month report

December 2023

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

December 2023 closed with 2,769 published CVEs. 383 criticals, 11 added to CISA KEV (2 ransomware-linked). adobe led volume, mostly via experience manager. Top weakness class — CWE-79 (566 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

2,769

— MoM— YoY

Severity mix

383 / 867

critical / high

KEV added

2 ransomware-linked

Nuclei coverage

17.1%

474 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

808.0

n=474

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=9

Detection gap

KEV pressure, no Nuclei coverage

December 2023 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3qualcomm38 CVE
KEV 3qualcomm, inc.38 CVE
KEV 1google196 CVE
KEV 1microsoft corp47 CVE
KEV 1google inc31 CVE
KEV 1fedora project22 CVE

Weakness × Vendor

What's spreading where in December 2023

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#7unisoc (shanghai) technologies co., ltd.83 CVE
#20qualcomm38 CVE
#21qualcomm, inc.38 CVE
#24red hat36 CVE
#28code-projects32 CVE
#32honor30 CVE
#35apple inc.29 CVE
#38jfinalcms project27 CVE
#39shenzhen tenda technology co., ltd.27 CVE
#41ivanti25 CVE

Top vendors

Ranked by distinct CVE count this period.

1adobe—
220 CVECVSS 5.5
experience manager (193) · adobe experience manager (193) · experience manager cloud service (113)
2adobe systems inc.—
219 CVECVSS 5.6
adobe experience manager (192) · adobe substance 3d sampler (6) · adobe after effects (4)
3google—
196 CVE21 critCVSS 7.1
KEV 1PoC 1
android (182) · chrome (13) · chromecast firmware (4)
4maven—
117 CVE18 critCVSS 7.1
Nuclei 8PoC 28
com.jfinal:jfinal (27) · org.silverpeas.core:silverpeas-core-web (7) · com.cloudtp.jenkins:paaslane-estimate (4)
5ооо «ред софт»—
106 CVE6 critCVSS 7.0
KEV 1Nuclei 4PoC 23
ред ос (106)
6сообщество свободного программного обеспечения—
103 CVE10 critCVSS 7.2
KEV 2Nuclei 4PoC 19
debian gnu/linux (67) · linux (16) · xwiki platform (5)
7unisoc (shanghai) technologies co., ltd.—
83 CVECVSS 6.0
NEW
sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 (73) · sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 (6) · t606/t612/t616 (2)
8ооо «русбитех-астра»—
82 CVE3 critCVSS 7.2
KEV 1Nuclei 2PoC 12
astra linux special edition (81) · astra linux common edition (8) · astra linux special edition для «эльбрус» (3)
9ао "нппкт"—
68 CVE2 critCVSS 7.2
KEV 1Nuclei 2PoC 9
осон основа оnyx (68)
10ао «ивк»—
57 CVE2 critCVSS 6.9
Nuclei 1PoC 8
альт сп 10 (51) · альт 8 сп (27)
11ibm—
54 CVECVSS 6.2
db2 for linux, unix and windows (8) · infosphere information server (8) · db2 (8)
12pypi—
52 CVE5 critCVSS 6.9
Nuclei 12PoC 11
mlflow (11) · apache-airflow (4) · apache-superset (3)
13unknown—
52 CVE3 critCVSS 6.9
Nuclei 50PoC 49
wp mail log (5) · welcart e-commerce (3) · wp all export pro (3)
14microsoft—
48 CVE4 critCVSS 7.6
Nuclei 1PoC 4
windows server 2022, 23h2 edition (server core installation) (19) · windows server 2019 (18) · windows server 2019 (server core installation) (18)
15microsoft corp—
47 CVE3 critCVSS 7.6
KEV 1PoC 2
windows server 2019 (18) · windows server 2022 (18) · windows server 2022, 23h2 edition (server core installation) (18)
16tenda—
47 CVE47 critCVSS 9.8
PoC 19
w30e firmware (11) · i29 firmware (9) · ax9 firmware (8)
17packagist—
43 CVE1 critCVSS 5.3
Nuclei 5PoC 18
concrete5/concrete5 (5) · automad/automad (4) · microweber/microweber (4)
18totolink—
40 CVE37 critCVSS 9.3
Nuclei 1PoC 19
ex1800t firmware (18) · x6000r firmware (7) · x2000r firmware (3)
19debian—
39 CVE1 critCVSS 7.3
KEV 2Nuclei 2PoC 6
debian linux (39)
20qualcomm—
38 CVE3 critCVSS 7.8
NEWKEV 3
wcd9380 firmware (36) · qca6391 firmware (35) · wsa8835 firmware (34)
21qualcomm, inc.—
38 CVE3 critCVSS 7.7
NEWKEV 3
snapdragon (38)
22npm—
37 CVE3 critCVSS 6.5
Nuclei 1PoC 12
@evershop/evershop (7) · uptime-kuma (2) · nuxt-api-party (2)
23red hat inc.—
37 CVECVSS 6.0
PoC 5
red hat enterprise linux (31) · red hat software collections (3) · ansible (2)
24red hat—
36 CVECVSS 5.9
NEWPoC 2
red hat enterprise linux 9 (19) · red hat enterprise linux 8 (18) · red hat enterprise linux 6 (17)
25apple—
35 CVECVSS 6.6
Nuclei 1PoC 4
macos (33) · ipados (12) · iphone os (12)
26dell—
35 CVECVSS 7.6
powerprotect data domain management center (8) · powerprotect data protection (7) · emc data domain os (7)
27redhat—
35 CVECVSS 5.8
Nuclei 1PoC 4
enterprise linux (16) · enterprise linux eus (7) · single sign-on (6)
28code-projects—
32 CVECVSS 4.9
NEWPoC 32
client details system (7) · e-commerce website (4) · faculty management system (3)
29go—
32 CVE1 critCVSS 6.4
Nuclei 2PoC 7
github.com/traefik/traefik/v3 (3) · github.com/mattermost/mattermost/server/v8 (3) · github.com/traefik/traefik/v2 (3)
30google inc—
31 CVE12 critCVSS 8.9
KEV 1PoC 1
android (16) · google chrome (13) · chrome os (12)
31ао «нтц ит роса»—
31 CVE1 critCVSS 6.3
Nuclei 1PoC 7
роса хром (19) · rosa virtualization 3.0 (15) · роса кобальт (8)
32honor—
30 CVE1 critCVSS 4.9
NEW
magic os (9) · magic ui (7) · magicos (6)
33mediatek, inc.—
30 CVECVSS 6.7
mt2735, mt2737, mt6297, mt6298, mt6813, mt6815, mt6833, mt6835, mt6853, mt6855, mt6873, mt6875, mt6875t, mt6877, mt6879, mt6880, mt6883, mt6885, mt6886, mt6889, mt6890, mt6891, mt6893, mt6895, mt6895t, mt6896, mt6897, mt6980, mt6980d, mt6983, mt6985, mt6989, mt6990 (6) · mt6761, mt6765, mt6768, mt6779, mt6781, mt6785, mt6789, mt6833, mt6835, mt6853, mt6855, mt6873, mt6877, mt6879, mt6883, mt6885, mt6886, mt6889, mt6893, mt6895, mt6983, mt6985, mt8188, mt8195, mt8673, mt8781 (3) · mt6765, mt6768, mt6833, mt6879, mt6883, mt6885, mt6889, mt6893, mt6983, mt6985, mt8188, mt8195, mt8797, mt8798 (2)
34samsung—
30 CVECVSS 5.6
android (15) · exynos 2100 firmware (3) · exynos 980 firmware (3)
35apple inc.—
29 CVECVSS 6.8
NEWPoC 3
macos (29) · ios (9) · ipados (8)
36apache—
28 CVE6 critCVSS 7.4
Nuclei 5PoC 4
airflow (4) · superset (3) · hertzbeat (3)
37fedoraproject—
27 CVE1 critCVSS 6.6
KEV 2Nuclei 2PoC 8
fedora (27) · extra packages for enterprise linux (4)
38jfinalcms project—
27 CVECVSS 7.9
NEWPoC 5
jfinalcms (27)
39shenzhen tenda technology co., ltd.—
27 CVE27 critCVSS 9.8
NEWPoC 9
tenda i29 (8) · tenda w9 (5) · tenda m3 (4)
40samsung mobile—
26 CVECVSS 6.1
samsung mobile devices (15) · galaxy store (2) · samsung pass (2)
41ivanti—
25 CVE19 critCVSS 9.2
NEW
avalanche (22) · connect secure (3) · wavelink (3)
42apache software foundation—
24 CVE6 critCVSS 7.6
Nuclei 4PoC 2
apache airflow (4) · airflow (4) · apache ofbiz (3)
43hihonor—
24 CVE1 critCVSS 5.1
NEW
magic ui (7) · magic os (5) · nth-an00 firmware (4)
44sourcecodester—
24 CVECVSS 4.8
PoC 22
simple student attendance system (8) · user registration and login system (3) · medicine tracking system (2)
45fedora project—
22 CVE2 critCVSS 7.2
KEV 1PoC 5
fedora (21) · fedora epel (1)
46mozilla—
22 CVECVSS 7.3
NEW
firefox (18) · thunderbird (11) · firefox esr (11)
47mozilla corp.—
22 CVECVSS 7.2
NEW
firefox (18) · firefox esr (11) · thunderbird (11)
48phpgurukul—
20 CVE3 critCVSS 5.4
NEWNuclei 2PoC 18
online notes sharing system (6) · nipah virus testing management system (4) · student result management system (3)
49fabian—
18 CVECVSS 5.5
NEWPoC 18
client details system (7) · e-commerce website (4) · library management system (3)
50phpjabbers—
18 CVECVSS 6.8
NEWNuclei 2PoC 18
time slots booking calendar (4) · appointment scheduler (4) · availability booking calendar (4)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	adobe	220	·	·	·		experience manager (193) · adobe experience manager (193) · experience manager cloud service (113)	—
2	adobe systems inc.	219	·	·	·		adobe experience manager (192) · adobe substance 3d sampler (6) · adobe after effects (4)	—
3	google	196	21	1	·	KEV 1PoC 1	android (182) · chrome (13) · chromecast firmware (4)	—
4	maven	117	18	·	8	Nuclei 8PoC 28	com.jfinal:jfinal (27) · org.silverpeas.core:silverpeas-core-web (7) · com.cloudtp.jenkins:paaslane-estimate (4)	—
5	ооо «ред софт»	106	6	1	4	KEV 1Nuclei 4PoC 23	ред ос (106)	—
6	сообщество свободного программного обеспечения	103	10	2	4	KEV 2Nuclei 4PoC 19	debian gnu/linux (67) · linux (16) · xwiki platform (5)	—
7	unisoc (shanghai) technologies co., ltd.	83	·	·	·	NEW	sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 (73) · sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 (6) · t606/t612/t616 (2)	—
8	ооо «русбитех-астра»	82	3	1	2	KEV 1Nuclei 2PoC 12	astra linux special edition (81) · astra linux common edition (8) · astra linux special edition для «эльбрус» (3)	—
9	ао "нппкт"	68	2	1	2	KEV 1Nuclei 2PoC 9	осон основа оnyx (68)	—
10	ао «ивк»	57	2	·	1	Nuclei 1PoC 8	альт сп 10 (51) · альт 8 сп (27)	—
11	ibm	54	·	·	·		db2 for linux, unix and windows (8) · infosphere information server (8) · db2 (8)	—
12	pypi	52	5	·	12	Nuclei 12PoC 11	mlflow (11) · apache-airflow (4) · apache-superset (3)	—
13	unknown	52	3	·	50	Nuclei 50PoC 49	wp mail log (5) · welcart e-commerce (3) · wp all export pro (3)	—
14	microsoft	48	4	·	1	Nuclei 1PoC 4	windows server 2022, 23h2 edition (server core installation) (19) · windows server 2019 (18) · windows server 2019 (server core installation) (18)	—
15	microsoft corp	47	3	1	·	KEV 1PoC 2	windows server 2019 (18) · windows server 2022 (18) · windows server 2022, 23h2 edition (server core installation) (18)	—
16	tenda	47	47	·	·	PoC 19	w30e firmware (11) · i29 firmware (9) · ax9 firmware (8)	—
17	packagist	43	1	·	5	Nuclei 5PoC 18	concrete5/concrete5 (5) · automad/automad (4) · microweber/microweber (4)	—
18	totolink	40	37	·	1	Nuclei 1PoC 19	ex1800t firmware (18) · x6000r firmware (7) · x2000r firmware (3)	—
19	debian	39	1	2	2	KEV 2Nuclei 2PoC 6	debian linux (39)	—
20	qualcomm	38	3	3	·	NEWKEV 3	wcd9380 firmware (36) · qca6391 firmware (35) · wsa8835 firmware (34)	—
21	qualcomm, inc.	38	3	3	·	NEWKEV 3	snapdragon (38)	—
22	npm	37	3	·	1	Nuclei 1PoC 12	@evershop/evershop (7) · uptime-kuma (2) · nuxt-api-party (2)	—
23	red hat inc.	37	·	·	·	PoC 5	red hat enterprise linux (31) · red hat software collections (3) · ansible (2)	—
24	red hat	36	·	·	·	NEWPoC 2	red hat enterprise linux 9 (19) · red hat enterprise linux 8 (18) · red hat enterprise linux 6 (17)	—
25	apple	35	·	·	1	Nuclei 1PoC 4	macos (33) · ipados (12) · iphone os (12)	—
26	dell	35	·	·	·		powerprotect data domain management center (8) · powerprotect data protection (7) · emc data domain os (7)	—
27	redhat	35	·	·	1	Nuclei 1PoC 4	enterprise linux (16) · enterprise linux eus (7) · single sign-on (6)	—
28	code-projects	32	·	·	·	NEWPoC 32	client details system (7) · e-commerce website (4) · faculty management system (3)	—
29	go	32	1	·	2	Nuclei 2PoC 7	github.com/traefik/traefik/v3 (3) · github.com/mattermost/mattermost/server/v8 (3) · github.com/traefik/traefik/v2 (3)	—
30	google inc	31	12	1	·	KEV 1PoC 1	android (16) · google chrome (13) · chrome os (12)	—
31	ао «нтц ит роса»	31	1	·	1	Nuclei 1PoC 7	роса хром (19) · rosa virtualization 3.0 (15) · роса кобальт (8)	—
32	honor	30	1	·	·	NEW	magic os (9) · magic ui (7) · magicos (6)	—
33	mediatek, inc.	30	·	·	·		mt2735, mt2737, mt6297, mt6298, mt6813, mt6815, mt6833, mt6835, mt6853, mt6855, mt6873, mt6875, mt6875t, mt6877, mt6879, mt6880, mt6883, mt6885, mt6886, mt6889, mt6890, mt6891, mt6893, mt6895, mt6895t, mt6896, mt6897, mt6980, mt6980d, mt6983, mt6985, mt6989, mt6990 (6) · mt6761, mt6765, mt6768, mt6779, mt6781, mt6785, mt6789, mt6833, mt6835, mt6853, mt6855, mt6873, mt6877, mt6879, mt6883, mt6885, mt6886, mt6889, mt6893, mt6895, mt6983, mt6985, mt8188, mt8195, mt8673, mt8781 (3) · mt6765, mt6768, mt6833, mt6879, mt6883, mt6885, mt6889, mt6893, mt6983, mt6985, mt8188, mt8195, mt8797, mt8798 (2)	—
34	samsung	30	·	·	·		android (15) · exynos 2100 firmware (3) · exynos 980 firmware (3)	—
35	apple inc.	29	·	·	·	NEWPoC 3	macos (29) · ios (9) · ipados (8)	—
36	apache	28	6	·	5	Nuclei 5PoC 4	airflow (4) · superset (3) · hertzbeat (3)	—
37	fedoraproject	27	1	2	2	KEV 2Nuclei 2PoC 8	fedora (27) · extra packages for enterprise linux (4)	—
38	jfinalcms project	27	·	·	·	NEWPoC 5	jfinalcms (27)	—
39	shenzhen tenda technology co., ltd.	27	27	·	·	NEWPoC 9	tenda i29 (8) · tenda w9 (5) · tenda m3 (4)	—
40	samsung mobile	26	·	·	·		samsung mobile devices (15) · galaxy store (2) · samsung pass (2)	—
41	ivanti	25	19	·	·	NEW	avalanche (22) · connect secure (3) · wavelink (3)	—
42	apache software foundation	24	6	·	4	Nuclei 4PoC 2	apache airflow (4) · airflow (4) · apache ofbiz (3)	—
43	hihonor	24	1	·	·	NEW	magic ui (7) · magic os (5) · nth-an00 firmware (4)	—
44	sourcecodester	24	·	·	·	PoC 22	simple student attendance system (8) · user registration and login system (3) · medicine tracking system (2)	—
45	fedora project	22	2	1	·	KEV 1PoC 5	fedora (21) · fedora epel (1)	—
46	mozilla	22	·	·	·	NEW	firefox (18) · thunderbird (11) · firefox esr (11)	—
47	mozilla corp.	22	·	·	·	NEW	firefox (18) · firefox esr (11) · thunderbird (11)	—
48	phpgurukul	20	3	·	2	NEWNuclei 2PoC 18	online notes sharing system (6) · nipah virus testing management system (4) · student result management system (3)	—
49	fabian	18	·	·	·	NEWPoC 18	client details system (7) · e-commerce website (4) · library management system (3)	—
50	phpjabbers	18	·	·	2	NEWNuclei 2PoC 18	time slots booking calendar (4) · appointment scheduler (4) · availability booking calendar (4)	—