSS 9.7
    NEWPoC 6
    ac5 firmware (12) · ac10 firmware (10) · ac15 firmware (8)
  • 35mediatek, inc.
    30 CVECVSS 6.1
    NEW
    mt5221, mt6781, mt6789, mt6833, mt6855, mt6877, mt6879, mt6895, mt6983, mt7663, mt7668, mt7902, mt7921, mt8167s, mt8168, mt8169, mt8175, mt8185, mt8362a, mt8365, mt8385, mt8518, mt8532, mt8675, mt8695, mt8766, mt8768, mt8771, mt8781, mt8786, mt8788, mt8789, mt8791t, mt8797, mt8798 (5) · mt5221, mt6879, mt6895, mt6983, mt7902, mt7921, mt8167s, mt8168, mt8175, mt8362a, mt8365, mt8385, mt8518, mt8532, mt8696, mt8766, mt8768, mt8771, mt8781, mt8786, mt8788, mt8789, mt8791t, mt8795t, mt8797, mt8798 (4) · mt6580, mt6731, mt6735, mt6737, mt6739, mt6753, mt6757, mt6757c, mt6757cd, mt6757ch, mt6761, mt6762, mt6763, mt6765, mt6768, mt6769, mt6771, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6853t, mt6855, mt6873, mt6875, mt6877, mt6879, mt6883, mt6885, mt6889, mt6891, mt6893, mt6895, mt6983, mt8185, mt8192, mt8321, mt8385, mt8666, mt8667, mt8673, mt8675, mt8765, mt8766, mt8768, mt8771, mt8781, mt8786, mt8788, mt8789, mt8791, mt8791t, mt8795t, mt8797, mt8798, mt8871, mt8891 (3)
  • 36gitlab
    26 CVE1 critCVSS 5.4
    NEWNuclei 1PoC 1
    gitlab (26)
  • 37go
    26 CVE3 critCVSS 7.4
    NEWPoC 6
    github.com/docker/docker (3) · github.com/bnb-chain/tss-lib (3) · github.com/binance-chain/tss-lib (3)
  • 38ibm
    26 CVECVSS 6.5
    NEWPoC 1
    db2 for linux, unix and windows (7) · db2 (7) · safer payments (3)
  • 39juniper
    25 CVECVSS 6.5
    NEWPoC 24
    junos (19) · junos os evolved (10) · appid service sigpack (1)
  • 40juniper networks
    25 CVECVSS 6.5
    NEWPoC 24
    junos os (18) · junos os evolved (10) · jdpi-decoder engine (1)
  • 41novell inc.
    25 CVE1 critCVSS 6.1
    NEWKEV 1PoC 6
    suse linux enterprise server for sap applications (24) · suse linux enterprise desktop (24) · suse linux enterprise server (24)
  • 42schneider electric
    24 CVE3 critCVSS 7.6
    NEW
    struxureware data center expert (9) · apc easy ups online monitoring software (windows 10, 11 windows server 2016, 2019, 2022) (3) · easy ups online (3)
  • 43schneider-electric
    24 CVE3 critCVSS 7.5
    NEW
    struxureware data center expert (9) · easy ups online monitoring software (3) · netbotz 355 firmware (3)
  • 44google inc
    22 CVE1 critCVSS 7.7
    NEWKEV 2
    google chrome (20) · protobuf-c (1) · android (1)
  • 45h3c
    22 CVECVSS 4.9
    NEW
    magic r200 firmware (13) · magic r100 firmware (9)
  • 46apache
    21 CVE8 critCVSS 7.6
    NEWKEV 1Nuclei 2PoC 1
    linkis (5) · superset (4) · apache-airflow-providers-apache-spark (1)
  • 47apache software foundation
    21 CVE8 critCVSS 7.8
    NEWKEV 1Nuclei 2PoC 1
    apache linkis (5) · apache superset (4) · apache spark (1)
  • 48fortinet
    20 CVE1 critCVSS 6.8
    NEW
    fortios (4) · fortiproxy (4) · forticlient (4)
  • 49jenkins
    20 CVECVSS 5.8
    NEW
    report portal (4) · wso2 oauth (2) · consul kv builder (2)
  • 50jenkins project
    20 CVECVSS 5.8
    NEW
    jenkins report portal plugin (4) · jenkins consul kv builder plugin (2) · jenkins quay.io trigger plugin (2)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-79412
2CWE-89183
3CWE-787174
4CWE-12585
5CWE-2051
6CWE-2251
7CWE-41648
8CWE-7745
9CWE-40044
10CWE-43443
11CWE-35242
12CWE-7841
13CWE-28437
14CWE-19036
15CWE-28735
16CWE-86335
17CWE-26934
18CWE-12033
19CWE-9433
20CWE-47632