month report
December 2024
Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
December 2024 closed with 3,514 published CVEs — +26.9% YoY . 316 criticals, 16 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: abb at ×4.0 their 12-month median. Top weakness class — CWE-79 (712 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
3,514
— MoM+26.9% YoY
Severity mix
316 / 1,123
critical / high
KEV added
16
4 ransomware-linked
Nuclei coverage
34.5%
1,211 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
448.3
n=1,211
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
28
n=11
Detection gap
KEV pressure, no Nuclei coverage
December 2024 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 3linux354 CVE
- KEV 3ооо «русбитех-астра»291 CVE
- KEV 3ао "нппкт"272 CVE
- KEV 3ооо «ред софт»256 CVE
- KEV 3ооо «открытая мобильная платформа»54 CVE
- KEV 2red hat inc.188 CVE
- KEV 1novell inc.95 CVE
- KEV 1microsoft corp88 CVE
Weakness × Vendor
What's spreading where in December 2024
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS862Missing Authorization89SQL Injection352CSRF787Out-of-bounds Write476NULL Pointer Dereference94Code Injection125Out-of-bounds Read74Injection416Use After Freeсообщество свободного программного обеспечения91712185226658linux11751156ооо «русбитех-астра»19572344ао "нппкт"116472147ооо «ред софт»10119412032canonical ltd.1643733red hat inc.1112331927adobe100247147adobe systems inc.99236117novell inc.152167microsoft corp211416microsoft131315
Breakout vendors
CVE count ≥3× their own 12-period median.
- 4.0×abb24 CVE
- 3.9×adobe174 CVE
- 3.9×ооо «открытая мобильная платформа»54 CVE
- 3.8×adobe systems inc.170 CVE
- 3.4×novell inc.95 CVE
- 3.4×ооо «нцпр»37 CVE
- 3.3×code-projects56 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #27gstreamer29 CVE
- #28gstreamer project29 CVE
- #29сообщество gstreamer29 CVE
- #301000projects28 CVE
- #311000 projects27 CVE
- #32abb24 CVE
- #36openrobotics21 CVE
- #41vibethemes18 CVE
- #48image access gmbh14 CVE
- #50codezips13 CVE
Top vendors
Ranked by distinct CVE count this period.
- 456 CVE32 critCVSS 6.4KEV 3Nuclei 1PoC 17linux (354) · debian gnu/linux (270) · drupal (8)
- 354 CVECVSS 6.1KEV 3linux (354) · linux kernel (354)
- 291 CVE18 critCVSS 6.6KEV 3PoC 4astra linux special edition (291) · astra linux common edition (30) · astra linux special edition для «эльбрус» (1)
- 272 CVE17 critCVSS 6.5KEV 3PoC 6осон основа оnyx (272)
- 256 CVE25 critCVSS 6.7KEV 3PoC 11ред ос (256)
- 206 CVE2 critCVSS 6.1PoC 2ubuntu (204) · lxd (2)
- 188 CVE17 critCVSS 6.6KEV 2PoC 5red hat enterprise linux (181) · red hat openshift container platform (4) · red hat ansible automation platform (2)
- 174 CVE3 critCVSS 6.1×3.9adobe experience manager (90) · experience manager (90) · connect (19)
- 170 CVE3 critCVSS 6.3×3.8adobe experience manager (91) · adobe connect (20) · adobe animate 2023 (13)
- 95 CVE6 critCVSS 6.3×3.4KEV 1PoC 3opensuse leap (89) · suse linux enterprise server (85) · suse linux enterprise desktop (84)
- 88 CVE3 critCVSS 7.6KEV 1PoC 11windows server 2025 (58) · windows server 2025 (server core installation) (58) · windows server 2022, 23h2 edition (server core installation) (57)
- 85 CVE2 critCVSS 7.6KEV 1PoC 12windows server 2025 (server core installation) (58) · windows server 2025 (58) · windows server 2019 (server core installation) (57)
- 62 CVE6 critCVSS 6.5macos (59) · iphone os (28) · ipados (28)
- 60 CVE3 critCVSS 7.2Nuclei 1android (51) · chrome (7) · vertex gemini api (1)
- 56 CVECVSS 5.7×3.3PoC 35job recruitment (10) · simple admin panel (10) · online class and exam scheduling system (7)
- 56 CVE1 critCVSS 5.8cognos controller (10) · cognos analytics (5) · security guardium key lifecycle manager (5)
- 54 CVE1 critCVSS 5.0harmonyos (26) · nip6800 (7) · nip6600 firmware (7)
- 54 CVE16 critCVSS 8.1×3.9KEV 3PoC 2ос аврора (53) · аврора центр (1)
- 47 CVE5 critCVSS 5.3PoC 26land record system (12) · maid hiring management system (7) · online nurse hiring system (5)
- 42 CVE7 critCVSS 7.7KEV 1Nuclei 1PoC 7drupal/core (7) · drupal/drupal (5) · drupal/core-recommended (5)
- 39 CVE5 critCVSS 6.8PoC 2github.com/siyuan-note/siyuan/kernel (4) · github.com/mattermost/mattermost/server/v8 (3) · github.com/cosmwasm/wasmvm (2)
- 39 CVE10 critCVSS 7.1Nuclei 3PoC 6org.apache.tomcat:tomcat-catalina (3) · org.keycloak:keycloak-quarkus-server (2) · org.apache.tomcat.embed:tomcat-embed-core (2)
- 37 CVE17 critCVSS 8.5×3.4PoC 2мсвсфера (37)
- 36 CVE1 critCVSS 5.3Nuclei 35PoC 36wordpress button plugin maxbuttons (2) · learnpress (2) · system dashboard (2)
- 35 CVE1 critCVSS 7.2recoverpoint for virtual machines (7) · elastic cloud storage (3) · avamar (3)
- 32 CVE5 critCVSS 7.5PoC 2matrix-synapse (6) · apache-superset (4) · django (2)
- 29 CVE16 critCVSS 8.6NEWPoC 2gstreamer (29)
- 29 CVE16 critCVSS 8.6NEWPoC 2gstreamer (29)
- 29 CVE16 critCVSS 8.6NEWPoC 2gstreamer (29)
- 28 CVE1 critCVSS 7.0NEWPoC 28portfolio management system mca (11) · attendance tracking management system (9) · library management system (2)
- 27 CVECVSS 7.0NEWPoC 27portfolio management system mca (11) · attendance tracking management system (9) · library management system (2)
- 24 CVE14 critCVSS 8.9NEW×4.0nexus series nexus-3-x (24) · matrix series mat-x (24) · nexus series (24)
- 23 CVECVSS 7.5PoC 1cosmwasm-vm (2) · pgp (2) · age (1)
- 22 CVE4 critCVSS 7.1Nuclei 3PoC 2directus (2) · astro (2) · cookie-encrypter (1)
- 21 CVE9 critCVSS 8.1PoC 11e-learning management system (21)
- 21 CVE15 critCVSS 9.2NEWPoC 21robot operating system (21)
- 19 CVE6 critCVSS 7.8PoC 1qts (10) · quts hero (10) · qulog center (2)
- 19 CVE6 critCVSS 7.8PoC 1quts hero (10) · qts (10) · qulog center (2)
- 18 CVECVSS 7.6navisworks manage (14) · navisworks (14) · navisworks freedom (14)
- 18 CVE6 critCVSS 7.7PoC 1qts (10) · quts hero (10) · qulog center (2)
- 18 CVE11 critCVSS 9.2NEWNuclei 18wordpress learning management system (15) · wplms (15) · vibebp (3)
- 17 CVE7 critCVSS 7.5Nuclei 2PoC 2superset (4) · tomcat (3) · hive (2)
- 17 CVE7 critCVSS 7.4Nuclei 2PoC 2superset (4) · apache superset (4) · apache tomcat (3)
- 16 CVE5 critCVSS 8.0connect secure (5) · cloud services application (3) · cloud services appliance (3)
- 15 CVE1 critCVSS 7.2recoverpoint (6) · powerscale onefs (3) · openmanage server administrator (2)
- 15 CVECVSS 4.9teamcity (9) · youtrack (6)
- 15 CVECVSS 6.8mt6580, mt6739, mt6761, mt6765, mt6768, mt6779, mt6781, mt6785, mt6789, mt6833, mt6835, mt6853, mt6855, mt6873, mt6877, mt6878, mt6879, mt6883, mt6885, mt6886, mt6889, mt6893, mt6895, mt6896, mt6897, mt6983, mt6985, mt6989, mt8321, mt8666, mt8667, mt8673, mt8678, mt8765, mt8766, mt8766r, mt8768, mt8771, mt8781, mt8786, mt8788, mt8788e, mt8791t, mt8797, mt8798, mt8863t (3) · mt2737, mt3605, mt6985, mt6989, mt6990, mt7925, mt7927, mt8518s, mt8532, mt8678 (1) · mt2737, mt6298, mt6879, mt6886, mt6895, mt6895t, mt6896, mt6980, mt6980d, mt6983, mt6985, mt6989, mt6990, mt8673, mt8676, mt8795t, mt8798 (1)
- 14 CVECVSS 6.2NEWPoC 14scan2net (14)
- 14 CVE2 critCVSS 7.7solid edge se2024 (4) · simocode es v18 (2) · simocode es v19 (2)
- 13 CVECVSS 6.8NEWPoC 13e-commerce site (4) · technical discussion forum (2) · hospital management system (2)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 456 | 32 | 3 | 1 | KEV 3Nuclei 1PoC 17 | linux (354) · debian gnu/linux (270) · drupal (8) | — | |
| 2 | linux | 354 | · | 3 | · | KEV 3 | linux (354) · linux kernel (354) | — | |
| 3 | ооо «русбитех-астра» | 291 | 18 | 3 | · | KEV 3PoC 4 | astra linux special edition (291) · astra linux common edition (30) · astra linux special edition для «эльбрус» (1) | — | |
| 4 | ао "нппкт" | 272 | 17 | 3 | · | KEV 3PoC 6 | осон основа оnyx (272) | — | |
| 5 | ооо «ред софт» | 256 | 25 | 3 | · | KEV 3PoC 11 | ред ос (256) | — | |
| 6 | canonical ltd. | 206 | 2 | · | · | PoC 2 | ubuntu (204) · lxd (2) | — | |
| 7 | red hat inc. | 188 | 17 | 2 | · | KEV 2PoC 5 | red hat enterprise linux (181) · red hat openshift container platform (4) · red hat ansible automation platform (2) | — | |
| 8 | adobe | 174 | 3 | · | · | ×3.9 | adobe experience manager (90) · experience manager (90) · connect (19) | — | |
| 9 | adobe systems inc. | 170 | 3 | · | · | ×3.8 | adobe experience manager (91) · adobe connect (20) · adobe animate 2023 (13) | — | |
| 10 | novell inc. | 95 | 6 | 1 | · | ×3.4KEV 1PoC 3 | opensuse leap (89) · suse linux enterprise server (85) · suse linux enterprise desktop (84) | — | |
| 11 | microsoft corp | 88 | 3 | 1 | · | KEV 1PoC 11 | windows server 2025 (58) · windows server 2025 (server core installation) (58) · windows server 2022, 23h2 edition (server core installation) (57) | — | |
| 12 | microsoft | 85 | 2 | 1 | · | KEV 1PoC 12 | windows server 2025 (server core installation) (58) · windows server 2025 (58) · windows server 2019 (server core installation) (57) | — | |
| 13 | apple | 62 | 6 | · | · | macos (59) · iphone os (28) · ipados (28) | — | ||
| 14 | 60 | 3 | · | 1 | Nuclei 1 | android (51) · chrome (7) · vertex gemini api (1) | — | ||
| 15 | code-projects | 56 | · | · | · | ×3.3PoC 35 | job recruitment (10) · simple admin panel (10) · online class and exam scheduling system (7) | — | |
| 16 | ibm | 56 | 1 | · | · | cognos controller (10) · cognos analytics (5) · security guardium key lifecycle manager (5) | — | ||
| 17 | huawei | 54 | 1 | · | · | harmonyos (26) · nip6800 (7) · nip6600 firmware (7) | — | ||
| 18 | ооо «открытая мобильная платформа» | 54 | 16 | 3 | · | ×3.9KEV 3PoC 2 | ос аврора (53) · аврора центр (1) | — | |
| 19 | phpgurukul | 47 | 5 | · | · | PoC 26 | land record system (12) · maid hiring management system (7) · online nurse hiring system (5) | — | |
| 20 | packagist | 42 | 7 | 1 | 1 | KEV 1Nuclei 1PoC 7 | drupal/core (7) · drupal/drupal (5) · drupal/core-recommended (5) | — | |
| 21 | go | 39 | 5 | · | · | PoC 2 | github.com/siyuan-note/siyuan/kernel (4) · github.com/mattermost/mattermost/server/v8 (3) · github.com/cosmwasm/wasmvm (2) | — | |
| 22 | maven | 39 | 10 | · | 3 | Nuclei 3PoC 6 | org.apache.tomcat:tomcat-catalina (3) · org.keycloak:keycloak-quarkus-server (2) · org.apache.tomcat.embed:tomcat-embed-core (2) | — | |
| 23 | ооо «нцпр» | 37 | 17 | · | · | ×3.4PoC 2 | мсвсфера (37) | — | |
| 24 | unknown | 36 | 1 | · | 35 | Nuclei 35PoC 36 | wordpress button plugin maxbuttons (2) · learnpress (2) · system dashboard (2) | — | |
| 25 | dell | 35 | 1 | · | · | recoverpoint for virtual machines (7) · elastic cloud storage (3) · avamar (3) | — | ||
| 26 | pypi | 32 | 5 | · | · | PoC 2 | matrix-synapse (6) · apache-superset (4) · django (2) | — | |
| 27 | gstreamer | 29 | 16 | · | · | NEWPoC 2 | gstreamer (29) | — | |
| 28 | gstreamer project | 29 | 16 | · | · | NEWPoC 2 | gstreamer (29) | — | |
| 29 | сообщество gstreamer | 29 | 16 | · | · | NEWPoC 2 | gstreamer (29) | — | |
| 30 | 1000projects | 28 | 1 | · | · | NEWPoC 28 | portfolio management system mca (11) · attendance tracking management system (9) · library management system (2) | — | |
| 31 | 1000 projects | 27 | · | · | · | NEWPoC 27 | portfolio management system mca (11) · attendance tracking management system (9) · library management system (2) | — | |
| 32 | abb | 24 | 14 | · | · | NEW×4.0 | nexus series nexus-3-x (24) · matrix series mat-x (24) · nexus series (24) | — | |
| 33 | crates.io | 23 | · | · | · | PoC 1 | cosmwasm-vm (2) · pgp (2) · age (1) | — | |
| 34 | npm | 22 | 4 | · | 3 | Nuclei 3PoC 2 | directus (2) · astro (2) · cookie-encrypter (1) | — | |
| 35 | lopalopa | 21 | 9 | · | · | PoC 11 | e-learning management system (21) | — | |
| 36 | openrobotics | 21 | 15 | · | · | NEWPoC 21 | robot operating system (21) | — | |
| 37 | qnap | 19 | 6 | · | · | PoC 1 | qts (10) · quts hero (10) · qulog center (2) | — | |
| 38 | qnap systems inc. | 19 | 6 | · | · | PoC 1 | quts hero (10) · qts (10) · qulog center (2) | — | |
| 39 | autodesk | 18 | · | · | · | navisworks manage (14) · navisworks (14) · navisworks freedom (14) | — | ||
| 40 | qnap systems, inc. | 18 | 6 | · | · | PoC 1 | qts (10) · quts hero (10) · qulog center (2) | — | |
| 41 | vibethemes | 18 | 11 | · | 18 | NEWNuclei 18 | wordpress learning management system (15) · wplms (15) · vibebp (3) | — | |
| 42 | apache | 17 | 7 | · | 2 | Nuclei 2PoC 2 | superset (4) · tomcat (3) · hive (2) | — | |
| 43 | apache software foundation | 17 | 7 | · | 2 | Nuclei 2PoC 2 | superset (4) · apache superset (4) · apache tomcat (3) | — | |
| 44 | ivanti | 16 | 5 | · | · | connect secure (5) · cloud services application (3) · cloud services appliance (3) | — | ||
| 45 | dell technologies | 15 | 1 | · | · | recoverpoint (6) · powerscale onefs (3) · openmanage server administrator (2) | — | ||
| 46 | jetbrains | 15 | · | · | · | teamcity (9) · youtrack (6) | — | ||
| 47 | mediatek, inc. | 15 | · | · | · | mt6580, mt6739, mt6761, mt6765, mt6768, mt6779, mt6781, mt6785, mt6789, mt6833, mt6835, mt6853, mt6855, mt6873, mt6877, mt6878, mt6879, mt6883, mt6885, mt6886, mt6889, mt6893, mt6895, mt6896, mt6897, mt6983, mt6985, mt6989, mt8321, mt8666, mt8667, mt8673, mt8678, mt8765, mt8766, mt8766r, mt8768, mt8771, mt8781, mt8786, mt8788, mt8788e, mt8791t, mt8797, mt8798, mt8863t (3) · mt2737, mt3605, mt6985, mt6989, mt6990, mt7925, mt7927, mt8518s, mt8532, mt8678 (1) · mt2737, mt6298, mt6879, mt6886, mt6895, mt6895t, mt6896, mt6980, mt6980d, mt6983, mt6985, mt6989, mt6990, mt8673, mt8676, mt8795t, mt8798 (1) | — | ||
| 48 | image access gmbh | 14 | · | · | · | NEWPoC 14 | scan2net (14) | — | |
| 49 | siemens | 14 | 2 | · | · | solid edge se2024 (4) · simocode es v18 (2) · simocode es v19 (2) | — | ||
| 50 | codezips | 13 | · | · | · | NEWPoC 13 | e-commerce site (4) · technical discussion forum (2) · hospital management system (2) | — |