month report
April 2024
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
April 2024 closed with 3,769 published CVEs. 280 criticals, 10 added to CISA KEV (1 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Top weakness class — CWE-79 (619 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
3,769
— MoM— YoY
Severity mix
280 / 1,221
critical / high
KEV added
10
1 ransomware-linked
Nuclei coverage
23.8%
897 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
690.5
n=897
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
5
n=8
Detection gap
KEV pressure, no Nuclei coverage
April 2024 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 2google79 CVE
- KEV 2google inc24 CVE
- KEV 2cisco22 CVE
- KEV 1microsoft corp175 CVE
- KEV 1microsoft152 CVE
Weakness × Vendor
What's spreading where in April 2024
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS352CSRF89SQL Injection787Out-of-bounds Write121CWE-121125Out-of-bounds Read862Missing Authorization416Use After Free476NULL Pointer Dereference22Path Traversalсообщество свободного программного обеспечения5229121248741linux291223970ооо «ред софт»32012112943ао "нппкт"21711813945ооо «русбитех-астра»2142163028red hat inc.213111337microsoft corp4410141721microsoft229111221oracle corp.7441oracle7441oracle corporation7441debian11411419
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #9oracle corp.135 CVE
- #10oracle133 CVE
- #11oracle corporation133 CVE
- #24shenzhen tenda technology co., ltd.54 CVE
- #31red hat40 CVE
- #33ivanti32 CVE
- #34juniper networks inc.32 CVE
- #36juniper31 CVE
- #37juniper networks31 CVE
- #44broadcom26 CVE
Top vendors
Ranked by distinct CVE count this period.
- 474 CVE16 critCVSS 6.1Nuclei 3PoC 30linux (332) · debian gnu/linux (288) · xwiki platform (7)
- 358 CVECVSS 5.9PoC 2linux kernel (358) · linux (357)
- 333 CVE10 critCVSS 6.2Nuclei 2PoC 15ред ос (333)
- 279 CVE7 critCVSS 6.2Nuclei 2PoC 11осон основа оnyx (279)
- 213 CVE7 critCVSS 6.6Nuclei 3PoC 17astra linux special edition (207) · astra linux common edition (38) · astra linux special edition для «эльбрус» (18)
- 186 CVE2 critCVSS 6.0Nuclei 2PoC 1red hat enterprise linux (170) · red hat software collections (5) · red hat ansible automation platform (5)
- 175 CVE2 critCVSS 7.3KEV 1PoC 9windows server 2022, 23h2 edition (server core installation) (87) · windows server 2022 (82) · windows server 2022 (server core installation) (82)
- 152 CVE1 critCVSS 7.4KEV 1PoC 3windows server 2022, 23h2 edition (server core installation) (85) · windows server 2022 23h2 (82) · windows server 2022 (80)
- 135 CVE5 critCVSS 5.8NEWNuclei 1PoC 2e-business suite (42) · oracle complex maintenance, repair, and overhaul (31) · mysql server (26)
- 133 CVE5 critCVSS 5.5NEWNuclei 1PoC 1complex maintenance repair and overhaul (31) · vm virtualbox (13) · mysql server (13)
- 133 CVE5 critCVSS 5.8NEWNuclei 1PoC 1complex maintenance, repair, and overhaul (31) · mysql server (25) · vm virtualbox (13)
- 124 CVECVSS 5.9Nuclei 1PoC 6debian linux (123) · debian based gnu grub (1)
- 113 CVE2 critCVSS 6.1Nuclei 1PoC 4ubuntu (112) · pebble (1)
- 102 CVE7 critCVSS 8.4PoC 57w30e firmware (13) · w15e (13) · w15e firmware (13)
- 87 CVECVSS 5.8PoC 85online courseware (13) · aplaya beach resort online reservation system (11) · computer laboratory management system (10)
- 81 CVE8 critCVSS 6.2Nuclei 1PoC 5альт сп 10 (72) · альт 8 сп (48)
- 79 CVE4 critCVSS 6.6KEV 2PoC 5android (57) · chrome (20) · chromecast firmware (1)
- 77 CVE10 critCVSS 7.2Nuclei 1PoC 19fedora (77) · sssd (1)
- 76 CVECVSS 5.6Nuclei 74PoC 76salon booking system (5) · smart forms (3) · woocommerce customers manager (3)
- 68 CVECVSS 6.2Nuclei 1PoC 2rosa virtualization 3.0 (54) · роса кобальт (12) · роса хром (6)
- 66 CVE12 critCVSS 7.2Nuclei 6PoC 13mlflow (6) · vyper (6) · scrapy (4)
- 64 CVE3 critCVSS 6.2Nuclei 4PoC 7github.com/mattermost/mattermost-server (6) · github.com/mattermost/mattermost/server/v8 (4) · github.com/alexxit/go2rtc (3)
- 62 CVE3 critCVSS 6.6Nuclei 1PoC 9fedora (62)
- 54 CVE3 critCVSS 8.7NEWPoC 37tenda w15e (10) · tenda ac500 (7) · tenda w30e (7)
- 51 CVECVSS 7.3PoC 2pdf editor (51) · pdf reader (51) · foxit reader (3)
- 50 CVE14 critCVSS 7.3KEV 1Nuclei 2PoC 4org.keycloak:keycloak-services (8) · org.apache.zeppelin:zeppelin-server (5) · org.xwiki.platform:xwiki-platform-oldcore (3)
- 45 CVECVSS 4.9Nuclei 2PoC 2active iq unified manager (35) · oncommand insight (34) · oncommand workflow automation (34)
- 42 CVECVSS 7.8PoC 2pdf reader (41) · pdf editor (39)
- 42 CVE3 critCVSS 6.4PoC 11centreon/centreon (6) · concrete5/concrete5 (5) · contao/core-bundle (4)
- 40 CVE1 critCVSS 6.1db2 for linux, unix and windows (6) · aspera faspex (6) · db2 (6)
- 40 CVECVSS 6.7NEWPoC 1red hat enterprise linux 9 (11) · red hat enterprise linux 8 (11) · red hat enterprise linux 7 (9)
- 35 CVE2 critCVSS 7.2harmonyos (35) · emui (33)
- 32 CVE4 critCVSS 8.0NEWavalanche (27) · connect secure (5) · policy secure (5)
- 32 CVECVSS 6.4NEWPoC 31junos (26) · junos os evolved (14) · juniper cloud native router (jcnr) (1)
- 32 CVE5 critCVSS 7.0Nuclei 1PoC 5mysql2 (4) · undici (2) · psitransfer (2)
- 31 CVECVSS 6.3NEWPoC 30junos (26) · junos os evolved (14) · paragon active assurance control center (1)
- 31 CVECVSS 6.3NEWPoC 30junos os (25) · junos os evolved (14) · junos (1)
- 31 CVE4 critCVSS 5.8PoC 29computer laboratory management system (14) · laundry shop management system (5) · warehouse management system (4)
- 29 CVE1 critCVSS 6.2experience manager (14) · adobe experience manager (14) · illustrator (4)
- 29 CVECVSS 6.0Nuclei 2PoC 3suse linux enterprise server (27) · suse linux enterprise server for sap applications (27) · suse linux enterprise desktop (25)
- 28 CVE1 critCVSS 6.3adobe experience manager (14) · animate (4) · illustrator 2023 (3)
- 27 CVE5 critCVSS 6.7KEV 1Nuclei 2PoC 2zeppelin (10) · http server (3) · cloudstack (3)
- 27 CVE5 critCVSS 6.6KEV 1Nuclei 2PoC 2apache zeppelin (9) · apache http server (3) · apache cloudstack (3)
- 26 CVECVSS 6.5NEWPoC 1brocade sannav (22) · fabric operating system (4)
- 25 CVECVSS 5.2NEWPoC 25church management system (9) · complete online student management system (6) · online student management system (6)
- 24 CVECVSS 6.5NEWbrocade sannav (21) · fabric os (2) · brocade sannav (1)
- 24 CVE3 critCVSS 7.4KEV 2PoC 5google chrome (20) · android (2) · nest wifi pro (1)
- 23 CVE6 critCVSS 7.1NEWPoC 17client management system (6) · cyber cafe management system (5) · student record system (3)
- 23 CVECVSS 7.7Nuclei 1PoC 2ос аврора (23)
- 22 CVECVSS 6.4KEV 2PoC 21adaptive security appliance software (3) · cisco telepresence management suite (tms) (3) · nexus dashboard (3)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 474 | 16 | · | 3 | Nuclei 3PoC 30 | linux (332) · debian gnu/linux (288) · xwiki platform (7) | — | |
| 2 | linux | 358 | · | · | · | PoC 2 | linux kernel (358) · linux (357) | — | |
| 3 | ооо «ред софт» | 333 | 10 | · | 2 | Nuclei 2PoC 15 | ред ос (333) | — | |
| 4 | ао "нппкт" | 279 | 7 | · | 2 | Nuclei 2PoC 11 | осон основа оnyx (279) | — | |
| 5 | ооо «русбитех-астра» | 213 | 7 | · | 3 | Nuclei 3PoC 17 | astra linux special edition (207) · astra linux common edition (38) · astra linux special edition для «эльбрус» (18) | — | |
| 6 | red hat inc. | 186 | 2 | · | 2 | Nuclei 2PoC 1 | red hat enterprise linux (170) · red hat software collections (5) · red hat ansible automation platform (5) | — | |
| 7 | microsoft corp | 175 | 2 | 1 | · | KEV 1PoC 9 | windows server 2022, 23h2 edition (server core installation) (87) · windows server 2022 (82) · windows server 2022 (server core installation) (82) | — | |
| 8 | microsoft | 152 | 1 | 1 | · | KEV 1PoC 3 | windows server 2022, 23h2 edition (server core installation) (85) · windows server 2022 23h2 (82) · windows server 2022 (80) | — | |
| 9 | oracle corp. | 135 | 5 | · | 1 | NEWNuclei 1PoC 2 | e-business suite (42) · oracle complex maintenance, repair, and overhaul (31) · mysql server (26) | — | |
| 10 | oracle | 133 | 5 | · | 1 | NEWNuclei 1PoC 1 | complex maintenance repair and overhaul (31) · vm virtualbox (13) · mysql server (13) | — | |
| 11 | oracle corporation | 133 | 5 | · | 1 | NEWNuclei 1PoC 1 | complex maintenance, repair, and overhaul (31) · mysql server (25) · vm virtualbox (13) | — | |
| 12 | debian | 124 | · | · | 1 | Nuclei 1PoC 6 | debian linux (123) · debian based gnu grub (1) | — | |
| 13 | canonical ltd. | 113 | 2 | · | 1 | Nuclei 1PoC 4 | ubuntu (112) · pebble (1) | — | |
| 14 | tenda | 102 | 7 | · | · | PoC 57 | w30e firmware (13) · w15e (13) · w15e firmware (13) | — | |
| 15 | sourcecodester | 87 | · | · | · | PoC 85 | online courseware (13) · aplaya beach resort online reservation system (11) · computer laboratory management system (10) | — | |
| 16 | ао «ивк» | 81 | 8 | · | 1 | Nuclei 1PoC 5 | альт сп 10 (72) · альт 8 сп (48) | — | |
| 17 | 79 | 4 | 2 | · | KEV 2PoC 5 | android (57) · chrome (20) · chromecast firmware (1) | — | ||
| 18 | fedoraproject | 77 | 10 | · | 1 | Nuclei 1PoC 19 | fedora (77) · sssd (1) | — | |
| 19 | unknown | 76 | · | · | 74 | Nuclei 74PoC 76 | salon booking system (5) · smart forms (3) · woocommerce customers manager (3) | — | |
| 20 | ао «нтц ит роса» | 68 | · | · | 1 | Nuclei 1PoC 2 | rosa virtualization 3.0 (54) · роса кобальт (12) · роса хром (6) | — | |
| 21 | pypi | 66 | 12 | · | 6 | Nuclei 6PoC 13 | mlflow (6) · vyper (6) · scrapy (4) | — | |
| 22 | go | 64 | 3 | · | 4 | Nuclei 4PoC 7 | github.com/mattermost/mattermost-server (6) · github.com/mattermost/mattermost/server/v8 (4) · github.com/alexxit/go2rtc (3) | — | |
| 23 | fedora project | 62 | 3 | · | 1 | Nuclei 1PoC 9 | fedora (62) | — | |
| 24 | shenzhen tenda technology co., ltd. | 54 | 3 | · | · | NEWPoC 37 | tenda w15e (10) · tenda ac500 (7) · tenda w30e (7) | — | |
| 25 | foxit | 51 | · | · | · | PoC 2 | pdf editor (51) · pdf reader (51) · foxit reader (3) | — | |
| 26 | maven | 50 | 14 | 1 | 2 | KEV 1Nuclei 2PoC 4 | org.keycloak:keycloak-services (8) · org.apache.zeppelin:zeppelin-server (5) · org.xwiki.platform:xwiki-platform-oldcore (3) | — | |
| 27 | netapp | 45 | · | · | 2 | Nuclei 2PoC 2 | active iq unified manager (35) · oncommand insight (34) · oncommand workflow automation (34) | — | |
| 28 | foxit software inc. | 42 | · | · | · | PoC 2 | pdf reader (41) · pdf editor (39) | — | |
| 29 | packagist | 42 | 3 | · | · | PoC 11 | centreon/centreon (6) · concrete5/concrete5 (5) · contao/core-bundle (4) | — | |
| 30 | ibm | 40 | 1 | · | · | db2 for linux, unix and windows (6) · aspera faspex (6) · db2 (6) | — | ||
| 31 | red hat | 40 | · | · | · | NEWPoC 1 | red hat enterprise linux 9 (11) · red hat enterprise linux 8 (11) · red hat enterprise linux 7 (9) | — | |
| 32 | huawei | 35 | 2 | · | · | harmonyos (35) · emui (33) | — | ||
| 33 | ivanti | 32 | 4 | · | · | NEW | avalanche (27) · connect secure (5) · policy secure (5) | — | |
| 34 | juniper networks inc. | 32 | · | · | · | NEWPoC 31 | junos (26) · junos os evolved (14) · juniper cloud native router (jcnr) (1) | — | |
| 35 | npm | 32 | 5 | · | 1 | Nuclei 1PoC 5 | mysql2 (4) · undici (2) · psitransfer (2) | — | |
| 36 | juniper | 31 | · | · | · | NEWPoC 30 | junos (26) · junos os evolved (14) · paragon active assurance control center (1) | — | |
| 37 | juniper networks | 31 | · | · | · | NEWPoC 30 | junos os (25) · junos os evolved (14) · junos (1) | — | |
| 38 | oretnom23 | 31 | 4 | · | · | PoC 29 | computer laboratory management system (14) · laundry shop management system (5) · warehouse management system (4) | — | |
| 39 | adobe | 29 | 1 | · | · | experience manager (14) · adobe experience manager (14) · illustrator (4) | — | ||
| 40 | novell inc. | 29 | · | · | 2 | Nuclei 2PoC 3 | suse linux enterprise server (27) · suse linux enterprise server for sap applications (27) · suse linux enterprise desktop (25) | — | |
| 41 | adobe systems inc. | 28 | 1 | · | · | adobe experience manager (14) · animate (4) · illustrator 2023 (3) | — | ||
| 42 | apache | 27 | 5 | 1 | 2 | KEV 1Nuclei 2PoC 2 | zeppelin (10) · http server (3) · cloudstack (3) | — | |
| 43 | apache software foundation | 27 | 5 | 1 | 2 | KEV 1Nuclei 2PoC 2 | apache zeppelin (9) · apache http server (3) · apache cloudstack (3) | — | |
| 44 | broadcom | 26 | · | · | · | NEWPoC 1 | brocade sannav (22) · fabric operating system (4) | — | |
| 45 | campcodes | 25 | · | · | · | NEWPoC 25 | church management system (9) · complete online student management system (6) · online student management system (6) | — | |
| 46 | brocade | 24 | · | · | · | NEW | brocade sannav (21) · fabric os (2) · brocade sannav (1) | — | |
| 47 | google inc | 24 | 3 | 2 | · | KEV 2PoC 5 | google chrome (20) · android (2) · nest wifi pro (1) | — | |
| 48 | phpgurukul | 23 | 6 | · | · | NEWPoC 17 | client management system (6) · cyber cafe management system (5) · student record system (3) | — | |
| 49 | ооо «открытая мобильная платформа» | 23 | · | · | 1 | Nuclei 1PoC 2 | ос аврора (23) | — | |
| 50 | cisco | 22 | · | 2 | · | KEV 2PoC 21 | adaptive security appliance software (3) · cisco telepresence management suite (tms) (3) · nexus dashboard (3) | — |