month report

May 2024

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

May 2024 closed with 5,418 published CVEs. 378 criticals, 14 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Top weakness class — CWE-79 (669 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

5,418

— MoM— YoY

Severity mix

378 / 1,867

critical / high

KEV added

4 ransomware-linked

Nuclei coverage

16.4%

889 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

664.7

n=889

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=13

Detection gap

KEV pressure, no Nuclei coverage

May 2024 · vendors with active exploitation listed by CISA but no public detection template.

KEV 4fedoraproject86 CVE
KEV 4google55 CVE
KEV 4google inc28 CVE
KEV 3microsoft corp81 CVE
KEV 2microsoft62 CVE

Weakness × Vendor

What's spreading where in May 2024

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#10d-link corp.217 CVE
#11d-link209 CVE
#14campcodes136 CVE
#15pdf-xchange101 CVE
#20kofax74 CVE
#21tungstenautomation74 CVE
#28siemens55 CVE
#29siemens ag54 CVE
#41ashlar38 CVE
#42ashlar-vellum38 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
1,244 CVE34 critCVSS 6.2
KEV 1Nuclei 4PoC 23
linux (1099) · debian gnu/linux (673) · bluez (7)
2linux—
1,074 CVE13 critCVSS 6.1
PoC 1
linux kernel (1074) · linux (1072) · kernel (1)
3ооо «ред софт»—
743 CVE28 critCVSS 6.4
KEV 4Nuclei 2PoC 16
ред ос (743)
4ао "нппкт"—
531 CVE18 critCVSS 6.3
KEV 4Nuclei 2PoC 14
осон основа оnyx (531)
5canonical ltd.—
498 CVE3 critCVSS 6.0
Nuclei 1PoC 4
ubuntu (497) · snapd (1)
6ооо «русбитех-астра»—
467 CVE20 critCVSS 6.4
KEV 4Nuclei 2PoC 19
astra linux special edition (453) · astra linux common edition (61) · astra linux special edition для «эльбрус» (26)
7red hat inc.—
423 CVE9 critCVSS 6.0
Nuclei 1PoC 6
red hat enterprise linux (414) · red hat satellite (4) · red hat developer hub (2)
8packagist—
323 CVE8 critCVSS 6.6
Nuclei 2PoC 11
silverstripe/framework (50) · typo3/cms-core (33) · moodle/moodle (14)
9dlink—
219 CVE6 critCVSS 8.2
Nuclei 1PoC 10
dap-2622 firmware (54) · dap-1325 firmware (36) · dir-x3260 firmware (23)
10d-link corp.—
217 CVE6 critCVSS 8.2
NEWNuclei 1PoC 9
dap-2622 (54) · dap-1325 (36) · dir-x3260 (23)
11d-link—
209 CVE5 critCVSS 8.3
NEWPoC 4
dap-2622 (54) · dap-1325 (36) · dir-x3260 (23)
12debian—
189 CVE3 critCVSS 6.2
Nuclei 1PoC 3
debian linux (189)
13ао «нтц ит роса»—
144 CVE5 critCVSS 6.2
PoC 2
rosa virtualization 3.0 (142) · роса кобальт (3) · rosa virtualization (2)
14campcodes—
136 CVE16 critCVSS 5.1
NEWPoC 115
complete web-based school management system (104) · legal case management system (15) · online laundry management system (9)
15pdf-xchange—
101 CVECVSS 7.0
NEW
pdf-xchange editor (101) · pdf-tools (99)
16fedoraproject—
86 CVE9 critCVSS 7.0
KEV 4PoC 16
fedora (86)
17microsoft corp—
81 CVE1 critCVSS 7.3
KEV 3PoC 5
windows server 2022 (server core installation) (45) · windows server 2022 (45) · windows server 2019 (44)
18foxit—
76 CVECVSS 6.5
PoC 1
pdf editor (76) · pdf reader (76) · foxit reader (1)
19unknown—
75 CVE2 critCVSS 6.0
Nuclei 74PoC 74
business card (4) · newsletter popup (4) · hl twitter (3)
20kofax—
74 CVECVSS 7.0
NEW
power pdf (74)
21tungstenautomation—
74 CVECVSS 7.0
NEW
power pdf (74)
22ао «ивк»—
69 CVE1 critCVSS 6.7
Nuclei 2PoC 1
альт сп 10 (50) · альт 8 сп (31)
23pypi—
65 CVE6 critCVSS 6.6
Nuclei 2PoC 8
ryu (6) · ait-core (5) · scrapy (4)
24fedora project—
64 CVE1 critCVSS 6.3
PoC 6
fedora (62) · 389 directory server (2)
25sourcecodester—
63 CVECVSS 6.0
PoC 62
simple online bidding system (9) · event registration system (7) · best house rental management system (6)
26microsoft—
62 CVECVSS 7.3
KEV 2
windows server 2022 (45) · windows server 2019 (44) · windows server 2019 (server core installation) (44)
27google—
55 CVE4 critCVSS 7.6
KEV 4PoC 9
android (25) · chrome (25) · tink c\+\+ (1)
28siemens—
55 CVE6 critCVSS 7.3
NEW
simcenter femap (12) · ps\/iges parasolid translator (11) · simatic rtls locating manager (11)
29siemens ag—
54 CVE6 critCVSS 7.3
NEW
parasolid translator (11) · simatic rtls (6gt2780-1ea30) (10) · simatic rtls (6gt2780-1ea20) (10)
30ibm—
53 CVE1 critCVSS 5.9
PoC 1
cognos controller (10) · app connect enterprise (6) · security guardium (5)
31foxit software inc.—
51 CVECVSS 7.5
pdf reader (50) · pdf editor (48)
32ооо «открытая мобильная платформа»—
49 CVE2 critCVSS 7.9
ос аврора (49)
33novell inc.—
47 CVE2 critCVSS 6.6
Nuclei 1PoC 4
suse linux enterprise server for sap applications (41) · suse linux enterprise server (40) · suse linux enterprise desktop (38)
34oretnom23—
47 CVE2 critCVSS 6.0
PoC 43
simple online bidding system (9) · event registration system (7) · human resource management system (6)
35adobe—
45 CVECVSS 7.2
acrobat (20) · acrobat dc (20) · acrobat reader (20)
36adobe systems inc.—
45 CVECVSS 7.3
adobe acrobat document cloud (20) · adobe acrobat reader 2020 (20) · adobe acrobat 2020 (20)
37go—
45 CVE2 critCVSS 6.5
Nuclei 1PoC 5
github.com/stacklok/minder (4) · github.com/layer5io/meshery (2) · github.com/pterodactyl/wings (2)
38intel—
45 CVECVSS 7.0
power gadget (11) · ethernet controller i225-lm firmware (9) · ethernet adapter complete driver (9)
39totolink—
42 CVE10 critCVSS 7.9
Nuclei 1PoC 18
cp450 firmware (17) · cp450 (15) · x5000r firmware (8)
40npm—
40 CVE4 critCVSS 7.2
Nuclei 4PoC 11
nocodb (3) · directus (2) · libxmljs2 (2)
41ashlar—
38 CVECVSS 8.0
NEW
cobalt (32) · graphite (3) · lithium (1)
42ashlar-vellum—
38 CVECVSS 8.0
NEW
cobalt (32) · graphite (3) · argon (1)
43netgear—
38 CVE2 critCVSS 8.1
NEW
rax30 (16) · rax30 firmware (16) · prosafe network management system (nms300) (15)
44tracker software products ltd.—
37 CVECVSS 7.6
NEW
pdf-xchange editor (23) · pdf-xchange (14) · pdf-tools (10)
45hdfgroup—
34 CVE8 critCVSS 7.9
NEW
hdf5 (34)
46the hdf group—
33 CVE8 critCVSS 8.0
NEW
hdf5 (33)
47maven—
29 CVE5 critCVSS 7.0
Nuclei 2PoC 1
org.bouncycastle:bcprov-jdk18on (4) · org.bouncycastle:bcprov-jdk15to18 (4) · org.bouncycastle:bcprov-jdk14 (4)
48apple—
28 CVE1 critCVSS 5.9
PoC 2
macos (23) · ipados (15) · iphone os (15)
49google inc—
28 CVE4 critCVSS 8.2
KEV 4PoC 11
google chrome (25) · protobuf (1) · android (1)
50hewlett packard enterprise (hpe)—
28 CVE12 critCVSS 7.6
NEWPoC 1
aos-8 instant and aos-10 ap (18) · aruba mobility conductor (formerly mobility master); aruba mobility controllers; wlan gateways and sd-wan gateways managed by aruba central (10)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	1,244	34	1	4	KEV 1Nuclei 4PoC 23	linux (1099) · debian gnu/linux (673) · bluez (7)	—
2	linux	1,074	13	·	·	PoC 1	linux kernel (1074) · linux (1072) · kernel (1)	—
3	ооо «ред софт»	743	28	4	2	KEV 4Nuclei 2PoC 16	ред ос (743)	—
4	ао "нппкт"	531	18	4	2	KEV 4Nuclei 2PoC 14	осон основа оnyx (531)	—
5	canonical ltd.	498	3	·	1	Nuclei 1PoC 4	ubuntu (497) · snapd (1)	—
6	ооо «русбитех-астра»	467	20	4	2	KEV 4Nuclei 2PoC 19	astra linux special edition (453) · astra linux common edition (61) · astra linux special edition для «эльбрус» (26)	—
7	red hat inc.	423	9	·	1	Nuclei 1PoC 6	red hat enterprise linux (414) · red hat satellite (4) · red hat developer hub (2)	—
8	packagist	323	8	·	2	Nuclei 2PoC 11	silverstripe/framework (50) · typo3/cms-core (33) · moodle/moodle (14)	—
9	dlink	219	6	·	1	Nuclei 1PoC 10	dap-2622 firmware (54) · dap-1325 firmware (36) · dir-x3260 firmware (23)	—
10	d-link corp.	217	6	·	1	NEWNuclei 1PoC 9	dap-2622 (54) · dap-1325 (36) · dir-x3260 (23)	—
11	d-link	209	5	·	·	NEWPoC 4	dap-2622 (54) · dap-1325 (36) · dir-x3260 (23)	—
12	debian	189	3	·	1	Nuclei 1PoC 3	debian linux (189)	—
13	ао «нтц ит роса»	144	5	·	·	PoC 2	rosa virtualization 3.0 (142) · роса кобальт (3) · rosa virtualization (2)	—
14	campcodes	136	16	·	·	NEWPoC 115	complete web-based school management system (104) · legal case management system (15) · online laundry management system (9)	—
15	pdf-xchange	101	·	·	·	NEW	pdf-xchange editor (101) · pdf-tools (99)	—
16	fedoraproject	86	9	4	·	KEV 4PoC 16	fedora (86)	—
17	microsoft corp	81	1	3	·	KEV 3PoC 5	windows server 2022 (server core installation) (45) · windows server 2022 (45) · windows server 2019 (44)	—
18	foxit	76	·	·	·	PoC 1	pdf editor (76) · pdf reader (76) · foxit reader (1)	—
19	unknown	75	2	·	74	Nuclei 74PoC 74	business card (4) · newsletter popup (4) · hl twitter (3)	—
20	kofax	74	·	·	·	NEW	power pdf (74)	—
21	tungstenautomation	74	·	·	·	NEW	power pdf (74)	—
22	ао «ивк»	69	1	·	2	Nuclei 2PoC 1	альт сп 10 (50) · альт 8 сп (31)	—
23	pypi	65	6	·	2	Nuclei 2PoC 8	ryu (6) · ait-core (5) · scrapy (4)	—
24	fedora project	64	1	·	·	PoC 6	fedora (62) · 389 directory server (2)	—
25	sourcecodester	63	·	·	·	PoC 62	simple online bidding system (9) · event registration system (7) · best house rental management system (6)	—
26	microsoft	62	·	2	·	KEV 2	windows server 2022 (45) · windows server 2019 (44) · windows server 2019 (server core installation) (44)	—
27	google	55	4	4	·	KEV 4PoC 9	android (25) · chrome (25) · tink c\+\+ (1)	—
28	siemens	55	6	·	·	NEW	simcenter femap (12) · ps\/iges parasolid translator (11) · simatic rtls locating manager (11)	—
29	siemens ag	54	6	·	·	NEW	parasolid translator (11) · simatic rtls (6gt2780-1ea30) (10) · simatic rtls (6gt2780-1ea20) (10)	—
30	ibm	53	1	·	·	PoC 1	cognos controller (10) · app connect enterprise (6) · security guardium (5)	—
31	foxit software inc.	51	·	·	·		pdf reader (50) · pdf editor (48)	—
32	ооо «открытая мобильная платформа»	49	2	·	·		ос аврора (49)	—
33	novell inc.	47	2	·	1	Nuclei 1PoC 4	suse linux enterprise server for sap applications (41) · suse linux enterprise server (40) · suse linux enterprise desktop (38)	—
34	oretnom23	47	2	·	·	PoC 43	simple online bidding system (9) · event registration system (7) · human resource management system (6)	—
35	adobe	45	·	·	·		acrobat (20) · acrobat dc (20) · acrobat reader (20)	—
36	adobe systems inc.	45	·	·	·		adobe acrobat document cloud (20) · adobe acrobat reader 2020 (20) · adobe acrobat 2020 (20)	—
37	go	45	2	·	1	Nuclei 1PoC 5	github.com/stacklok/minder (4) · github.com/layer5io/meshery (2) · github.com/pterodactyl/wings (2)	—
38	intel	45	·	·	·		power gadget (11) · ethernet controller i225-lm firmware (9) · ethernet adapter complete driver (9)	—
39	totolink	42	10	·	1	Nuclei 1PoC 18	cp450 firmware (17) · cp450 (15) · x5000r firmware (8)	—
40	npm	40	4	·	4	Nuclei 4PoC 11	nocodb (3) · directus (2) · libxmljs2 (2)	—
41	ashlar	38	·	·	·	NEW	cobalt (32) · graphite (3) · lithium (1)	—
42	ashlar-vellum	38	·	·	·	NEW	cobalt (32) · graphite (3) · argon (1)	—
43	netgear	38	2	·	·	NEW	rax30 (16) · rax30 firmware (16) · prosafe network management system (nms300) (15)	—
44	tracker software products ltd.	37	·	·	·	NEW	pdf-xchange editor (23) · pdf-xchange (14) · pdf-tools (10)	—
45	hdfgroup	34	8	·	·	NEW	hdf5 (34)	—
46	the hdf group	33	8	·	·	NEW	hdf5 (33)	—
47	maven	29	5	·	2	Nuclei 2PoC 1	org.bouncycastle:bcprov-jdk18on (4) · org.bouncycastle:bcprov-jdk15to18 (4) · org.bouncycastle:bcprov-jdk14 (4)	—
48	apple	28	1	·	·	PoC 2	macos (23) · ipados (15) · iphone os (15)	—
49	google inc	28	4	4	·	KEV 4PoC 11	google chrome (25) · protobuf (1) · android (1)	—
50	hewlett packard enterprise (hpe)	28	12	·	·	NEWPoC 1	aos-8 instant and aos-10 ap (18) · aruba mobility conductor (formerly mobility master); aruba mobility controllers; wlan gateways and sd-wan gateways managed by aruba central (10)	—