month report
October 2024
Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
October 2024 closed with 3,667 published CVEs — +32.7% YoY . 364 criticals, 17 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: cisco at ×4.9 their 12-month median. Top weakness class — CWE-79 (735 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
3,667
— MoM+32.7% YoY
Severity mix
364 / 1,290
critical / high
KEV added
17
4 ransomware-linked
Nuclei coverage
25.3%
926 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
505.3
n=926
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
3
n=17
Detection gap
KEV pressure, no Nuclei coverage
October 2024 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 3microsoft corp151 CVE
- KEV 3microsoft131 CVE
- KEV 1ооо «русбитех-астра»312 CVE
- KEV 1ао "нппкт"306 CVE
- KEV 1ао «ивк»130 CVE
- KEV 1cisco94 CVE
- KEV 1cisco systems inc.92 CVE
- KEV 1mozilla28 CVE
Weakness × Vendor
What's spreading where in October 2024
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS89SQL Injection416Use After Free862Missing Authorization476NULL Pointer Dereference787Out-of-bounds Write22Path Traversal434Unrestricted File Upload863Incorrect Authorization125Out-of-bounds Readсообщество свободного программного обеспечения11279298169217linux699811110ооо «русбитех-астра»24715414310ао "нппкт"250491238ооо «ред софт»24143144111canonical ltd.2151817red hat inc.227197412microsoft corp31192212microsoft41122212ао «ивк»18186217novell inc.7121112cisco184421122
Breakout vendors
CVE count ≥3× their own 12-period median.
- 4.9×cisco94 CVE
- 4.6×cisco systems inc.92 CVE
- 4.2×dlink55 CVE
- 4.2×d-link corp.54 CVE
- 3.7×novell inc.100 CVE
- 3.2×red hat inc.200 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #33draytek29 CVE
- #43esafenet24 CVE
- #47codezips21 CVE
- #52mitel17 CVE
- #58mitel networks corp.15 CVE
- #67gradio-app12 CVE
- #68gradio project12 CVE
- #86palo alto networks10 CVE
- #87paloaltonetworks9 CVE
- #88palo alto networks inc.9 CVE
Top vendors
Ranked by distinct CVE count this period.
- 542 CVE19 critCVSS 6.3KEV 2Nuclei 5PoC 30linux (419) · debian gnu/linux (365) · ollama (4)
- 415 CVE1 critCVSS 6.1linux (415) · linux kernel (415)
- 312 CVE7 critCVSS 6.4KEV 1PoC 7astra linux special edition (308) · astra linux common edition (52) · astra linux special edition для «эльбрус» (5)
- 306 CVE7 critCVSS 6.3KEV 1PoC 9осон основа оnyx (306)
- 302 CVE6 critCVSS 6.2KEV 1Nuclei 2PoC 16ред ос (302)
- 234 CVECVSS 6.0PoC 4ubuntu (229) · juju (3) · authd (2)
- 200 CVE5 critCVSS 6.1×3.2Nuclei 1PoC 5red hat enterprise linux (181) · red hat satellite (5) · red hat 3scale api management platform (5)
- 151 CVE2 critCVSS 7.5KEV 3PoC 5windows server 2022, 23h2 edition (server core installation) (87) · windows server 2019 (80) · windows server 2019 (server core installation) (80)
- 131 CVE2 critCVSS 7.4KEV 3PoC 2windows server 2022, 23h2 edition (server core installation) (87) · windows server 2022 23h2 (87) · windows server 2019 (80)
- 130 CVE2 critCVSS 5.9KEV 1PoC 2альт 8 сп (109) · альт сп 10 (45)
- 100 CVE1 critCVSS 5.7×3.7PoC 1opensuse leap (82) · suse linux enterprise desktop (76) · suse linux enterprise server for sap applications (76)
- 94 CVE4 critCVSS 6.7×4.9KEV 1PoC 94secure firewall management center (25) · cisco firepower threat defense software (25) · cisco firepower management center (24)
- 92 CVE4 critCVSS 6.6×4.6KEV 1PoC 92firepower threat defense (24) · cisco firepower management center (20) · adaptive security appliance (19)
- 88 CVE2 critCVSS 6.1mysql server (25) · e-business suite (17) · weblogic server (5)
- 85 CVE2 critCVSS 5.6mysql (28) · e-business suite (13) · jre (5)
- 85 CVE2 critCVSS 5.8mysql server (25) · oracle weblogic server (5) · oracle java se (5)
- 84 CVE3 critCVSS 6.0macos (67) · ios and ipados (41) · iphone os (40)
- 72 CVE4 critCVSS 7.2PoC 3android (49) · chrome (21) · migrate to containers (1)
- 72 CVE4 critCVSS 5.9Nuclei 1PoC 9magento/community-edition (20) · funadmin/funadmin (11) · librenms/librenms (6)
- 65 CVE4 critCVSS 6.5Nuclei 3PoC 4github.com/rancher/rancher (6) · github.com/juju/juju (6) · github.com/mattermost/mattermost/server/v8 (5)
- 55 CVE2 critCVSS 8.4×4.2PoC 40dir-605l firmware (21) · dir-619l firmware (18) · dir-882 firmware (10)
- 54 CVE1 critCVSS 6.1commerce b2b (22) · adobe commerce (22) · magento (22)
- 54 CVE1 critCVSS 6.1adobe commerce b2b (22) · adobe commerce (22) · magento open source (22)
- 54 CVE2 critCVSS 8.4×4.2PoC 39dir-605l (21) · dir-619l (18) · dir-882 (10)
- 53 CVE9 critCVSS 6.9Nuclei 2PoC 10@saltcorn/server (5) · dompurify (2) · @openc3/tool-common (2)
- 45 CVE8 critCVSS 6.9PoC 11gradio (13) · open-webui (3) · openc3 (3)
- 44 CVE7 critCVSS 7.0Nuclei 3PoC 4com.liferay.portal:release.portal.bom (5) · com.liferay.portal:release.dxp.bom (5) · org.openrefine:openrefine (4)
- 42 CVECVSS 5.6PoC 42pharmacy management system (14) · blood bank management system (10) · blood bank system (9)
- 40 CVECVSS 8.6PoC 37dir-605l (21) · dir-619l b1 (18) · dsl-2750u (1)
- 40 CVE4 critCVSS 5.9PoC 28boat booking system (11) · medical card generation system (6) · user registration \& login and user management system (5)
- 33 CVE3 critCVSS 5.9tecnomatix plant simulation (14) · teamcenter visualization v2312 (14) · teamcenter visualization v14.3 (14)
- 30 CVECVSS 5.7PoC 27online eyewear shop (7) · petrol pump management software (5) · online hotel reservation system (3)
- 29 CVE6 critCVSS 7.4NEWPoC 3vigor 2866 (14) · vigor 2620 (14) · vigor 2865 (14)
- 29 CVE1 critCVSS 7.8ос аврора (29)
- 28 CVE1 critCVSS 7.3PoC 3google chrome (22) · android studio (3) · kubernetes image builder (2)
- 28 CVECVSS 6.6PoC 28junos os evolved (17) · junos (16) · junos containerized routing protocol daemon (1)
- 28 CVECVSS 6.7PoC 28junos os evolved (18) · junos os (17) · junos space (1)
- 28 CVECVSS 6.7PoC 28junos os evolved (18) · junos (17) · junos space (1)
- 28 CVE5 critCVSS 7.4KEV 1firefox (27) · thunderbird (23) · firefox esr (21)
- 27 CVE5 critCVSS 7.5KEV 1firefox (26) · thunderbird (22) · firefox esr (20)
- 25 CVE2 critCVSS 5.6PoC 1teamcenter visualization (13) · tecnomatix plant simulation (13) · sinec security monitor (4)
- 24 CVECVSS 7.8autocad architecture (22) · civil 3d (22) · advance steel (22)
- 24 CVECVSS 6.2NEWPoC 23cdg (24)
- 23 CVECVSS 6.7Nuclei 1red hat enterprise linux 9 (11) · red hat enterprise linux 8 (11) · red hat enterprise linux 10 (9)
- 23 CVECVSS 6.3PoC 3роса хром (10) · роса кобальт (10) · rosa virtualization 3.0 (5)
- 22 CVECVSS 5.9fedora (22)
- 21 CVECVSS 6.9NEWPoC 20sales management system (6) · pet shop management system (6) · online shopping portal (2)
- 20 CVECVSS 7.8autocad (20) · autocad architecture (20) · autocad electrical (20)
- 20 CVE1 critCVSS 7.8KEV 1wsa8835 firmware (14) · wsa8830 firmware (14) · qca6698aq firmware (12)
- 20 CVE1 critCVSS 7.5KEV 1snapdragon (20)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 542 | 19 | 2 | 5 | KEV 2Nuclei 5PoC 30 | linux (419) · debian gnu/linux (365) · ollama (4) | — | |
| 2 | linux | 415 | 1 | · | · | linux (415) · linux kernel (415) | — | ||
| 3 | ооо «русбитех-астра» | 312 | 7 | 1 | · | KEV 1PoC 7 | astra linux special edition (308) · astra linux common edition (52) · astra linux special edition для «эльбрус» (5) | — | |
| 4 | ао "нппкт" | 306 | 7 | 1 | · | KEV 1PoC 9 | осон основа оnyx (306) | — | |
| 5 | ооо «ред софт» | 302 | 6 | 1 | 2 | KEV 1Nuclei 2PoC 16 | ред ос (302) | — | |
| 6 | canonical ltd. | 234 | · | · | · | PoC 4 | ubuntu (229) · juju (3) · authd (2) | — | |
| 7 | red hat inc. | 200 | 5 | · | 1 | ×3.2Nuclei 1PoC 5 | red hat enterprise linux (181) · red hat satellite (5) · red hat 3scale api management platform (5) | — | |
| 8 | microsoft corp | 151 | 2 | 3 | · | KEV 3PoC 5 | windows server 2022, 23h2 edition (server core installation) (87) · windows server 2019 (80) · windows server 2019 (server core installation) (80) | — | |
| 9 | microsoft | 131 | 2 | 3 | · | KEV 3PoC 2 | windows server 2022, 23h2 edition (server core installation) (87) · windows server 2022 23h2 (87) · windows server 2019 (80) | — | |
| 10 | ао «ивк» | 130 | 2 | 1 | · | KEV 1PoC 2 | альт 8 сп (109) · альт сп 10 (45) | — | |
| 11 | novell inc. | 100 | 1 | · | · | ×3.7PoC 1 | opensuse leap (82) · suse linux enterprise desktop (76) · suse linux enterprise server for sap applications (76) | — | |
| 12 | cisco | 94 | 4 | 1 | · | ×4.9KEV 1PoC 94 | secure firewall management center (25) · cisco firepower threat defense software (25) · cisco firepower management center (24) | — | |
| 13 | cisco systems inc. | 92 | 4 | 1 | · | ×4.6KEV 1PoC 92 | firepower threat defense (24) · cisco firepower management center (20) · adaptive security appliance (19) | — | |
| 14 | oracle corp. | 88 | 2 | · | · | mysql server (25) · e-business suite (17) · weblogic server (5) | — | ||
| 15 | oracle | 85 | 2 | · | · | mysql (28) · e-business suite (13) · jre (5) | — | ||
| 16 | oracle corporation | 85 | 2 | · | · | mysql server (25) · oracle weblogic server (5) · oracle java se (5) | — | ||
| 17 | apple | 84 | 3 | · | · | macos (67) · ios and ipados (41) · iphone os (40) | — | ||
| 18 | 72 | 4 | · | · | PoC 3 | android (49) · chrome (21) · migrate to containers (1) | — | ||
| 19 | packagist | 72 | 4 | · | 1 | Nuclei 1PoC 9 | magento/community-edition (20) · funadmin/funadmin (11) · librenms/librenms (6) | — | |
| 20 | go | 65 | 4 | · | 3 | Nuclei 3PoC 4 | github.com/rancher/rancher (6) · github.com/juju/juju (6) · github.com/mattermost/mattermost/server/v8 (5) | — | |
| 21 | dlink | 55 | 2 | · | · | ×4.2PoC 40 | dir-605l firmware (21) · dir-619l firmware (18) · dir-882 firmware (10) | — | |
| 22 | adobe | 54 | 1 | · | · | commerce b2b (22) · adobe commerce (22) · magento (22) | — | ||
| 23 | adobe systems inc. | 54 | 1 | · | · | adobe commerce b2b (22) · adobe commerce (22) · magento open source (22) | — | ||
| 24 | d-link corp. | 54 | 2 | · | · | ×4.2PoC 39 | dir-605l (21) · dir-619l (18) · dir-882 (10) | — | |
| 25 | npm | 53 | 9 | · | 2 | Nuclei 2PoC 10 | @saltcorn/server (5) · dompurify (2) · @openc3/tool-common (2) | — | |
| 26 | pypi | 45 | 8 | · | · | PoC 11 | gradio (13) · open-webui (3) · openc3 (3) | — | |
| 27 | maven | 44 | 7 | · | 3 | Nuclei 3PoC 4 | com.liferay.portal:release.portal.bom (5) · com.liferay.portal:release.dxp.bom (5) · org.openrefine:openrefine (4) | — | |
| 28 | code-projects | 42 | · | · | · | PoC 42 | pharmacy management system (14) · blood bank management system (10) · blood bank system (9) | — | |
| 29 | d-link | 40 | · | · | · | PoC 37 | dir-605l (21) · dir-619l b1 (18) · dsl-2750u (1) | — | |
| 30 | phpgurukul | 40 | 4 | · | · | PoC 28 | boat booking system (11) · medical card generation system (6) · user registration \& login and user management system (5) | — | |
| 31 | siemens | 33 | 3 | · | · | tecnomatix plant simulation (14) · teamcenter visualization v2312 (14) · teamcenter visualization v14.3 (14) | — | ||
| 32 | sourcecodester | 30 | · | · | · | PoC 27 | online eyewear shop (7) · petrol pump management software (5) · online hotel reservation system (3) | — | |
| 33 | draytek | 29 | 6 | · | · | NEWPoC 3 | vigor 2866 (14) · vigor 2620 (14) · vigor 2865 (14) | — | |
| 34 | ооо «открытая мобильная платформа» | 29 | 1 | · | · | ос аврора (29) | — | ||
| 35 | google inc | 28 | 1 | · | · | PoC 3 | google chrome (22) · android studio (3) · kubernetes image builder (2) | — | |
| 36 | juniper | 28 | · | · | · | PoC 28 | junos os evolved (17) · junos (16) · junos containerized routing protocol daemon (1) | — | |
| 37 | juniper networks | 28 | · | · | · | PoC 28 | junos os evolved (18) · junos os (17) · junos space (1) | — | |
| 38 | juniper networks inc. | 28 | · | · | · | PoC 28 | junos os evolved (18) · junos (17) · junos space (1) | — | |
| 39 | mozilla | 28 | 5 | 1 | · | KEV 1 | firefox (27) · thunderbird (23) · firefox esr (21) | — | |
| 40 | mozilla corp. | 27 | 5 | 1 | · | KEV 1 | firefox (26) · thunderbird (22) · firefox esr (20) | — | |
| 41 | siemens ag | 25 | 2 | · | · | PoC 1 | teamcenter visualization (13) · tecnomatix plant simulation (13) · sinec security monitor (4) | — | |
| 42 | autodesk | 24 | · | · | · | autocad architecture (22) · civil 3d (22) · advance steel (22) | — | ||
| 43 | esafenet | 24 | · | · | · | NEWPoC 23 | cdg (24) | — | |
| 44 | red hat | 23 | · | · | 1 | Nuclei 1 | red hat enterprise linux 9 (11) · red hat enterprise linux 8 (11) · red hat enterprise linux 10 (9) | — | |
| 45 | ао «нтц ит роса» | 23 | · | · | · | PoC 3 | роса хром (10) · роса кобальт (10) · rosa virtualization 3.0 (5) | — | |
| 46 | fedora project | 22 | · | · | · | fedora (22) | — | ||
| 47 | codezips | 21 | · | · | · | NEWPoC 20 | sales management system (6) · pet shop management system (6) · online shopping portal (2) | — | |
| 48 | autodesk inc. | 20 | · | · | · | autocad (20) · autocad architecture (20) · autocad electrical (20) | — | ||
| 49 | qualcomm | 20 | 1 | 1 | · | KEV 1 | wsa8835 firmware (14) · wsa8830 firmware (14) · qca6698aq firmware (12) | — | |
| 50 | qualcomm, inc. | 20 | 1 | 1 | · | KEV 1 | snapdragon (20) | — |