month report

January 2024

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

January 2024 closed with 2,698 published CVEs. 312 criticals, 21 added to CISA KEV (8 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via debian gnu/linux. Top weakness class — CWE-79 (447 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

2,698

— MoM— YoY

Severity mix

312 / 909

critical / high

KEV added

8 ransomware-linked

Nuclei coverage

16.4%

442 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

781.0

n=442

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=13

Detection gap

KEV pressure, no Nuclei coverage

January 2024 · vendors with active exploitation listed by CISA but no public detection template.

KEV 4ооо «русбитех-астра»111 CVE
KEV 3apple84 CVE
KEV 2apple inc.68 CVE
KEV 2linux42 CVE
KEV 1microsoft corp80 CVE
KEV 1google61 CVE
KEV 1red hat inc.51 CVE
KEV 1redhat40 CVE

Weakness × Vendor

What's spreading where in January 2024

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#7gtkwave82 CVE
#8tonybybell82 CVE
#13apple inc.68 CVE
#19red hat51 CVE
#22kashipara46 CVE
#23oracle43 CVE
#24oracle corp.43 CVE
#25oracle corporation43 CVE
#27ajaysharma41 CVE
#28cups easy41 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
152 CVE13 critCVSS 6.7
KEV 3Nuclei 5PoC 38
debian gnu/linux (70) · linux (44) · mediawiki (7)
2ооо «ред софт»—
143 CVE9 critCVSS 6.8
KEV 4Nuclei 2PoC 35
ред ос (143)
3unknown—
139 CVE7 critCVSS 6.3
Nuclei 133PoC 133
eventon (8) · estatik real estate plugin (3) · essential real estate (3)
4ооо «русбитех-астра»—
111 CVE4 critCVSS 6.7
KEV 4PoC 21
astra linux special edition (109) · astra linux special edition для «эльбрус» (9) · astra linux common edition (6)
5ао «ивк»—
85 CVE1 critCVSS 6.4
KEV 2Nuclei 1PoC 20
альт сп 10 (78) · альт 8 сп (48)
6apple—
84 CVE1 critCVSS 6.3
KEV 3PoC 1
macos (76) · ios and ipados (52) · iphone os (51)
7gtkwave—
82 CVECVSS 7.7
NEWPoC 33
gtkwave (82)
8tonybybell—
82 CVECVSS 7.7
NEWPoC 33
gtkwave (82)
9ао "нппкт"—
82 CVE3 critCVSS 6.9
KEV 4Nuclei 1PoC 12
осон основа оnyx (82)
10microsoft corp—
80 CVE4 critCVSS 6.9
KEV 1PoC 3
windows 11 22h2 (35) · windows server 2022 (server core installation) (35) · windows server 2022, 23h2 edition (server core installation) (35)
11pypi—
77 CVE14 critCVSS 6.7
Nuclei 4PoC 15
paddlepaddle (19) · pyload-ng (4) · whoogle-search (4)
12totolink—
73 CVE35 critCVSS 7.8
Nuclei 11PoC 42
a3300r firmware (15) · lr1200gb firmware (13) · lr1200gb (13)
13apple inc.—
68 CVE1 critCVSS 6.3
NEWKEV 2
macos (66) · ipados (36) · ios (36)
14maven—
62 CVE9 critCVSS 7.0
KEV 1Nuclei 6PoC 21
de.tum.in.ase:artemis-java-test-sandbox (6) · com.jfinal:jfinal (4) · io.jenkins.plugins:gitlab-branch-source (3)
15microsoft—
62 CVE4 critCVSS 6.9
PoC 2
windows server 2022, 23h2 edition (server core installation) (35) · windows 11 22h2 (35) · windows 11 23h2 (35)
16google—
61 CVE4 critCVSS 7.1
KEV 1PoC 2
android (36) · chrome (22) · pixel watch (2)
17fedoraproject—
56 CVE2 critCVSS 7.0
KEV 2Nuclei 2PoC 10
fedora (56) · extra packages for enterprise linux (2)
18tenda—
55 CVE23 critCVSS 7.9
PoC 36
ax1803 firmware (21) · ac10u (11) · w9 firmware (7)
19red hat—
51 CVE1 critCVSS 6.7
NEWNuclei 1PoC 10
red hat enterprise linux 9 (45) · red hat enterprise linux 8 (45) · red hat enterprise linux 7 (44)
20red hat inc.—
51 CVE3 critCVSS 6.9
KEV 1PoC 10
red hat enterprise linux (47) · openshift container platform (2) · red hat build of openjdk (2)
21go—
46 CVE5 critCVSS 6.7
PoC 2
github.com/cubefs/cubefs (5) · github.com/0xjacky/nginx-ui (5) · github.com/moby/buildkit (4)
22kashipara—
46 CVE17 critCVSS 7.0
NEWNuclei 1PoC 36
food management system (19) · billing software (13) · travel website (6)
23oracle—
43 CVECVSS 5.8
NEW
mysql (12) · graalvm (6) · graalvm for jdk (5)
24oracle corp.—
43 CVECVSS 5.7
NEW
mysql server (12) · e-business suite (7) · graalvm enterprise edition (6)
25oracle corporation—
43 CVECVSS 5.5
NEW
mysql server (12) · java se jdk and jre (5) · audit vault and database firewall (3)
26linux—
42 CVECVSS 6.2
KEV 2PoC 8
linux kernel (42) · kernel (2) · linux (2)
27ajaysharma—
41 CVECVSS 8.2
NEW
cups easy (41)
28cups easy—
41 CVECVSS 8.2
NEW
cups easy (purchase & inventory) (41)
29redhat—
40 CVE1 critCVSS 6.8
KEV 1PoC 6
enterprise linux (33) · shim (6) · enterprise linux for ibm z systems (6)
30fedora project—
37 CVE2 critCVSS 7.4
KEV 1Nuclei 2PoC 6
fedora (37) · fedora epel (2)
31packagist—
36 CVE3 critCVSS 6.3
Nuclei 4PoC 16
gilacms/gila (3) · tinymce/tinymce (3) · wwbn/avideo (3)
32ао «нтц ит роса»—
35 CVE1 critCVSS 6.7
KEV 1PoC 7
rosa virtualization 3.0 (20) · роса кобальт (11) · роса хром (11)
33shenzhen tenda technology co., ltd.—
34 CVE3 critCVSS 6.9
NEWPoC 25
tenda ac10u (11) · tenda w9 (7) · tenda i6 (4)
34trendmicro—
34 CVECVSS 7.2
NEW
apex one (17) · apex central (11) · mobile security (3)
35trend micro, inc.—
34 CVECVSS 7.3
NEW
trend micro apex one (16) · trend micro apex one as a service (16) · trend micro apex central (12)
36npm—
33 CVE6 critCVSS 7.1
Nuclei 1PoC 10
tinymce (6) · meshcentral (2) · @evershop/evershop (2)
37ibm—
30 CVE4 critCVSS 6.3
db2 (9) · db2 for linux, unix and windows (8) · vios (4)
38code-projects—
28 CVECVSS 5.8
NEWPoC 21
fighting cock information system (9) · dormitory management system (4) · online faculty clearance (4)
39bosch—
26 CVECVSS 7.0
NEW
nexo-os (25) · bcc101 firmware (1) · bcc102 (1)
40qualcomm—
26 CVE3 critCVSS 7.9
NEW
wsa8810 firmware (23) · wsa8830 firmware (23) · wsa8835 firmware (23)
41qualcomm, inc.—
26 CVE3 critCVSS 7.9
NEW
snapdragon (26)
42sourcecodester—
26 CVECVSS 4.7
PoC 21
engineers online portal (7) · employee management system (5) · house rental management system (4)
43hathway—
25 CVECVSS 6.9
NEW
skyworth router cm5100 (25)
44juniper—
25 CVE1 critCVSS 6.8
NEWNuclei 1PoC 25
junos (21) · junos os evolved (8) · paragon active assurance control center (1)
45juniper networks—
25 CVE1 critCVSS 6.8
NEWNuclei 1PoC 25
junos os (21) · junos os evolved (8) · paragon active assurance (1)
46juniper networks inc.—
25 CVE1 critCVSS 6.8
NEWNuclei 1PoC 25
junos (21) · junos os evolved (8) · paragon active assurance (1)
47linecorp—
25 CVECVSS 5.5
NEWPoC 25
line (25)
48rexroth—
25 CVECVSS 6.8
NEW
nexo cordless nutrunner nxa011s-36v (0608842011) (25) · nexo cordless nutrunner nxa011s-36v-b (0608842012) (25) · nexo cordless nutrunner nxa015s-36v (0608842001) (25)
49skyworthdigital—
25 CVECVSS 6.9
NEW
cm5100 firmware (25)
50siemens—
24 CVE2 critCVSS 7.4
NEW
solid edge se2023 (11) · teamcenter visualization v14.3 (4) · jt2go (4)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	152	13	3	5	KEV 3Nuclei 5PoC 38	debian gnu/linux (70) · linux (44) · mediawiki (7)	—
2	ооо «ред софт»	143	9	4	2	KEV 4Nuclei 2PoC 35	ред ос (143)	—
3	unknown	139	7	·	133	Nuclei 133PoC 133	eventon (8) · estatik real estate plugin (3) · essential real estate (3)	—
4	ооо «русбитех-астра»	111	4	4	·	KEV 4PoC 21	astra linux special edition (109) · astra linux special edition для «эльбрус» (9) · astra linux common edition (6)	—
5	ао «ивк»	85	1	2	1	KEV 2Nuclei 1PoC 20	альт сп 10 (78) · альт 8 сп (48)	—
6	apple	84	1	3	·	KEV 3PoC 1	macos (76) · ios and ipados (52) · iphone os (51)	—
7	gtkwave	82	·	·	·	NEWPoC 33	gtkwave (82)	—
8	tonybybell	82	·	·	·	NEWPoC 33	gtkwave (82)	—
9	ао "нппкт"	82	3	4	1	KEV 4Nuclei 1PoC 12	осон основа оnyx (82)	—
10	microsoft corp	80	4	1	·	KEV 1PoC 3	windows 11 22h2 (35) · windows server 2022 (server core installation) (35) · windows server 2022, 23h2 edition (server core installation) (35)	—
11	pypi	77	14	·	4	Nuclei 4PoC 15	paddlepaddle (19) · pyload-ng (4) · whoogle-search (4)	—
12	totolink	73	35	·	11	Nuclei 11PoC 42	a3300r firmware (15) · lr1200gb firmware (13) · lr1200gb (13)	—
13	apple inc.	68	1	2	·	NEWKEV 2	macos (66) · ipados (36) · ios (36)	—
14	maven	62	9	1	6	KEV 1Nuclei 6PoC 21	de.tum.in.ase:artemis-java-test-sandbox (6) · com.jfinal:jfinal (4) · io.jenkins.plugins:gitlab-branch-source (3)	—
15	microsoft	62	4	·	·	PoC 2	windows server 2022, 23h2 edition (server core installation) (35) · windows 11 22h2 (35) · windows 11 23h2 (35)	—
16	google	61	4	1	·	KEV 1PoC 2	android (36) · chrome (22) · pixel watch (2)	—
17	fedoraproject	56	2	2	2	KEV 2Nuclei 2PoC 10	fedora (56) · extra packages for enterprise linux (2)	—
18	tenda	55	23	·	·	PoC 36	ax1803 firmware (21) · ac10u (11) · w9 firmware (7)	—
19	red hat	51	1	·	1	NEWNuclei 1PoC 10	red hat enterprise linux 9 (45) · red hat enterprise linux 8 (45) · red hat enterprise linux 7 (44)	—
20	red hat inc.	51	3	1	·	KEV 1PoC 10	red hat enterprise linux (47) · openshift container platform (2) · red hat build of openjdk (2)	—
21	go	46	5	·	·	PoC 2	github.com/cubefs/cubefs (5) · github.com/0xjacky/nginx-ui (5) · github.com/moby/buildkit (4)	—
22	kashipara	46	17	·	1	NEWNuclei 1PoC 36	food management system (19) · billing software (13) · travel website (6)	—
23	oracle	43	·	·	·	NEW	mysql (12) · graalvm (6) · graalvm for jdk (5)	—
24	oracle corp.	43	·	·	·	NEW	mysql server (12) · e-business suite (7) · graalvm enterprise edition (6)	—
25	oracle corporation	43	·	·	·	NEW	mysql server (12) · java se jdk and jre (5) · audit vault and database firewall (3)	—
26	linux	42	·	2	·	KEV 2PoC 8	linux kernel (42) · kernel (2) · linux (2)	—
27	ajaysharma	41	·	·	·	NEW	cups easy (41)	—
28	cups easy	41	·	·	·	NEW	cups easy (purchase & inventory) (41)	—
29	redhat	40	1	1	·	KEV 1PoC 6	enterprise linux (33) · shim (6) · enterprise linux for ibm z systems (6)	—
30	fedora project	37	2	1	2	KEV 1Nuclei 2PoC 6	fedora (37) · fedora epel (2)	—
31	packagist	36	3	·	4	Nuclei 4PoC 16	gilacms/gila (3) · tinymce/tinymce (3) · wwbn/avideo (3)	—
32	ао «нтц ит роса»	35	1	1	·	KEV 1PoC 7	rosa virtualization 3.0 (20) · роса кобальт (11) · роса хром (11)	—
33	shenzhen tenda technology co., ltd.	34	3	·	·	NEWPoC 25	tenda ac10u (11) · tenda w9 (7) · tenda i6 (4)	—
34	trendmicro	34	·	·	·	NEW	apex one (17) · apex central (11) · mobile security (3)	—
35	trend micro, inc.	34	·	·	·	NEW	trend micro apex one (16) · trend micro apex one as a service (16) · trend micro apex central (12)	—
36	npm	33	6	·	1	Nuclei 1PoC 10	tinymce (6) · meshcentral (2) · @evershop/evershop (2)	—
37	ibm	30	4	·	·		db2 (9) · db2 for linux, unix and windows (8) · vios (4)	—
38	code-projects	28	·	·	·	NEWPoC 21	fighting cock information system (9) · dormitory management system (4) · online faculty clearance (4)	—
39	bosch	26	·	·	·	NEW	nexo-os (25) · bcc101 firmware (1) · bcc102 (1)	—
40	qualcomm	26	3	·	·	NEW	wsa8810 firmware (23) · wsa8830 firmware (23) · wsa8835 firmware (23)	—
41	qualcomm, inc.	26	3	·	·	NEW	snapdragon (26)	—
42	sourcecodester	26	·	·	·	PoC 21	engineers online portal (7) · employee management system (5) · house rental management system (4)	—
43	hathway	25	·	·	·	NEW	skyworth router cm5100 (25)	—
44	juniper	25	1	·	1	NEWNuclei 1PoC 25	junos (21) · junos os evolved (8) · paragon active assurance control center (1)	—
45	juniper networks	25	1	·	1	NEWNuclei 1PoC 25	junos os (21) · junos os evolved (8) · paragon active assurance (1)	—
46	juniper networks inc.	25	1	·	1	NEWNuclei 1PoC 25	junos (21) · junos os evolved (8) · paragon active assurance (1)	—
47	linecorp	25	·	·	·	NEWPoC 25	line (25)	—
48	rexroth	25	·	·	·	NEW	nexo cordless nutrunner nxa011s-36v (0608842011) (25) · nexo cordless nutrunner nxa011s-36v-b (0608842012) (25) · nexo cordless nutrunner nxa015s-36v (0608842001) (25)	—
49	skyworthdigital	25	·	·	·	NEW	cm5100 firmware (25)	—
50	siemens	24	2	·	·	NEW	solid edge se2023 (11) · teamcenter visualization v14.3 (4) · jt2go (4)	—