CVE Tools
Sign in
month report

February 2024

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

February 2024 closed with 2,983 published CVEs. 322 criticals, 9 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Top weakness class — CWE-79 (438 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
2,983
— MoM— YoY
Severity mix
322 / 892
critical / high
KEV added
9
4 ransomware-linked
Nuclei coverage
15.4%
459 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
753.2
n=459
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
20
n=11
Detection gap

KEV pressure, no Nuclei coverage

February 2024 · vendors with active exploitation listed by CISA but no public detection template.

Weakness × Vendor

What's spreading where in February 2024

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS89SQL Injection787Out-of-bounds Write352CSRF284CWE-284416Use After Free476NULL Pointer Dereference862Missing Authorization22Path Traversal125Out-of-bounds Readсообщество свободного программного обеспечения221115262219linux9445815ооо «ред софт»21131253118ооо «русбитех-астра»215126258ао "нппкт"1181954ао «ивк»169156maven1631313microsoft corp8115733ibm811212microsoft824522canonical ltd.6954intel12411

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1сообщество свободного программного обеспечения
    405 CVE10 critCVSS 6.4
    PoC 28
    linux (303) · debian gnu/linux (194) · gguf (5)
  • 2linux
    299 CVECVSS 6.1
    PoC 4
    linux kernel (299) · linux (279)
  • 3ооо «ред софт»
    205 CVE4 critCVSS 6.6
    PoC 21
    ред ос (205)
  • 4ооо «русбитех-астра»
    183 CVE3 critCVSS 6.5
    PoC 17
    astra linux special edition (144) · astra linux special edition для «эльбрус» (60) · astra linux common edition (8)
  • 5ао "нппкт"
    96 CVE4 critCVSS 6.7
    PoC 12
    осон основа оnyx (96)
  • 6ао «ивк»
    92 CVECVSS 6.3
    PoC 10
    альт сп 10 (84) · альт 8 сп (56)
  • 7maven
    89 CVE20 critCVSS 7.2
    Nuclei 1PoC 6
    com.liferay.portal:release.portal.bom (33) · com.liferay.portal:release.dxp.bom (32) · org.apache.dolphinscheduler:dolphinscheduler (4)
  • 8microsoft corp
    88 CVE9 critCVSS 7.9
    KEV 5PoC 4
    windows server 2022, 23h2 edition (server core installation) (44) · windows 11 23h2 (43) · windows 11 22h2 (43)
  • 9ibm
    86 CVE2 critCVSS 6.0
    Nuclei 2PoC 1
    powersc (13) · security verify access appliance (12) · security verify access docker (12)
  • 10microsoft
    81 CVE8 critCVSS 7.8
    KEV 5Nuclei 1PoC 3
    windows server 2022 23h2 (43) · windows server 2022, 23h2 edition (server core installation) (42) · windows 11 version 22h2 (41)
  • 11canonical ltd.
    76 CVECVSS 6.4
    PoC 8
    ubuntu (74) · ubuntu edk ii (1) · lxd (1)
  • 12intel
    75 CVECVSS 6.1
    thunderbolt dch driver (20) · proset\/wireless (9) · killer (9)
  • 13intel corp.
    72 CVECVSS 5.6
    thunderbolt dch driver (21) · intel killer wi-fi (10) · intel proset/wireless wifi (10)
  • 14ао «нтц ит роса»
    71 CVE1 critCVSS 6.5
    PoC 6
    rosa virtualization 3.0 (53) · роса хром (19) · роса кобальт (12)
  • 15fedoraproject
    69 CVE11 critCVSS 7.1
    PoC 16
    fedora (68) · unbound (1)
  • 16pypi
    66 CVE12 critCVSS 6.9
    Nuclei 4PoC 9
    vyper (6) · apache-superset (6) · clearml (3)
  • 17packagist
    64 CVE6 critCVSS 6.2
    Nuclei 2PoC 8
    moodle/moodle (7) · getkirby/cms (6) · typo3/cms-core (4)
  • 18red hat inc.
    63 CVE3 critCVSS 6.8
    PoC 6
    red hat enterprise linux (59) · red hat enterprise linux workstation (6) · red hat enterprise linux server (6)
  • 19google
    62 CVE4 critCVSS 7.2
    PoC 2
    android (50) · chrome (12)
  • 20go
    52 CVE2 critCVSS 5.5
    PoC 3
    github.com/mattermost/mattermost/server/v8 (11) · github.com/greenpau/caddy-security (10) · github.com/apache/incubator-answer (3)
  • 21dell
    47 CVE5 critCVSS 6.8
    unity (16) · unity operating environment (16) · supportassist for home pcs (3)
  • 22oracle corp.
    45 CVECVSS 5.6
    NEWKEV 1Nuclei 1PoC 1
    mysql server (10) · e-business suite (9) · graalvm enterprise edition (5)
  • 23oracle
    43 CVECVSS 5.3
    NEWKEV 1Nuclei 1
    mysql server (12) · graalvm (5) · jre (5)
  • 24oracle corporation
    43 CVECVSS 5.5
    NEWKEV 1Nuclei 1
    mysql server (12) · java se jdk and jre (5) · installed base (4)
  • 25apache
    41 CVE11 critCVSS 7.3
    PoC 4
    superset (6) · dolphinscheduler (5) · solr (4)
  • 26apache software foundation
    38 CVE8 critCVSS 7.3
    PoC 2
    apache superset (6) · apache dolphinscheduler (5) · apache solr (4)
  • 27liferay
    35 CVE13 critCVSS 7.1
    NEWNuclei 1
    digital experience platform (35) · liferay portal (34) · dxp (33)
  • 28fedora project
    34 CVE3 critCVSS 7.5
    PoC 7
    fedora (34)
  • 29debian
    33 CVE2 critCVSS 6.5
    PoC 7
    debian linux (33)
  • 30qnap
    32 CVE1 critCVSS 5.6
    NEWNuclei 1PoC 2
    qts (29) · qutscloud (29) · quts hero (28)
  • 31qnap systems inc.
    32 CVE1 critCVSS 5.7
    NEWNuclei 1PoC 2
    quts hero (29) · qts (29) · qutscloud (28)
  • 32qnap systems, inc.
    32 CVE1 critCVSS 5.7
    NEWNuclei 1PoC 2
    qts (29) · quts hero (28) · qutscloud (28)
  • 33adobe
    31 CVE3 critCVSS 6.8
    acrobat (14) · acrobat dc (14) · acrobat reader (14)
  • 34adobe systems inc.
    31 CVE3 critCVSS 6.8
    adobe acrobat 2020 (14) · adobe acrobat document cloud (14) · adobe acrobat reader 2020 (14)
  • 35npm
    29 CVE4 critCVSS 7.0
    Nuclei 1PoC 8
    stimulsoft-dashboards-js (3) · ckeditor4 (2) · undici (2)
  • 36code-projects
    28 CVE6 critCVSS 7.7
    NEWPoC 14
    simple school management system (8) · library system (5) · task manager (5)
  • 37siemens
    28 CVE1 critCVSS 7.1
    NEW
    tecnomatix plant simulation v2201 (10) · tecnomatix plant simulation (10) · tecnomatix plant simulation v2302 (10)
  • 38apple
    27 CVECVSS 5.9
    macos (23) · iphone os (17) · ios and ipados (16)
  • 39red hat
    27 CVECVSS 6.7
    NEW
    red hat enterprise linux 9 (19) · red hat enterprise linux 7 (19) · red hat enterprise linux 8 (19)
  • 40siemens ag
    27 CVE1 critCVSS 7.4
    NEW
    tecnomatix plant simulation (10) · simcenter femap (6) · simatic wincc runtime professional (2)
  • 41huawei
    26 CVE4 critCVSS 7.2
    harmonyos (26) · emui (25)
  • 42qualcomm
    26 CVE1 critCVSS 7.4
    NEW
    fastconnect 6900 firmware (25) · fastconnect 7800 firmware (25) · wcd9380 firmware (25)
  • 43qualcomm, inc.
    26 CVE1 critCVSS 7.5
    NEW
    snapdragon (26)
  • 44redhat
    25 CVECVSS 6.6
    enterprise linux (19) · enterprise linux eus (6) · enterprise linux for arm 64 eus (5)
  • 45unknown
    25 CVE2 critCVSS 6.1
    Nuclei 25PoC 24
    wp jobsearch (2) · chartjs (2) · mappress maps for wordpress (2)
  • 46netapp
    24 CVECVSS 6.3
    PoC 6
    active iq unified manager (10) · oncommand insight (5) · h615c firmware (3)
  • 47sourcecodester
    22 CVE1 critCVSS 5.5
    PoC 20
    employee management system (5) · online job portal (3) · web-based student clearance system (2)
  • 48dell technologies
    21 CVE1 critCVSS 7.3
    NEW
    emc unity operating environment (15) · powerprotect data manager (2) · encryption (1)
  • 49google inc
    21 CVE2 critCVSS 7.9
    PoC 3
    google chrome (12) · chrome os (5) · android (3)
  • 50f5
    20 CVECVSS 7.2
    big-ip (15) · big-ip application security manager (12) · big-ip advanced firewall manager (9)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-79438
2CWE-89173
3CWE-787128
4CWE-352124
5CWE-28498
6CWE-41692
7CWE-47690
8CWE-86281
9CWE-2276
10CWE-12574
11CWE-43467
12CWE-7861
13CWE-2058
14CWE-40057
15CWE-20056
16CWE-9453
17CWE-12245
18CWE-40144
19CWE-7743
20CWE-12034