month report

September 2024

Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

September 2024 closed with 2,594 published CVEs — -9.4% YoY . 241 criticals, 25 added to CISA KEV (3 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: veeam at ×3.0 their 12-month median. Top weakness class — CWE-79 (414 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

2,594

-14.2% MoM-9.4% YoY

Severity mix

241 / 882

critical / high

KEV added

3 ransomware-linked

Nuclei coverage

15.2%

395 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

537.5

n=395

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=13

Detection gap

KEV pressure, no Nuclei coverage

September 2024 · vendors with active exploitation listed by CISA but no public detection template.

KEV 4microsoft corp100 CVE
KEV 4microsoft90 CVE

Weakness × Vendor

What's spreading where in September 2024

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

3.0×veeam18 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#18draytek38 CVE
#21open networking foundation (onf)37 CVE
#44gotenna19 CVE
#50veeam18 CVE
#51veeam software ag17 CVE
#60acquia13 CVE
#61mautic13 CVE
#69mindsdb12 CVE
#72planet12 CVE
#73planet technology12 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения·
366 CVE8 critCVSS 6.2
Nuclei 4PoC 26
linux (282) · debian gnu/linux (220) · mindsdb (6)
2linux↑1
277 CVECVSS 6.0
PoC 2
linux (277) · linux kernel (277)
3ооо «русбитех-астра»↑1
243 CVE7 critCVSS 6.4
Nuclei 1PoC 15
astra linux special edition (242) · astra linux common edition (23) · astra linux special edition для «эльбрус» (8)
4ао "нппкт"↑1
240 CVE5 critCVSS 6.3
Nuclei 1PoC 7
осон основа оnyx (240)
5ооо «ред софт»↓3
223 CVE4 critCVSS 6.3
Nuclei 1PoC 14
ред ос (216) · ред база данных (7)
6red hat inc.↑3
157 CVE7 critCVSS 6.2
Nuclei 1PoC 12
red hat enterprise linux (149) · openshift container platform (4) · red hat openstack platform (2)
7canonical ltd.↓1
130 CVECVSS 5.9
Nuclei 1PoC 4
ubuntu (129) · anbox cloud (1)
8microsoft corp↓1
100 CVE2 critCVSS 7.5
KEV 4PoC 5
windows server 2022 (38) · windows server 2022, 23h2 edition (server core installation) (38) · windows server 2016 (server core installation) (37)
9apple—
91 CVE2 critCVSS 5.7
macos (74) · iphone os (35) · ios and ipados (35)
10microsoft·
90 CVE3 critCVSS 7.6
KEV 4PoC 3
windows server 2016 (38) · windows server 2022 23h2 (38) · windows server 2022 (38)
11unknown↑11
78 CVE3 critCVSS 5.7
Nuclei 77PoC 76
wp multitasking (5) · music request manager (3) · starbox (2)
12ао «ивк»↑5
67 CVE2 critCVSS 6.8
PoC 9
альт сп 10 (53) · альт 8 сп (38)
13google↑2
60 CVE1 critCVSS 7.1
PoC 6
android (28) · chrome (26) · angularjs (2)
14pypi↑11
53 CVE8 critCVSS 7.2
Nuclei 4PoC 17
mindsdb (12) · micropython-copy (3) · micropython-io (3)
15sourcecodester↓7
50 CVECVSS 5.2
PoC 42
food ordering management system (6) · best house rental management system (6) · online railway reservation system (5)
16npm↑15
47 CVE2 critCVSS 6.3
PoC 9
lunary (4) · mattermost-desktop (3) · agnai (3)
17go↓3
40 CVE6 critCVSS 6.9
Nuclei 5PoC 5
github.com/nvidia/nvidia-container-toolkit (4) · github.com/zitadel/zitadel/v2 (3) · github.com/hashicorp/vault (2)
18draytek—
38 CVECVSS 7.5
NEW
vigor3910 firmware (36) · vigor 3910 (5) · vigor 2765 (2)
19maven↑19
38 CVE4 critCVSS 7.3
Nuclei 4PoC 6
org.keycloak:keycloak-services (6) · org.keycloak:keycloak-core (4) · org.xwiki.platform:xwiki-platform-notifications-ui (2)
20opennetworking—
37 CVECVSS 6.1
libfluid msg (37)
21open networking foundation (onf)—
37 CVECVSS 6.1
NEW
libfluid (37)
22packagist↓2
36 CVE1 critCVSS 6.3
Nuclei 2PoC 3
mautic/core (14) · mautic/core-lib (5) · concrete5/concrete5 (4)
23samsung↑6
36 CVECVSS 5.4
android (19) · exynos 1380 firmware (9) · exynos 850 firmware (9)
24cisco↑27
32 CVE1 critCVSS 7.2
KEV 1Nuclei 2PoC 30
cisco ios xe software (10) · ios xe (10) · ios xr (9)
25red hat↑35
31 CVE4 critCVSS 6.1
Nuclei 2PoC 10
red hat enterprise linux 10 (15) · red hat enterprise linux 8 (14) · red hat enterprise linux 9 (14)
26adobe↓15
28 CVE1 critCVSS 7.0
after effects (5) · media encoder (5) · illustrator (5)
27adobe systems inc.↓14
28 CVE1 critCVSS 7.1
adobe after effects (5) · illustrator 2024 (5) · illustrator 2023 (5)
28cisco systems inc.↑16
28 CVE1 critCVSS 7.2
KEV 1Nuclei 2PoC 28
cisco ios xr (8) · cisco ios xe (8) · cisco smart license utility (2)
29google inc↓10
28 CVE1 critCVSS 7.1
PoC 6
google chrome (25) · angularjs (2) · android studio (1)
30qnap—
26 CVECVSS 6.7
Nuclei 1
qts (16) · quts hero (15) · video station (2)
31qnap systems inc.—
26 CVECVSS 6.8
Nuclei 1
qts (16) · quts hero (16) · qutscloud (4)
32code-projects↑23
25 CVECVSS 6.3
Nuclei 3PoC 24
student record system (4) · blood bank system (4) · hospital management system (3)
33oretnom23↓21
25 CVE1 critCVSS 5.6
PoC 24
food ordering management system (6) · railway reservation system (5) · online eyewear shop (4)
34samsung mobile↓4
25 CVECVSS 5.3
samsung mobile devices (19) · samsung notes (4) · group sharing (1)
35ivanti↑33
24 CVE2 critCVSS 7.4
KEV 2Nuclei 1PoC 1
ivanti endpoint manager (16) · endpoint manager (16) · epm (11)
36intel corp.↓18
22 CVECVSS 5.8
intel raid web console (9) · intel xeon processor d family (7) · 3rd generation intel xeon scalable processor family (5)
37siemens↑5
22 CVE3 critCVSS 5.3
simatic rf360r (6) · simatic rf1140r firmware (6) · simatic rf1170r (6)
38gitlab↑24
21 CVE2 critCVSS 5.8
Nuclei 1PoC 7
gitlab (21)
39ibm↓5
21 CVE1 critCVSS 6.0
webmethods integration (3) · aspera faspex (3) · aspera console (2)
40qualcomm↓8
21 CVECVSS 7.5
fastconnect 7800 firmware (21) · wsa8835 firmware (21) · wcd9370 firmware (21)
41qualcomm, inc.↓8
21 CVECVSS 7.7
snapdragon (21)
42d-link corp.↓1
20 CVE10 critCVSS 8.8
Nuclei 1PoC 9
covr-x1870 (5) · dir-x4860 (5) · dir-x5460a1 (5)
43sap_se↑15
20 CVECVSS 4.7
sap netweaver application server for abap and abap platform (8) · sap business warehouse (bex analyzer) (1) · sap for oil & gas (1)
44gotenna—
19 CVECVSS 5.4
NEW
gotenna pro (10) · pro (10) · pro atak plugin (9)
45mayurik↑22
19 CVE5 critCVSS 6.6
PoC 17
best house rental management system (10) · advocate office management system (4) · modern loan management system (2)
46ао «нтц ит роса»↓25
19 CVE2 critCVSS 6.6
Nuclei 1PoC 4
rosa virtualization 3.0 (10) · роса хром (7) · роса кобальт (2)
47huawei↑38
18 CVECVSS 5.2
harmonyos (18) · emui (18)
48novell inc.↓11
18 CVE1 critCVSS 5.6
PoC 2
opensuse leap (14) · suse linux enterprise server for sap applications (11) · suse linux enterprise high performance computing (10)
49siemens ag↑4
18 CVE3 critCVSS 5.4
simatic rf166c (6) · simatic rf188c (6) · simatic rf188ci (6)
50veeam—
18 CVE3 critCVSS 8.0
NEW×3.0KEV 1Nuclei 1PoC 1
veeam backup \& replication (6) · backup and recovery (6) · one (6)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	366	8	·	4	Nuclei 4PoC 26	linux (282) · debian gnu/linux (220) · mindsdb (6)	·
2	linux	277	·	·	·	PoC 2	linux (277) · linux kernel (277)	↑1
3	ооо «русбитех-астра»	243	7	·	1	Nuclei 1PoC 15	astra linux special edition (242) · astra linux common edition (23) · astra linux special edition для «эльбрус» (8)	↑1
4	ао "нппкт"	240	5	·	1	Nuclei 1PoC 7	осон основа оnyx (240)	↑1
5	ооо «ред софт»	223	4	·	1	Nuclei 1PoC 14	ред ос (216) · ред база данных (7)	↓3
6	red hat inc.	157	7	·	1	Nuclei 1PoC 12	red hat enterprise linux (149) · openshift container platform (4) · red hat openstack platform (2)	↑3
7	canonical ltd.	130	·	·	1	Nuclei 1PoC 4	ubuntu (129) · anbox cloud (1)	↓1
8	microsoft corp	100	2	4	·	KEV 4PoC 5	windows server 2022 (38) · windows server 2022, 23h2 edition (server core installation) (38) · windows server 2016 (server core installation) (37)	↓1
9	apple	91	2	·	·		macos (74) · iphone os (35) · ios and ipados (35)	—
10	microsoft	90	3	4	·	KEV 4PoC 3	windows server 2016 (38) · windows server 2022 23h2 (38) · windows server 2022 (38)	·
11	unknown	78	3	·	77	Nuclei 77PoC 76	wp multitasking (5) · music request manager (3) · starbox (2)	↑11
12	ао «ивк»	67	2	·	·	PoC 9	альт сп 10 (53) · альт 8 сп (38)	↑5
13	google	60	1	·	·	PoC 6	android (28) · chrome (26) · angularjs (2)	↑2
14	pypi	53	8	·	4	Nuclei 4PoC 17	mindsdb (12) · micropython-copy (3) · micropython-io (3)	↑11
15	sourcecodester	50	·	·	·	PoC 42	food ordering management system (6) · best house rental management system (6) · online railway reservation system (5)	↓7
16	npm	47	2	·	·	PoC 9	lunary (4) · mattermost-desktop (3) · agnai (3)	↑15
17	go	40	6	·	5	Nuclei 5PoC 5	github.com/nvidia/nvidia-container-toolkit (4) · github.com/zitadel/zitadel/v2 (3) · github.com/hashicorp/vault (2)	↓3
18	draytek	38	·	·	·	NEW	vigor3910 firmware (36) · vigor 3910 (5) · vigor 2765 (2)	—
19	maven	38	4	·	4	Nuclei 4PoC 6	org.keycloak:keycloak-services (6) · org.keycloak:keycloak-core (4) · org.xwiki.platform:xwiki-platform-notifications-ui (2)	↑19
20	opennetworking	37	·	·	·		libfluid msg (37)	—
21	open networking foundation (onf)	37	·	·	·	NEW	libfluid (37)	—
22	packagist	36	1	·	2	Nuclei 2PoC 3	mautic/core (14) · mautic/core-lib (5) · concrete5/concrete5 (4)	↓2
23	samsung	36	·	·	·		android (19) · exynos 1380 firmware (9) · exynos 850 firmware (9)	↑6
24	cisco	32	1	1	2	KEV 1Nuclei 2PoC 30	cisco ios xe software (10) · ios xe (10) · ios xr (9)	↑27
25	red hat	31	4	·	2	Nuclei 2PoC 10	red hat enterprise linux 10 (15) · red hat enterprise linux 8 (14) · red hat enterprise linux 9 (14)	↑35
26	adobe	28	1	·	·		after effects (5) · media encoder (5) · illustrator (5)	↓15
27	adobe systems inc.	28	1	·	·		adobe after effects (5) · illustrator 2024 (5) · illustrator 2023 (5)	↓14
28	cisco systems inc.	28	1	1	2	KEV 1Nuclei 2PoC 28	cisco ios xr (8) · cisco ios xe (8) · cisco smart license utility (2)	↑16
29	google inc	28	1	·	·	PoC 6	google chrome (25) · angularjs (2) · android studio (1)	↓10
30	qnap	26	·	·	1	Nuclei 1	qts (16) · quts hero (15) · video station (2)	—
31	qnap systems inc.	26	·	·	1	Nuclei 1	qts (16) · quts hero (16) · qutscloud (4)	—
32	code-projects	25	·	·	3	Nuclei 3PoC 24	student record system (4) · blood bank system (4) · hospital management system (3)	↑23
33	oretnom23	25	1	·	·	PoC 24	food ordering management system (6) · railway reservation system (5) · online eyewear shop (4)	↓21
34	samsung mobile	25	·	·	·		samsung mobile devices (19) · samsung notes (4) · group sharing (1)	↓4
35	ivanti	24	2	2	1	KEV 2Nuclei 1PoC 1	ivanti endpoint manager (16) · endpoint manager (16) · epm (11)	↑33
36	intel corp.	22	·	·	·		intel raid web console (9) · intel xeon processor d family (7) · 3rd generation intel xeon scalable processor family (5)	↓18
37	siemens	22	3	·	·		simatic rf360r (6) · simatic rf1140r firmware (6) · simatic rf1170r (6)	↑5
38	gitlab	21	2	·	1	Nuclei 1PoC 7	gitlab (21)	↑24
39	ibm	21	1	·	·		webmethods integration (3) · aspera faspex (3) · aspera console (2)	↓5
40	qualcomm	21	·	·	·		fastconnect 7800 firmware (21) · wsa8835 firmware (21) · wcd9370 firmware (21)	↓8
41	qualcomm, inc.	21	·	·	·		snapdragon (21)	↓8
42	d-link corp.	20	10	·	1	Nuclei 1PoC 9	covr-x1870 (5) · dir-x4860 (5) · dir-x5460a1 (5)	↓1
43	sap_se	20	·	·	·		sap netweaver application server for abap and abap platform (8) · sap business warehouse (bex analyzer) (1) · sap for oil & gas (1)	↑15
44	gotenna	19	·	·	·	NEW	gotenna pro (10) · pro (10) · pro atak plugin (9)	—
45	mayurik	19	5	·	·	PoC 17	best house rental management system (10) · advocate office management system (4) · modern loan management system (2)	↑22
46	ао «нтц ит роса»	19	2	·	1	Nuclei 1PoC 4	rosa virtualization 3.0 (10) · роса хром (7) · роса кобальт (2)	↓25
47	huawei	18	·	·	·		harmonyos (18) · emui (18)	↑38
48	novell inc.	18	1	·	·	PoC 2	opensuse leap (14) · suse linux enterprise server for sap applications (11) · suse linux enterprise high performance computing (10)	↓11
49	siemens ag	18	3	·	·		simatic rf166c (6) · simatic rf188c (6) · simatic rf188ci (6)	↑4
50	veeam	18	3	1	1	NEW×3.0KEV 1Nuclei 1PoC 1	veeam backup \& replication (6) · backup and recovery (6) · one (6)	—