CVE Tools
Sign in
month report

November 2024

Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

November 2024 closed with 4,154 published CVEs+62.3% YoY . 348 criticals, 22 added to CISA KEV (5 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: irfanview at ×17.4 their 12-month median. Top weakness class — CWE-79 (824 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
4,154
— MoM+62.3% YoY
Severity mix
348 / 1,472
critical / high
KEV added
22
5 ransomware-linked
Nuclei coverage
26.1%
1,083 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
475.7
n=1,083
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
6
n=15
Detection gap

KEV pressure, no Nuclei coverage

November 2024 · vendors with active exploitation listed by CISA but no public detection template.

Weakness × Vendor

What's spreading where in November 2024

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS862Missing Authorization89SQL Injection787Out-of-bounds Write125Out-of-bounds Read78OS Command Injection22Path Traversal120Buffer Overflow74Injection352CSRFсообщество свободного программного обеспечения61113233542linux10183ооо «русбитех-астра»611017242ооо «ред софт»14347132342ао "нппкт"77162canonical ltd.171623google611372611red hat inc.2413231microsoft corp57cisco21224721cisco systems inc.21224721microsoft27

Breakout vendors

CVE count ≥3× their own 12-period median.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1сообщество свободного программного обеспечения
    375 CVE12 critCVSS 6.2
    KEV 4Nuclei 3PoC 17
    linux (281) · debian gnu/linux (212) · needrestart (4)
  • 2linux
    279 CVECVSS 6.0
    KEV 1PoC 1
    linux kernel (279) · linux (274)
  • 3ооо «русбитех-астра»
    263 CVE12 critCVSS 6.3
    KEV 3Nuclei 1PoC 14
    astra linux special edition (261) · astra linux common edition (51) · astra linux special edition для «эльбрус» (2)
  • 4ооо «ред софт»
    246 CVE11 critCVSS 6.2
    KEV 1Nuclei 3PoC 17
    ред ос (241) · ред база данных (5)
  • 5ао "нппкт"
    218 CVE8 critCVSS 6.4
    KEV 3PoC 6
    осон основа оnyx (218)
  • 6canonical ltd.
    165 CVE2 critCVSS 6.2
    KEV 2PoC 5
    ubuntu (164) · ubuntu's pulseaudio (1)
  • 7google
    133 CVE5 critCVSS 7.2
    KEV 2PoC 2
    android (117) · chrome (13) · andrioid (2)
  • 8red hat inc.
    128 CVE2 critCVSS 6.5
    KEV 3PoC 5
    red hat enterprise linux (114) · red hat build of keycloak (4) · red hat openshift container platform (4)
  • 9microsoft corp
    104 CVE5 critCVSS 7.7
    KEV 3PoC 2
    windows server 2022 (server core installation) (34) · windows server 2022 (34) · windows server 2025 (server core installation) (32)
  • 10cisco
    103 CVE3 critCVSS 5.9
    ×5.2Nuclei 2PoC 103
    cisco catalyst sd-wan manager (18) · catalyst sd-wan manager (16) · identity services engine (13)
  • 11cisco systems inc.
    102 CVE3 critCVSS 6.1
    ×5.0Nuclei 2PoC 102
    cisco sd-wan (17) · cisco identity services engine (12) · telepresence collaboration endpoint (ce) (8)
  • 12microsoft
    96 CVE4 critCVSS 7.9
    KEV 3PoC 1
    windows server 2022 (34) · windows server 2025 (32) · windows server 2022, 23h2 edition (server core installation) (32)
  • 13irfanview
    87 CVECVSS 7.8
    NEW×17.4
    irfanview (87) · formats (4)
  • 14packagist
    74 CVE2 critCVSS 5.7
    Nuclei 4PoC 20
    moodle/moodle (25) · librenms/librenms (13) · symfony/symfony (5)
  • 15adobe
    57 CVECVSS 6.8
    substance3d - painter (23) · substance 3d painter (23) · illustrator (9)
  • 16adobe systems inc.
    51 CVECVSS 6.8
    adobe substance 3d painter (22) · illustrator 2025 (9) · illustrator 2024 (9)
  • 17pypi
    51 CVE5 critCVSS 7.1
    Nuclei 3PoC 8
    calibreweb (3) · transformers (3) · octoprint (2)
  • 18fedora project
    50 CVECVSS 5.5
    fedora (50)
  • 19intel corp.
    49 CVECVSS 6.2
    intel iris xe graphics (4) · intel neural compressor (4) · intel arc graphics (4)
  • 20ivanti
    49 CVE8 critCVSS 7.6
    endpoint manager (18) · connect secure (18) · policy secure (15)
  • 21netgear
    49 CVECVSS 6.2
    ×7.5
    r7000p (27) · r7000p firmware (26) · r8500 firmware (25)
  • 22maven
    48 CVE5 critCVSS 7.3
    PoC 4
    org.keycloak:keycloak-quarkus-server (6) · org.keycloak:keycloak-services (4) · ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (2)
  • 23ао «ивк»
    47 CVE7 critCVSS 6.7
    PoC 3
    альт сп 10 (35) · альт 8 сп (18)
  • 24code-projects
    46 CVECVSS 5.9
    PoC 46
    e-health care system (10) · farmacia (10) · job recruitment (6)
  • 25novell inc.
    44 CVE1 critCVSS 5.8
    KEV 1PoC 2
    opensuse leap (34) · suse linux enterprise server (33) · suse linux enterprise server for sap applications (32)
  • 26go
    42 CVE5 critCVSS 7.1
    Nuclei 1PoC 5
    github.com/goharbor/harbor (6) · github.com/moby/moby (3) · github.com/cli/cli/v2 (2)
  • 27pdf-xchange
    39 CVECVSS 6.6
    pdf-xchange editor (39) · pdf-tools (38)
  • 28unknown
    39 CVE2 critCVSS 5.4
    Nuclei 39PoC 38
    yadisk files (2) · rss feed widget (2) · logo slider (2)
  • 29tracker software products ltd.
    38 CVECVSS 6.7
    pdf-xchange editor (38) · pdf-xchange pro (11) · pdf-tools (11)
  • 30qualcomm
    36 CVE3 critCVSS 7.7
    wsa8835 firmware (21) · wsa8830 firmware (21) · fastconnect 7800 firmware (20)
  • 31qualcomm, inc.
    36 CVE3 critCVSS 7.8
    snapdragon (36)
  • 32tungstenautomation
    36 CVECVSS 6.4
    power pdf (36)
  • 33red hat
    35 CVECVSS 6.2
    PoC 1
    red hat enterprise linux 9 (17) · red hat enterprise linux 8 (17) · red hat enterprise linux 7 (15)
  • 34phpgurukul
    34 CVE2 critCVSS 5.0
    PoC 33
    online shopping portal (11) · complaint management system (4) · user registration \& login and user management system (4)
  • 35siemens
    34 CVE3 critCVSS 5.8
    KEV 1
    tecnomatix plant simulation (10) · teamcenter visualization v2406 (10) · tecnomatix plant simulation v2404 (10)
  • 36anisha
    32 CVECVSS 6.0
    NEW×5.3PoC 32
    e-health care system (10) · farmacia (8) · job recruitment (6)
  • 37ibm
    32 CVE4 critCVSS 6.3
    concert software (5) · concert (5) · security verify access (4)
  • 38siemens ag
    32 CVE3 critCVSS 6.0
    tecnomatix plant simulation (10) · sinec ins (6) · scalance s615 lan-router (4)
  • 39tungsten automation
    32 CVECVSS 6.3
    NEW
    power pdf (32)
  • 40ао «нтц ит роса»
    32 CVE1 critCVSS 6.4
    KEV 1PoC 2
    rosa virtualization 3.0 (21) · роса кобальт (12) · роса хром (7)
  • 41qnap
    29 CVE3 critCVSS 6.9
    qts (16) · quts hero (16) · notes station 3 (4)
  • 42qnap systems inc.
    29 CVE3 critCVSS 6.9
    quts hero (16) · qts (16) · photo station (4)
  • 43dlink
    28 CVE4 critCVSS 7.4
    Nuclei 3PoC 15
    dsl6740c firmware (7) · di-8003 firmware (7) · dwr-2000m firmware (3)
  • 44apache
    26 CVE6 critCVSS 7.4
    tomcat (4) · traffic server (4) · nimble (4)
  • 45d-link corp.
    26 CVE3 critCVSS 7.5
    Nuclei 3PoC 13
    di-8003 (7) · dsl6740c (6) · dns-320lw (3)
  • 46apache software foundation
    25 CVE6 critCVSS 7.6
    apache tomcat (4) · apache nimble (4) · tomcat (4)
  • 47moodle
    25 CVECVSS 5.9
    Nuclei 1PoC 1
    moodle (25)
  • 48mozilla
    24 CVE4 critCVSS 7.2
    PoC 2
    firefox (20) · thunderbird (17) · firefox esr (10)
  • 49trimble
    24 CVECVSS 7.7
    NEW
    sketchup viewer (19) · sketchup (8) · sketchup pro (2)
  • 501000 projects
    23 CVECVSS 7.0
    NEWPoC 23
    beauty parlour management system (11) · bookstore management system (9) · portfolio management system mca (3)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-79824
2CWE-862261
3CWE-89245
4CWE-787239
5CWE-125198
6CWE-78134
7CWE-22115
8CWE-120107
9CWE-74104
10CWE-35299
11CWE-41697
12CWE-9493
13CWE-43489
14CWE-2071
15CWE-47668
16CWE-12265
17CWE-27664
18CWE-7762
19CWE-28460
20CWE-20057