month report

August 2025

Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

August 2025 closed with 3,871 published CVEs — +28.0% YoY . 343 criticals, 15 added to CISA KEV. сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: huawei at ×5.2 their 12-month median. Top weakness class — CWE-79 (570 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

3,871

— MoM+28.0% YoY

Severity mix

343 / 1,275

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

16.7%

648 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

198.9

n=648

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=10

Detection gap

KEV pressure, no Nuclei coverage

August 2025 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1adobe79 CVE
KEV 1adobe systems inc.68 CVE

Weakness × Vendor

What's spreading where in August 2025

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

5.2×huawei52 CVE
5.0×nvidia corp.30 CVE
4.2×nvidia42 CVE
3.2×code-projects54 CVE
3.0×maven81 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#22linksys50 CVE
#24portabilis48 CVE
#33linksys holdings, inc.37 CVE
#41jvckenwood29 CVE
#42kenwood29 CVE
#43admerc28 CVE
#46anisha24 CVE
#50the biosig project24 CVE
#62zoneland19 CVE
#63cgm17 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
276 CVE10 critCVSS 6.3
Nuclei 4PoC 26
linux (187) · debian gnu/linux (85) · gpac (21)
2ооо «ред софт»—
238 CVE9 critCVSS 6.1
PoC 24
ред ос (238) · ред база данных (9)
3linux—
186 CVECVSS 6.1
PoC 7
linux (186) · linux kernel (186)
4ооо «русбитех-астра»—
168 CVE3 critCVSS 6.4
PoC 19
astra linux special edition (167) · astra linux common edition (30)
5microsoft—
119 CVE7 critCVSS 7.5
PoC 4
windows server 2025 (67) · windows server 2025 (server core installation) (67) · windows server 2022 (62)
6microsoft corp—
117 CVE6 critCVSS 7.5
PoC 5
windows server 2025 (server core installation) (64) · windows server 2025 (64) · windows server 2022 (59)
7ао «ивк»—
103 CVE3 critCVSS 6.1
PoC 11
альт сп 10 (84) · альт 8 сп (47)
8maven—
81 CVE10 critCVSS 6.3
×3.0Nuclei 4PoC 5
com.liferay.portal:release.portal.bom (20) · org.pytorch:executorch-android (5) · com.liferay.portal:release.dxp.bom (5)
9adobe—
79 CVE1 critCVSS 6.7
KEV 1PoC 1
indesign desktop (14) · indesign (14) · substance 3d modeler (13)
10debian—
77 CVE1 critCVSS 6.3
PoC 5
debian linux (76) · devscripts (1)
11go—
75 CVE6 critCVSS 6.0
PoC 3
github.com/mattermost/mattermost-plugin-confluence (13) · github.com/mattermost/mattermost/server/v8 (9) · github.com/mattermost/mattermost-server (9)
12pypi—
75 CVE9 critCVSS 7.5
PoC 9
picklescan (29) · executorch (6) · apache-superset (4)
13ао "нппкт"—
75 CVE3 critCVSS 6.8
PoC 13
осон основа оnyx (75)
14canonical ltd.—
72 CVE1 critCVSS 6.4
PoC 6
ubuntu (72)
15ао «сбертех»—
72 CVECVSS 6.1
PoC 6
platform v sberlinux os server (69) · субд «platform v pangolin db» (3)
16adobe systems inc.—
68 CVE1 critCVSS 6.9
KEV 1PoC 1
adobe indesign (15) · adobe substance 3d modeler (13) · adobe substance 3d painter (9)
17red hat inc.—
66 CVE2 critCVSS 6.5
PoC 10
red hat enterprise linux (62) · cert-manager operator for red hat openshift (2) · keycloak (1)
18code-projects—
54 CVECVSS 6.9
×3.2PoC 54
online medicine guide (12) · human resource integrated system (7) · simple grading system (6)
19itsourcecode—
53 CVECVSS 7.2
PoC 53
apartment management system (28) · online tour and travel management system (20) · sports management system (3)
20huawei—
52 CVECVSS 6.1
×5.2
harmonyos (49) · emui (12) · enzoh-w5611t firmware (3)
21npm—
51 CVE9 critCVSS 7.1
Nuclei 5PoC 12
@anthropic-ai/claude-code (3) · next (3) · flowise (3)
22linksys—
50 CVECVSS 8.1
NEWPoC 47
re6300 (43) · re6350 (43) · re6350 firmware (43)
23google—
48 CVE5 critCVSS 7.3
PoC 1
android (30) · chrome (16) · keras (1)
24portabilis—
48 CVECVSS 4.0
NEWPoC 45
i-educar (36) · i-diario (12)
25cisco—
47 CVE1 critCVSS 6.6
PoC 47
cisco firepower threat defense software (22) · cisco adaptive security appliance (asa) software (18) · cisco firepower management center (8)
26tenda—
47 CVE4 critCVSS 7.7
PoC 32
ac6 firmware (12) · ac20 firmware (9) · ac20 (9)
27liferay—
46 CVE2 critCVSS 5.8
Nuclei 1
dxp (46) · digital experience platform (45) · portal (45)
28qnap systems inc.—
43 CVE1 critCVSS 6.8
qsync central (14) · file station 5 (12) · quts hero (11)
29cisco systems inc.—
42 CVE1 critCVSS 6.5
PoC 42
firepower threat defense (17) · adaptive security appliance (14) · cisco firepower management center (7)
30nvidia—
42 CVE3 critCVSS 7.4
×4.2
triton inference server (17) · gpu display drivers (12) · nemo (6)
31qnap—
42 CVE1 critCVSS 6.8
qsync central (14) · file station (12) · quts hero (11)
32packagist—
39 CVE4 critCVSS 6.7
Nuclei 3PoC 15
magento/community-edition (6) · magento/project-community-edition (6) · unopim/unopim (5)
33linksys holdings, inc.—
37 CVECVSS 8.0
NEWPoC 34
re6300 (31) · re7000 (31) · re6250 (31)
34ibm—
35 CVE1 critCVSS 6.2
concert software (5) · websphere application server (5) · concert (5)
35shenzhen tenda technology co., ltd.—
32 CVE3 critCVSS 7.9
PoC 27
tenda ac20 (9) · tenda ch22 (4) · tenda ac6 v2.0 (4)
36novell inc.—
31 CVECVSS 6.1
PoC 7
suse linux enterprise server (27) · suse linux enterprise server for sap applications (27) · suse linux enterprise desktop (27)
37d-link corp.—
30 CVE7 critCVSS 8.0
PoC 15
dsl-7740c (9) · dir-619l (4) · dir-615 (3)
38nvidia corp.—
30 CVE3 critCVSS 5.9
×5.0
nvidia triton inference server (17) · vgpu (11) · geforce r575 (7)
39siemens—
30 CVE1 critCVSS 6.8
opcenter quality (7) · smartclient modules opcenter ql home (sc) (7) · soa audit (7)
40dlink—
29 CVE7 critCVSS 7.9
PoC 15
dsl-7740c firmware (9) · dir-619l firmware (4) · dir-600 firmware (3)
41jvckenwood—
29 CVECVSS 6.9
NEW
dmx958xr firmware (29)
42kenwood—
29 CVECVSS 6.9
NEW
dmx958xr (29)
43admerc—
28 CVECVSS 7.3
NEWPoC 28
apartment management system (28)
44dell—
28 CVE2 critCVSS 6.9
Nuclei 1PoC 1
data domain operating system (5) · powerprotect data domain feature release (5) · powerprotect data domain lts 2023 (5)
45sourcecodester—
28 CVECVSS 7.1
PoC 26
covid 19 testing management system (7) · online bank management system (5) · advanced school management system (3)
46anisha—
24 CVECVSS 7.3
NEWPoC 24
online medicine guide (12) · wazifa system (4) · job diary (3)
47libbiosig project—
24 CVE22 critCVSS 9.7
PoC 9
libbiosig (24)
48qualcomm—
24 CVECVSS 7.2
wcd9380 firmware (21) · fastconnect 6900 firmware (21) · fastconnect 7800 firmware (20)
49qualcomm, inc.—
24 CVECVSS 7.3
snapdragon (24)
50the biosig project—
24 CVE22 critCVSS 9.7
NEWPoC 9
libbiosig (24)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	276	10	·	4	Nuclei 4PoC 26	linux (187) · debian gnu/linux (85) · gpac (21)	—
2	ооо «ред софт»	238	9	·	·	PoC 24	ред ос (238) · ред база данных (9)	—
3	linux	186	·	·	·	PoC 7	linux (186) · linux kernel (186)	—
4	ооо «русбитех-астра»	168	3	·	·	PoC 19	astra linux special edition (167) · astra linux common edition (30)	—
5	microsoft	119	7	·	·	PoC 4	windows server 2025 (67) · windows server 2025 (server core installation) (67) · windows server 2022 (62)	—
6	microsoft corp	117	6	·	·	PoC 5	windows server 2025 (server core installation) (64) · windows server 2025 (64) · windows server 2022 (59)	—
7	ао «ивк»	103	3	·	·	PoC 11	альт сп 10 (84) · альт 8 сп (47)	—
8	maven	81	10	·	4	×3.0Nuclei 4PoC 5	com.liferay.portal:release.portal.bom (20) · org.pytorch:executorch-android (5) · com.liferay.portal:release.dxp.bom (5)	—
9	adobe	79	1	1	·	KEV 1PoC 1	indesign desktop (14) · indesign (14) · substance 3d modeler (13)	—
10	debian	77	1	·	·	PoC 5	debian linux (76) · devscripts (1)	—
11	go	75	6	·	·	PoC 3	github.com/mattermost/mattermost-plugin-confluence (13) · github.com/mattermost/mattermost/server/v8 (9) · github.com/mattermost/mattermost-server (9)	—
12	pypi	75	9	·	·	PoC 9	picklescan (29) · executorch (6) · apache-superset (4)	—
13	ао "нппкт"	75	3	·	·	PoC 13	осон основа оnyx (75)	—
14	canonical ltd.	72	1	·	·	PoC 6	ubuntu (72)	—
15	ао «сбертех»	72	·	·	·	PoC 6	platform v sberlinux os server (69) · субд «platform v pangolin db» (3)	—
16	adobe systems inc.	68	1	1	·	KEV 1PoC 1	adobe indesign (15) · adobe substance 3d modeler (13) · adobe substance 3d painter (9)	—
17	red hat inc.	66	2	·	·	PoC 10	red hat enterprise linux (62) · cert-manager operator for red hat openshift (2) · keycloak (1)	—
18	code-projects	54	·	·	·	×3.2PoC 54	online medicine guide (12) · human resource integrated system (7) · simple grading system (6)	—
19	itsourcecode	53	·	·	·	PoC 53	apartment management system (28) · online tour and travel management system (20) · sports management system (3)	—
20	huawei	52	·	·	·	×5.2	harmonyos (49) · emui (12) · enzoh-w5611t firmware (3)	—
21	npm	51	9	·	5	Nuclei 5PoC 12	@anthropic-ai/claude-code (3) · next (3) · flowise (3)	—
22	linksys	50	·	·	·	NEWPoC 47	re6300 (43) · re6350 (43) · re6350 firmware (43)	—
23	google	48	5	·	·	PoC 1	android (30) · chrome (16) · keras (1)	—
24	portabilis	48	·	·	·	NEWPoC 45	i-educar (36) · i-diario (12)	—
25	cisco	47	1	·	·	PoC 47	cisco firepower threat defense software (22) · cisco adaptive security appliance (asa) software (18) · cisco firepower management center (8)	—
26	tenda	47	4	·	·	PoC 32	ac6 firmware (12) · ac20 firmware (9) · ac20 (9)	—
27	liferay	46	2	·	1	Nuclei 1	dxp (46) · digital experience platform (45) · portal (45)	—
28	qnap systems inc.	43	1	·	·		qsync central (14) · file station 5 (12) · quts hero (11)	—
29	cisco systems inc.	42	1	·	·	PoC 42	firepower threat defense (17) · adaptive security appliance (14) · cisco firepower management center (7)	—
30	nvidia	42	3	·	·	×4.2	triton inference server (17) · gpu display drivers (12) · nemo (6)	—
31	qnap	42	1	·	·		qsync central (14) · file station (12) · quts hero (11)	—
32	packagist	39	4	·	3	Nuclei 3PoC 15	magento/community-edition (6) · magento/project-community-edition (6) · unopim/unopim (5)	—
33	linksys holdings, inc.	37	·	·	·	NEWPoC 34	re6300 (31) · re7000 (31) · re6250 (31)	—
34	ibm	35	1	·	·		concert software (5) · websphere application server (5) · concert (5)	—
35	shenzhen tenda technology co., ltd.	32	3	·	·	PoC 27	tenda ac20 (9) · tenda ch22 (4) · tenda ac6 v2.0 (4)	—
36	novell inc.	31	·	·	·	PoC 7	suse linux enterprise server (27) · suse linux enterprise server for sap applications (27) · suse linux enterprise desktop (27)	—
37	d-link corp.	30	7	·	·	PoC 15	dsl-7740c (9) · dir-619l (4) · dir-615 (3)	—
38	nvidia corp.	30	3	·	·	×5.0	nvidia triton inference server (17) · vgpu (11) · geforce r575 (7)	—
39	siemens	30	1	·	·		opcenter quality (7) · smartclient modules opcenter ql home (sc) (7) · soa audit (7)	—
40	dlink	29	7	·	·	PoC 15	dsl-7740c firmware (9) · dir-619l firmware (4) · dir-600 firmware (3)	—
41	jvckenwood	29	·	·	·	NEW	dmx958xr firmware (29)	—
42	kenwood	29	·	·	·	NEW	dmx958xr (29)	—
43	admerc	28	·	·	·	NEWPoC 28	apartment management system (28)	—
44	dell	28	2	·	1	Nuclei 1PoC 1	data domain operating system (5) · powerprotect data domain feature release (5) · powerprotect data domain lts 2023 (5)	—
45	sourcecodester	28	·	·	·	PoC 26	covid 19 testing management system (7) · online bank management system (5) · advanced school management system (3)	—
46	anisha	24	·	·	·	NEWPoC 24	online medicine guide (12) · wazifa system (4) · job diary (3)	—
47	libbiosig project	24	22	·	·	PoC 9	libbiosig (24)	—
48	qualcomm	24	·	·	·		wcd9380 firmware (21) · fastconnect 6900 firmware (21) · fastconnect 7800 firmware (20)	—
49	qualcomm, inc.	24	·	·	·		snapdragon (24)	—
50	the biosig project	24	22	·	·	NEWPoC 9	libbiosig (24)	—