month report

June 2025

Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

June 2025 closed with 3,875 published CVEs — +16.3% YoY . 293 criticals, 20 added to CISA KEV (1 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: code-projects at ×14.6 their 12-month median. Top weakness class — CWE-79 (737 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

3,875

— MoM+16.3% YoY

Severity mix

293 / 1,289

critical / high

KEV added

1 ransomware-linked

Nuclei coverage

21.1%

816 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

262.5

n=816

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=18

Detection gap

KEV pressure, no Nuclei coverage

June 2025 · vendors with active exploitation listed by CISA but no public detection template.

Weakness × Vendor

What's spreading where in June 2025

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

14.6×code-projects153 CVE
8.1×fabian65 CVE
6.1×debian55 CVE
4.2×mayurik21 CVE
3.9×adobe systems inc.254 CVE
3.5×campcodes21 CVE
3.5×fedora project21 CVE
3.0×d-link corp.44 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#41carmelo22 CVE
#45drupal21 CVE
#69freefloat14 CVE
#70thembay14 CVE
#71anujk30513 CVE
#74linksys13 CVE
#77ооо «увеон»13 CVE
#79juzaweb12 CVE
#80preh car connect gmbh (joynext gmbh)12 CVE
#83saltstack, inc11 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
407 CVE21 critCVSS 6.2
Nuclei 3PoC 19
linux (301) · debian gnu/linux (179) · xwiki platform (9)
2linux—
375 CVECVSS 6.0
PoC 2
linux (375) · linux kernel (375)
3adobe—
255 CVECVSS 5.7
experience manager (224) · adobe experience manager (224) · acrobat (10)
4adobe systems inc.—
254 CVECVSS 5.8
×3.9
adobe experience manager (223) · adobe acrobat 2020 (10) · adobe acrobat 2024 (10)
5red hat inc.—
241 CVE7 critCVSS 6.1
KEV 1Nuclei 1PoC 5
red hat enterprise linux (237) · red hat openshift container platform (10) · red hat virtualization (4)
6ооо «ред софт»—
154 CVE12 critCVSS 6.4
KEV 4Nuclei 3PoC 12
ред ос (154)
7code-projects—
153 CVE1 critCVSS 6.7
×14.6Nuclei 1PoC 145
inventory management system (20) · simple pizza ordering system (14) · online shoe store (12)
8canonical ltd.—
144 CVE3 critCVSS 6.1
KEV 1Nuclei 1PoC 4
ubuntu (143) · cloud-init (2)
9ооо «русбитех-астра»—
124 CVE10 critCVSS 6.7
KEV 2PoC 10
astra linux special edition (121) · astra linux common edition (29) · пк "ald pro" (2)
10phpgurukul—
123 CVECVSS 6.2
PoC 112
art gallery management system (9) · complaint management system (9) · pre-school enrollment system (9)
11ао "нппкт"—
113 CVE10 critCVSS 6.6
KEV 2PoC 9
осон основа оnyx (113)
12totolink—
78 CVE2 critCVSS 7.9
PoC 65
x15 firmware (20) · x15 (20) · ex1200t firmware (19)
13microsoft corp—
76 CVE2 critCVSS 7.1
KEV 4PoC 3
windows server 2025 (43) · windows server 2025 (server core installation) (43) · windows server 2022 (41)
14ао «сбертех»—
76 CVE2 critCVSS 6.1
PoC 4
platform v sberlinux os server (76)
15microsoft—
71 CVE2 critCVSS 7.0
KEV 4PoC 3
windows server 2025 (42) · windows server 2025 (server core installation) (41) · windows server 2022 (41)
16fabian—
65 CVECVSS 6.5
×8.1Nuclei 1PoC 65
simple online hotel reservation system (11) · school fees payment system (9) · simple forum (8)
17ао «ивк»—
64 CVE6 critCVSS 6.6
PoC 5
альт сп 10 (36) · альт 8 сп (35)
18maven—
58 CVE9 critCVSS 7.3
Nuclei 4PoC 5
org.geoserver.web:gs-web-app (6) · org.geoserver:gs-wfs (3) · org.apache.tomcat.embed:tomcat-embed-core (3)
19debian—
55 CVE6 critCVSS 6.4
×6.1KEV 2Nuclei 2PoC 4
debian linux (50) · yubiserver (2) · pdns (1)
20sourcecodester—
52 CVECVSS 5.4
PoC 50
best salon management system (21) · student result management system (10) · simple company website (7)
21go—
50 CVE4 critCVSS 6.1
Nuclei 1PoC 10
github.com/filebrowser/filebrowser (8) · github.com/filebrowser/filebrowser/v2 (8) · github.com/mattermost/mattermost/server/v8 (7)
22novell inc.—
49 CVE6 critCVSS 6.4
KEV 1Nuclei 1PoC 2
suse linux enterprise server for sap applications (47) · opensuse leap (47) · suse linux enterprise server (47)
23ibm—
48 CVE3 critCVSS 6.3
cloud pak for security (5) · qradar suite software (5) · qradar suite (5)
24pypi—
47 CVE6 critCVSS 6.7
PoC 6
salt (9) · backend.ai (3) · langchain-chatchat (3)
25d-link corp.—
44 CVE7 critCVSS 8.0
×3.0PoC 33
dir-619l (14) · dir-618 (5) · di-7300g+ (4)
26dlink—
43 CVE7 critCVSS 8.1
PoC 32
dir-619l firmware (14) · dir-816 firmware (7) · di-7300g\+ firmware (4)
27d-link—
41 CVE5 critCVSS 8.0
PoC 32
dir-619l (14) · dir-816 (6) · di-7300g+ (4)
28ibm corp.—
39 CVE3 critCVSS 6.4
qradar suite software (5) · ibm cloud pak for security (5) · ibm planning analytics local (4)
29packagist—
39 CVE2 critCVSS 6.3
KEV 1Nuclei 2PoC 4
starcitizentools/citizen-skin (5) · magento/community-edition (5) · magento/project-community-edition (4)
30tenda—
39 CVECVSS 8.3
PoC 34
ac6 firmware (7) · ac5 (5) · ac5 firmware (5)
31red hat—
37 CVE3 critCVSS 7.2
PoC 1
red hat enterprise linux 9 (28) · red hat enterprise linux 8 (27) · red hat enterprise linux 10 (27)
32shenzhen tenda technology co., ltd.—
37 CVECVSS 8.2
PoC 33
ac6 (6) · tenda ac15 (4) · tenda ac9 (4)
33npm—
34 CVE7 critCVSS 6.4
Nuclei 1PoC 9
erxes (3) · webpack-dev-server (2) · @haxtheweb/haxcms-nodejs (2)
34samsung—
30 CVE6 critCVSS 7.3
exynos 1480 firmware (9) · exynos 2400 firmware (9) · exynos 2200 firmware (8)
35trendmicro—
28 CVE6 critCVSS 7.9
trend micro endpoint encryption (8) · apex central (8) · apex one (5)
36trend micro, inc.—
28 CVE6 critCVSS 7.9
trend micro apex central (8) · trend micro endpoint encryption policy server (8) · trend micro apex one as a service (5)
37trend micro—
24 CVE6 critCVSS 7.8
trend micro apex central (8) · trend micro endpoint encryption (tmee) (7) · apex one as a service (4)
38unknown—
24 CVE2 critCVSS 5.8
Nuclei 23PoC 24
newsletter (3) · file provider (2) · buddypress docs (1)
39pdf-xchange—
23 CVECVSS 5.3
pdf-tools (23) · pdf-xchange editor (23) · pdf-xchange pro (3)
40tracker software products ltd.—
23 CVECVSS 5.3
pdf-tools (23) · pdf-xchange editor (23) · pdf-xchange pro (23)
41carmelo—
22 CVECVSS 6.5
NEWPoC 18
simple pizza ordering system (14) · traffic offense reporting system (4) · movie ticketing system (2)
42apache—
21 CVE5 critCVSS 7.9
Nuclei 1PoC 1
cloudstack (5) · kafka (3) · tomcat (3)
43apache software foundation—
21 CVE5 critCVSS 8.0
Nuclei 1PoC 1
apache cloudstack (5) · tomcat (3) · kafka (3)
44campcodes—
21 CVECVSS 7.3
×3.5PoC 21
online hospital management system (6) · online teacher record management system (5) · sales and inventory system (5)
45drupal—
21 CVECVSS 6.8
NEW
simple klaro (2) · quick node block (2) · cookies consent management (2)
46fedora project—
21 CVE2 critCVSS 6.0
×3.5PoC 3
fedora (19) · fedora epel (12) · nbdkit plugin framework (2)
47mayurik—
21 CVECVSS 6.3
×4.2PoC 21
best salon management system (21)
48qnap systems inc.—
21 CVECVSS 7.6
file station 5 (14) · quts hero (2) · qts (2)
49gitlab—
20 CVECVSS 5.9
PoC 11
gitlab (20)
50qnap—
20 CVECVSS 7.6
file station (13) · qts (2) · qsync central (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	407	21	·	3	Nuclei 3PoC 19	linux (301) · debian gnu/linux (179) · xwiki platform (9)	—
2	linux	375	·	·	·	PoC 2	linux (375) · linux kernel (375)	—
3	adobe	255	·	·	·		experience manager (224) · adobe experience manager (224) · acrobat (10)	—
4	adobe systems inc.	254	·	·	·	×3.9	adobe experience manager (223) · adobe acrobat 2020 (10) · adobe acrobat 2024 (10)	—
5	red hat inc.	241	7	1	1	KEV 1Nuclei 1PoC 5	red hat enterprise linux (237) · red hat openshift container platform (10) · red hat virtualization (4)	—
6	ооо «ред софт»	154	12	4	3	KEV 4Nuclei 3PoC 12	ред ос (154)	—
7	code-projects	153	1	·	1	×14.6Nuclei 1PoC 145	inventory management system (20) · simple pizza ordering system (14) · online shoe store (12)	—
8	canonical ltd.	144	3	1	1	KEV 1Nuclei 1PoC 4	ubuntu (143) · cloud-init (2)	—
9	ооо «русбитех-астра»	124	10	2	·	KEV 2PoC 10	astra linux special edition (121) · astra linux common edition (29) · пк "ald pro" (2)	—
10	phpgurukul	123	·	·	·	PoC 112	art gallery management system (9) · complaint management system (9) · pre-school enrollment system (9)	—
11	ао "нппкт"	113	10	2	·	KEV 2PoC 9	осон основа оnyx (113)	—
12	totolink	78	2	·	·	PoC 65	x15 firmware (20) · x15 (20) · ex1200t firmware (19)	—
13	microsoft corp	76	2	4	·	KEV 4PoC 3	windows server 2025 (43) · windows server 2025 (server core installation) (43) · windows server 2022 (41)	—
14	ао «сбертех»	76	2	·	·	PoC 4	platform v sberlinux os server (76)	—
15	microsoft	71	2	4	·	KEV 4PoC 3	windows server 2025 (42) · windows server 2025 (server core installation) (41) · windows server 2022 (41)	—
16	fabian	65	·	·	1	×8.1Nuclei 1PoC 65	simple online hotel reservation system (11) · school fees payment system (9) · simple forum (8)	—
17	ао «ивк»	64	6	·	·	PoC 5	альт сп 10 (36) · альт 8 сп (35)	—
18	maven	58	9	·	4	Nuclei 4PoC 5	org.geoserver.web:gs-web-app (6) · org.geoserver:gs-wfs (3) · org.apache.tomcat.embed:tomcat-embed-core (3)	—
19	debian	55	6	2	2	×6.1KEV 2Nuclei 2PoC 4	debian linux (50) · yubiserver (2) · pdns (1)	—
20	sourcecodester	52	·	·	·	PoC 50	best salon management system (21) · student result management system (10) · simple company website (7)	—
21	go	50	4	·	1	Nuclei 1PoC 10	github.com/filebrowser/filebrowser (8) · github.com/filebrowser/filebrowser/v2 (8) · github.com/mattermost/mattermost/server/v8 (7)	—
22	novell inc.	49	6	1	1	KEV 1Nuclei 1PoC 2	suse linux enterprise server for sap applications (47) · opensuse leap (47) · suse linux enterprise server (47)	—
23	ibm	48	3	·	·		cloud pak for security (5) · qradar suite software (5) · qradar suite (5)	—
24	pypi	47	6	·	·	PoC 6	salt (9) · backend.ai (3) · langchain-chatchat (3)	—
25	d-link corp.	44	7	·	·	×3.0PoC 33	dir-619l (14) · dir-618 (5) · di-7300g+ (4)	—
26	dlink	43	7	·	·	PoC 32	dir-619l firmware (14) · dir-816 firmware (7) · di-7300g\+ firmware (4)	—
27	d-link	41	5	·	·	PoC 32	dir-619l (14) · dir-816 (6) · di-7300g+ (4)	—
28	ibm corp.	39	3	·	·		qradar suite software (5) · ibm cloud pak for security (5) · ibm planning analytics local (4)	—
29	packagist	39	2	1	2	KEV 1Nuclei 2PoC 4	starcitizentools/citizen-skin (5) · magento/community-edition (5) · magento/project-community-edition (4)	—
30	tenda	39	·	·	·	PoC 34	ac6 firmware (7) · ac5 (5) · ac5 firmware (5)	—
31	red hat	37	3	·	·	PoC 1	red hat enterprise linux 9 (28) · red hat enterprise linux 8 (27) · red hat enterprise linux 10 (27)	—
32	shenzhen tenda technology co., ltd.	37	·	·	·	PoC 33	ac6 (6) · tenda ac15 (4) · tenda ac9 (4)	—
33	npm	34	7	·	1	Nuclei 1PoC 9	erxes (3) · webpack-dev-server (2) · @haxtheweb/haxcms-nodejs (2)	—
34	samsung	30	6	·	·		exynos 1480 firmware (9) · exynos 2400 firmware (9) · exynos 2200 firmware (8)	—
35	trendmicro	28	6	·	·		trend micro endpoint encryption (8) · apex central (8) · apex one (5)	—
36	trend micro, inc.	28	6	·	·		trend micro apex central (8) · trend micro endpoint encryption policy server (8) · trend micro apex one as a service (5)	—
37	trend micro	24	6	·	·		trend micro apex central (8) · trend micro endpoint encryption (tmee) (7) · apex one as a service (4)	—
38	unknown	24	2	·	23	Nuclei 23PoC 24	newsletter (3) · file provider (2) · buddypress docs (1)	—
39	pdf-xchange	23	·	·	·		pdf-tools (23) · pdf-xchange editor (23) · pdf-xchange pro (3)	—
40	tracker software products ltd.	23	·	·	·		pdf-tools (23) · pdf-xchange editor (23) · pdf-xchange pro (23)	—
41	carmelo	22	·	·	·	NEWPoC 18	simple pizza ordering system (14) · traffic offense reporting system (4) · movie ticketing system (2)	—
42	apache	21	5	·	1	Nuclei 1PoC 1	cloudstack (5) · kafka (3) · tomcat (3)	—
43	apache software foundation	21	5	·	1	Nuclei 1PoC 1	apache cloudstack (5) · tomcat (3) · kafka (3)	—
44	campcodes	21	·	·	·	×3.5PoC 21	online hospital management system (6) · online teacher record management system (5) · sales and inventory system (5)	—
45	drupal	21	·	·	·	NEW	simple klaro (2) · quick node block (2) · cookies consent management (2)	—
46	fedora project	21	2	·	·	×3.5PoC 3	fedora (19) · fedora epel (12) · nbdkit plugin framework (2)	—
47	mayurik	21	·	·	·	×4.2PoC 21	best salon management system (21)	—
48	qnap systems inc.	21	·	·	·		file station 5 (14) · quts hero (2) · qts (2)	—
49	gitlab	20	·	·	·	PoC 11	gitlab (20)	—
50	qnap	20	·	·	·		file station (13) · qts (2) · qsync central (2)	—