month report

November 2025

Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

November 2025 closed with 3,194 published CVEs. 269 criticals, 11 added to CISA KEV. сообщество свободного программного обеспечения led volume, mostly via linux. Top weakness class — CWE-79 (432 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

3,194

— MoM— YoY

Severity mix

269 / 966

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

21.2%

676 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

115.7

n=676

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

n=10

Detection gap

KEV pressure, no Nuclei coverage

November 2025 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3microsoft corp105 CVE
KEV 2microsoft74 CVE
KEV 1apple113 CVE
KEV 1google76 CVE
KEV 1google inc66 CVE
KEV 1ао "нппкт"54 CVE

Weakness × Vendor

What's spreading where in November 2025

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#39advantech22 CVE
#45huawei technologies co., ltd.19 CVE
#47dbbroadcast18 CVE
#51mediatek18 CVE
#55advantech co., ltd17 CVE
#63openwrt16 CVE
#65canaldenuncia15 CVE
#66desktopalert15 CVE
#69db electronica telecomunicazioni s.p.a.14 CVE
#76revive13 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
173 CVE5 critCVSS 5.9
Nuclei 1PoC 11
linux (97) · debian gnu/linux (95) · wpe webkit (11)
2ооо «русбитех-астра»—
164 CVE7 critCVSS 6.6
KEV 1Nuclei 1PoC 12
astra linux special edition (160) · astra linux common edition (61) · пк "ald pro" (1)
3ооо «ред софт»—
114 CVE4 critCVSS 6.3
KEV 1Nuclei 1PoC 14
ред ос (101) · ред база данных (13)
4apple—
113 CVECVSS 5.7
KEV 1PoC 1
macos (94) · ios and ipados (72) · ipados (69)
5microsoft corp—
105 CVE4 critCVSS 7.2
KEV 3PoC 1
windows 11 25h2 (36) · windows 11 24h2 (36) · windows 11 23h2 (35)
6linux—
104 CVECVSS 5.6
linux (104) · linux kernel (2)
7google—
76 CVECVSS 6.5
KEV 1PoC 7
chrome (66) · android (8) · osv-scalibr (1)
8microsoft—
74 CVE5 critCVSS 7.3
KEV 2PoC 1
windows 11 24h2 (36) · windows 11 25h2 (36) · windows 11 version 24h2 (36)
9go—
70 CVE5 critCVSS 6.1
PoC 10
github.com/mattermost/mattermost/server/v8 (10) · github.com/mattermost/mattermost-server (10) · kubevirt.io/kubevirt (7)
10red hat inc.—
67 CVE1 critCVSS 5.9
PoC 5
red hat enterprise linux (64) · red hat openshift container platform (10) · libvirt (2)
11google inc—
66 CVECVSS 6.5
KEV 1PoC 7
google chrome (65) · android (1)
12npm—
57 CVE8 critCVSS 7.1
KEV 1Nuclei 2PoC 14
astro (6) · directus (4) · node-forge (3)
13ао "нппкт"—
54 CVE1 critCVSS 6.9
KEV 1PoC 1
осон основа оnyx (54)
14ао «ивк»—
48 CVE1 critCVSS 6.2
PoC 3
альт 8 сп (26) · альт сп 10 (24)
15pypi—
47 CVE4 critCVSS 6.9
Nuclei 1PoC 11
pgadmin4 (4) · trytond (3) · vllm (3)
16ibm—
40 CVE3 critCVSS 6.4
db2 (9) · concert (7) · cloud pak for business automation (4)
17packagist—
39 CVE1 critCVSS 5.7
Nuclei 1PoC 16
mantisbt/mantisbt (4) · phppgadmin/phppgadmin (4) · drupal/core (4)
18code-projects—
38 CVECVSS 6.1
PoC 37
student information system (6) · responsive hotel site (6) · simple online hotel reservation system (4)
19canonical ltd.—
34 CVE2 critCVSS 6.1
PoC 1
ubuntu (34)
20sourcecodester—
34 CVECVSS 5.8
PoC 33
train station ticketing system (4) · best house rental management system (4) · baby care system (2)
21ао «сбертех»—
34 CVE1 critCVSS 6.4
PoC 7
platform v sberlinux os server (33) · субд «platform v pangolin db» (2)
22itsourcecode—
32 CVECVSS 6.9
PoC 32
inventory management system (7) · web-based internet laboratory management system (5) · covid tracking system (5)
23maven—
30 CVE2 critCVSS 6.6
KEV 1Nuclei 1PoC 6
org.geoserver:gs-wms (2) · org.geoserver.web:gs-web-app (2) · lsfusion.platform:web-client (2)
24phpgurukul—
30 CVE1 critCVSS 6.0
PoC 28
student record system (9) · online shopping portal (7) · complaint management system (5)
25adobe—
29 CVECVSS 7.3
format plugins (9) · illustrator on ipad (5) · substance3d - stager (4)
26adobe systems inc.—
29 CVECVSS 7.3
adobe format plugins (9) · adobe illustrator on ipad (5) · adobe indesign (4)
27apple inc.—
29 CVECVSS 5.8
ios (28) · ipados (28) · visionos (17)
28fabian—
29 CVECVSS 5.7
PoC 28
student information system (6) · responsive hotel site (6) · simple cafe ordering system (4)
29dell—
28 CVE3 critCVSS 7.5
controlvault3 plus (8) · controlvault3 (8) · cloudlink (7)
30dlink—
28 CVE2 critCVSS 8.0
PoC 22
dwr-m920 firmware (9) · dir-822k firmware (7) · dir-882 firmware (4)
31d-link corp.—
28 CVE2 critCVSS 8.0
PoC 22
dwr-m920 (9) · dir-822k (8) · dir-816l (4)
32nvidia—
27 CVE1 critCVSS 6.2
dgx spark (14) · dgx os (14) · nemo framework (4)
33red hat—
26 CVE1 critCVSS 7.1
PoC 3
red hat enterprise linux 9 (14) · red hat enterprise linux 10 (13) · red hat enterprise linux 8 (13)
34mediatek, inc.—
25 CVECVSS 6.4
mt6890, mt7615, mt7622, mt7663, mt7915, mt7916, mt7981, mt7986 (12) · mt2735, mt2737, mt6739, mt6761, mt6762, mt6762d, mt6762m, mt6763, mt6765, mt6765t, mt6767, mt6768, mt6769, mt6769k, mt6769s, mt6769t, mt6769z, mt6771, mt6813, mt6833, mt6833p, mt6835, mt6835t, mt6853, mt6853t, mt6855, mt6855t, mt6873, mt6875, mt6875t, mt6877, mt6877t, mt6877tt, mt6878, mt6878m, mt6879, mt6880, mt6883, mt6885, mt6886, mt6889, mt6890, mt6891, mt6893, mt6895, mt6895tt, mt6896, mt6897, mt6899, mt6980, mt6980d, mt6983, mt6983t, mt6985, mt6985t, mt6989, mt6989t, mt6990, mt6991, mt8666, mt8667, mt8673, mt8675, mt8676, mt8678, mt8765, mt8766, mt8766r, mt8768, mt8771, mt8786, mt8788, mt8788e, mt8791, mt8791t, mt8792, mt8793, mt8795t, mt8797, mt8798, mt8863, mt8873, mt8883, mt8893 (2) · mt2718, mt2737, mt6835, mt6878, mt6886, mt6897, mt6899, mt6982, mt6985, mt6986, mt6986d, mt6989, mt6990, mt6991, mt8676, mt8678, mt8755, mt8893 (2)
35nvidia corp.—
25 CVE1 critCVSS 6.3
nvidia dgx os (13) · nvidia nemo (3) · aistore (2)
36tenda—
25 CVE1 critCVSS 7.9
PoC 14
ac21 firmware (8) · ax3 firmware (4) · ac21 (3)
37samsung—
24 CVE1 critCVSS 6.9
exynos 1380 firmware (13) · exynos 2400 firmware (10) · exynos 2200 firmware (9)
38campcodes—
23 CVECVSS 6.0
PoC 22
school fees payment management system (8) · supplier management system (5) · retro basketball shoes online store (4)
39advantech—
22 CVE2 critCVSS 7.1
NEWPoC 1
webaccess\/vpn (12) · webaccess/vpn (12) · iview (5)
40shenzhen tenda technology co., ltd.—
22 CVE1 critCVSS 7.5
PoC 13
tenda ac21 (8) · tenda ax3 (4) · ax1803 (2)
41intel—
21 CVECVSS 5.8
computing improvement program (11) · quickassist technology (10)
42apache—
19 CVE1 critCVSS 6.4
openoffice (7) · cloudstack (2) · kvrocks (2)
43apache software foundation—
19 CVE1 critCVSS 6.4
apache openoffice (7) · openoffice (7) · apache ofbiz (2)
44huawei—
19 CVE1 critCVSS 6.5
harmonyos (19) · emui (3)
45huawei technologies co., ltd.—
19 CVE1 critCVSS 6.5
NEW
harmonyos (19) · emui (3)
46unknown—
19 CVE3 critCVSS 7.2
Nuclei 19PoC 10
ace user management (1) · age-restriction (1) · attention-bar (1)
47dbbroadcast—
18 CVE11 critCVSS 8.5
NEWPoC 18
mozart dds next 1000 firmware (17) · mozart dds next 100 firmware (17) · mozart dds next 2000 firmware (17)
48fedora project—
18 CVECVSS 5.9
fedora (18) · fedora epel (18)
49fortinet—
18 CVE1 critCVSS 5.8
KEV 2Nuclei 1PoC 1
forticlientwindows (3) · fortiweb (3) · fortiadc (3)
50fortinet inc.—
18 CVE1 critCVSS 5.8
KEV 2Nuclei 1PoC 1
fortiadc (3) · forticlient windows (3) · fortios (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	173	5	·	1	Nuclei 1PoC 11	linux (97) · debian gnu/linux (95) · wpe webkit (11)	—
2	ооо «русбитех-астра»	164	7	1	1	KEV 1Nuclei 1PoC 12	astra linux special edition (160) · astra linux common edition (61) · пк "ald pro" (1)	—
3	ооо «ред софт»	114	4	1	1	KEV 1Nuclei 1PoC 14	ред ос (101) · ред база данных (13)	—
4	apple	113	·	1	·	KEV 1PoC 1	macos (94) · ios and ipados (72) · ipados (69)	—
5	microsoft corp	105	4	3	·	KEV 3PoC 1	windows 11 25h2 (36) · windows 11 24h2 (36) · windows 11 23h2 (35)	—
6	linux	104	·	·	·		linux (104) · linux kernel (2)	—
7	google	76	·	1	·	KEV 1PoC 7	chrome (66) · android (8) · osv-scalibr (1)	—
8	microsoft	74	5	2	·	KEV 2PoC 1	windows 11 24h2 (36) · windows 11 25h2 (36) · windows 11 version 24h2 (36)	—
9	go	70	5	·	·	PoC 10	github.com/mattermost/mattermost/server/v8 (10) · github.com/mattermost/mattermost-server (10) · kubevirt.io/kubevirt (7)	—
10	red hat inc.	67	1	·	·	PoC 5	red hat enterprise linux (64) · red hat openshift container platform (10) · libvirt (2)	—
11	google inc	66	·	1	·	KEV 1PoC 7	google chrome (65) · android (1)	—
12	npm	57	8	1	2	KEV 1Nuclei 2PoC 14	astro (6) · directus (4) · node-forge (3)	—
13	ао "нппкт"	54	1	1	·	KEV 1PoC 1	осон основа оnyx (54)	—
14	ао «ивк»	48	1	·	·	PoC 3	альт 8 сп (26) · альт сп 10 (24)	—
15	pypi	47	4	·	1	Nuclei 1PoC 11	pgadmin4 (4) · trytond (3) · vllm (3)	—
16	ibm	40	3	·	·		db2 (9) · concert (7) · cloud pak for business automation (4)	—
17	packagist	39	1	·	1	Nuclei 1PoC 16	mantisbt/mantisbt (4) · phppgadmin/phppgadmin (4) · drupal/core (4)	—
18	code-projects	38	·	·	·	PoC 37	student information system (6) · responsive hotel site (6) · simple online hotel reservation system (4)	—
19	canonical ltd.	34	2	·	·	PoC 1	ubuntu (34)	—
20	sourcecodester	34	·	·	·	PoC 33	train station ticketing system (4) · best house rental management system (4) · baby care system (2)	—
21	ао «сбертех»	34	1	·	·	PoC 7	platform v sberlinux os server (33) · субд «platform v pangolin db» (2)	—
22	itsourcecode	32	·	·	·	PoC 32	inventory management system (7) · web-based internet laboratory management system (5) · covid tracking system (5)	—
23	maven	30	2	1	1	KEV 1Nuclei 1PoC 6	org.geoserver:gs-wms (2) · org.geoserver.web:gs-web-app (2) · lsfusion.platform:web-client (2)	—
24	phpgurukul	30	1	·	·	PoC 28	student record system (9) · online shopping portal (7) · complaint management system (5)	—
25	adobe	29	·	·	·		format plugins (9) · illustrator on ipad (5) · substance3d - stager (4)	—
26	adobe systems inc.	29	·	·	·		adobe format plugins (9) · adobe illustrator on ipad (5) · adobe indesign (4)	—
27	apple inc.	29	·	·	·		ios (28) · ipados (28) · visionos (17)	—
28	fabian	29	·	·	·	PoC 28	student information system (6) · responsive hotel site (6) · simple cafe ordering system (4)	—
29	dell	28	3	·	·		controlvault3 plus (8) · controlvault3 (8) · cloudlink (7)	—
30	dlink	28	2	·	·	PoC 22	dwr-m920 firmware (9) · dir-822k firmware (7) · dir-882 firmware (4)	—
31	d-link corp.	28	2	·	·	PoC 22	dwr-m920 (9) · dir-822k (8) · dir-816l (4)	—
32	nvidia	27	1	·	·		dgx spark (14) · dgx os (14) · nemo framework (4)	—
33	red hat	26	1	·	·	PoC 3	red hat enterprise linux 9 (14) · red hat enterprise linux 10 (13) · red hat enterprise linux 8 (13)	—
34	mediatek, inc.	25	·	·	·		mt6890, mt7615, mt7622, mt7663, mt7915, mt7916, mt7981, mt7986 (12) · mt2735, mt2737, mt6739, mt6761, mt6762, mt6762d, mt6762m, mt6763, mt6765, mt6765t, mt6767, mt6768, mt6769, mt6769k, mt6769s, mt6769t, mt6769z, mt6771, mt6813, mt6833, mt6833p, mt6835, mt6835t, mt6853, mt6853t, mt6855, mt6855t, mt6873, mt6875, mt6875t, mt6877, mt6877t, mt6877tt, mt6878, mt6878m, mt6879, mt6880, mt6883, mt6885, mt6886, mt6889, mt6890, mt6891, mt6893, mt6895, mt6895tt, mt6896, mt6897, mt6899, mt6980, mt6980d, mt6983, mt6983t, mt6985, mt6985t, mt6989, mt6989t, mt6990, mt6991, mt8666, mt8667, mt8673, mt8675, mt8676, mt8678, mt8765, mt8766, mt8766r, mt8768, mt8771, mt8786, mt8788, mt8788e, mt8791, mt8791t, mt8792, mt8793, mt8795t, mt8797, mt8798, mt8863, mt8873, mt8883, mt8893 (2) · mt2718, mt2737, mt6835, mt6878, mt6886, mt6897, mt6899, mt6982, mt6985, mt6986, mt6986d, mt6989, mt6990, mt6991, mt8676, mt8678, mt8755, mt8893 (2)	—
35	nvidia corp.	25	1	·	·		nvidia dgx os (13) · nvidia nemo (3) · aistore (2)	—
36	tenda	25	1	·	·	PoC 14	ac21 firmware (8) · ax3 firmware (4) · ac21 (3)	—
37	samsung	24	1	·	·		exynos 1380 firmware (13) · exynos 2400 firmware (10) · exynos 2200 firmware (9)	—
38	campcodes	23	·	·	·	PoC 22	school fees payment management system (8) · supplier management system (5) · retro basketball shoes online store (4)	—
39	advantech	22	2	·	·	NEWPoC 1	webaccess\/vpn (12) · webaccess/vpn (12) · iview (5)	—
40	shenzhen tenda technology co., ltd.	22	1	·	·	PoC 13	tenda ac21 (8) · tenda ax3 (4) · ax1803 (2)	—
41	intel	21	·	·	·		computing improvement program (11) · quickassist technology (10)	—
42	apache	19	1	·	·		openoffice (7) · cloudstack (2) · kvrocks (2)	—
43	apache software foundation	19	1	·	·		apache openoffice (7) · openoffice (7) · apache ofbiz (2)	—
44	huawei	19	1	·	·		harmonyos (19) · emui (3)	—
45	huawei technologies co., ltd.	19	1	·	·	NEW	harmonyos (19) · emui (3)	—
46	unknown	19	3	·	19	Nuclei 19PoC 10	ace user management (1) · age-restriction (1) · attention-bar (1)	—
47	dbbroadcast	18	11	·	·	NEWPoC 18	mozart dds next 1000 firmware (17) · mozart dds next 100 firmware (17) · mozart dds next 2000 firmware (17)	—
48	fedora project	18	·	·	·		fedora (18) · fedora epel (18)	—
49	fortinet	18	1	2	1	KEV 2Nuclei 1PoC 1	forticlientwindows (3) · fortiweb (3) · fortiadc (3)	—
50	fortinet inc.	18	1	2	1	KEV 2Nuclei 1PoC 1	fortiadc (3) · forticlient windows (3) · fortios (3)	—