month report
March 2026
Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
March 2026 closed with 6,821 published CVEs. 684 criticals, 26 added to CISA KEV (1 ransomware-linked). npm led volume, mostly via openclaw. Biggest breakout: npm at ×10.8 their 12-month median. Top weakness class — CWE-79 (765 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
6,821
— MoM— YoY
Severity mix
684 / 2,515
critical / high
KEV added
26
1 ransomware-linked
Nuclei coverage
4.0%
272 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
1.6
n=261
Within 7 days
91.2%
Within 30 days
95.8%
Days → KEV (median)
3
n=8
Detection gap
KEV pressure, no Nuclei coverage
March 2026 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 2google178 CVE
- KEV 2microsoft corp134 CVE
- KEV 2google inc61 CVE
Weakness × Vendor
What's spreading where in March 2026
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS89SQL Injection862Missing Authorization787Out-of-bounds Write22Path Traversal863Incorrect Authorization74Injection98CWE-9894Code Injection78OS Command Injectionnpm32618411046535openclaw1120371217google1537311linux8сообщество свободного программного обеспечения513655114go14361313211microsoft corp218111themerex93microsoft21211pypi103283121apple2731packagist2077231134
Breakout vendors
CVE count ≥3× their own 12-period median.
- 10.8×npm562 CVE
- 6.1×nuget43 CVE
- 5.7×google178 CVE
- 4.9×cisco69 CVE
- 3.8×mattermost34 CVE
- 3.8×linuxfoundation45 CVE
- 3.3×sourcecodester60 CVE
- 3.3×dlink65 CVE
- 3.2×google inc61 CVE
- 3.0×oretnom2333 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #2openclaw199 CVE
- #8themerex105 CVE
- #14wwbn84 CVE
- #20parse-community65 CVE
- #21parseplatform65 CVE
- #31open-emr44 CVE
- #32openemr44 CVE
- #35ancorathemes40 CVE
- #36chamilo38 CVE
- #38ahsanriaz26gmailcom36 CVE
Top vendors
Ranked by distinct CVE count this period.
- 562 CVE29 critCVSS 7.2×10.8Nuclei 5PoC 1openclaw (370) · parse-server (32) · nocodb (10)
- 199 CVE17 critCVSS 6.8NEWopenclaw (198) · voice-call (2) · nextcloud-talk (1)
- 178 CVE12 critCVSS 7.8×5.7KEV 2android (101) · chrome (75) · clasp (1)
- 178 CVE1 critCVSS 6.2linux (178) · linux kernel (158)
- 145 CVE10 critCVSS 6.8KEV 2Nuclei 2PoC 1debian gnu/linux (54) · openclaw (36) · linux (27)
- 139 CVE19 critCVSS 7.3Nuclei 4PoC 6github.com/siyuan-note/siyuan/kernel (14) · github.com/olivetin/olivetin (11) · github.com/forceu/gokapi (8)
- 134 CVE7 critCVSS 7.5KEV 2microsoft edge (45) · windows 10 22h2 (42) · windows 10 21h2 (42)
- 105 CVE13 critCVSS 8.3NEWNuclei 54aldo (1) · alliance (1) · aqualots (1)
- 99 CVE5 critCVSS 7.5windows 10 version 21h2 (43) · windows 10 version 22h2 (43) · windows 10 22h2 (42)
- 94 CVE6 critCVSS 7.0Nuclei 2PoC 2glances (10) · openssl-encrypt (5) · justhtml (4)
- 89 CVE3 critCVSS 6.0macos (79) · ios and ipados (44) · ipados (43)
- 88 CVE8 critCVSS 6.8PoC 4craftcms/cms (19) · wwbn/avideo (10) · admidio/admidio (9)
- 88 CVE14 critCVSS 8.8PoC 17f453 (17) · f453 firmware (17) · w20e firmware (9)
- 84 CVE11 critCVSS 7.1NEWNuclei 1avideo (81) · avideo-encoder (3)
- 81 CVECVSS 6.0adobe experience manager (33) · experience manager (33) · commerce (19)
- 80 CVECVSS 6.1adobe experience manager (33) · adobe commerce b2b (19) · adobe commerce (19)
- 72 CVECVSS 5.6infosphere information server (16) · sterling b2b integrator (7) · sterling file gateway (7)
- 69 CVE2 critCVSS 6.6×4.9KEV 1Nuclei 1PoC 69cisco secure firewall threat defense (ftd) software (40) · cisco secure firewall adaptive security appliance (asa) software (25) · adaptive security appliance software (22)
- 65 CVE26 critCVSS 7.4×3.3PoC 20dir-513 firmware (35) · dns-340l firmware (20) · dns-343 firmware (20)
- 65 CVE10 critCVSS 6.9NEWparse-server (65)
- 65 CVE10 critCVSS 6.9NEWparse-server (65)
- 61 CVE2 critCVSS 8.6×3.2KEV 2google chrome (61)
- 60 CVECVSS 6.5red hat enterprise linux 9 (39) · red hat enterprise linux 8 (38) · red hat enterprise linux 10 (35)
- 60 CVECVSS 6.1×3.3PoC 1sales and inventory system (20) · client database management system (4) · resort reservation system (4)
- 55 CVECVSS 5.7simple flight ticket booking system (9) · exam form submission (8) · simple laundry system (7)
- 51 CVE21 critCVSS 8.5firefox (48) · thunderbird (47) · focus for ios (1)
- 50 CVE1 critCVSS 7.3zeptoclaw (5) · aws-lc-sys (5) · vaultwarden (4)
- 48 CVECVSS 5.1discourse (48)
- 45 CVE3 critCVSS 6.3×3.8everest (18) · nats-server (13) · tekton pipelines (2)
- 44 CVECVSS 6.1PoC 6university management system (11) · payroll management system (6) · college management system (6)
- 44 CVE4 critCVSS 7.0NEWopenemr (44)
- 44 CVE4 critCVSS 7.0NEWopenemr (44)
- 43 CVECVSS 6.3×6.1magick.net-q16-anycpu (19) · magick.net-q16-hdri-anycpu (19) · magick.net-q16-hdri-openmp-arm64 (19)
- 43 CVECVSS 6.6enterprise linux (32) · openshift container platform (9) · build of keycloak (8)
- 40 CVE3 critCVSS 8.2NEWNuclei 25grit (1) · handyman (1) · honor (1)
- 38 CVE9 critCVSS 7.5NEWPoC 15chamilo-lms (38) · chamilo lms (30)
- 37 CVE1 critCVSS 5.9red hat enterprise linux (35) · openshift container platform (5) · red hat openshift container platform (4)
- 36 CVE1 critCVSS 6.3NEWsales and inventory system (31) · inventory system (5)
- 36 CVECVSS 6.4NEWiccdev (36)
- 36 CVE5 critCVSS 7.3PoC 1dns-726-4 (20) · dns-320lw (20) · dns-321 (20)
- 36 CVECVSS 6.4NEWiccdev (36)
- 34 CVE3 critCVSS 6.6NEWPoC 1craft cms (23) · cms (23) · craft commerce (7)
- 34 CVECVSS 4.9×3.8mattermost (34) · mattermost server (30) · ms teams (1)
- 33 CVE8 critCVSS 6.1×3.0PoC 15pharmacy point of sale system (9) · online food ordering system (7) · simple online men\'s salon management system (4)
- 31 CVE1 critCVSS 4.5NEWaftermarket dpc (17) · aion (10) · sametime (3)
- 30 CVECVSS 4.4aftermarket cloud (17) · aion (7) · unica (2)
- 29 CVECVSS 7.9NEWNuclei 19amfissa (1) · aviana (1) · belfort (1)
- 28 CVE12 critCVSS 8.1NEWNuclei 5siyuan (28)
- 27 CVECVSS 5.8gitlab (27)
- 26 CVE11 critCVSS 8.1NEWNuclei 4siyuan (26)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | npm | 562 | 29 | · | 5 | ×10.8Nuclei 5PoC 1 | openclaw (370) · parse-server (32) · nocodb (10) | — | |
| 2 | openclaw | 199 | 17 | · | · | NEW | openclaw (198) · voice-call (2) · nextcloud-talk (1) | — | |
| 3 | 178 | 12 | 2 | · | ×5.7KEV 2 | android (101) · chrome (75) · clasp (1) | — | ||
| 4 | linux | 178 | 1 | · | · | linux (178) · linux kernel (158) | — | ||
| 5 | сообщество свободного программного обеспечения | 145 | 10 | 2 | 2 | KEV 2Nuclei 2PoC 1 | debian gnu/linux (54) · openclaw (36) · linux (27) | — | |
| 6 | go | 139 | 19 | · | 4 | Nuclei 4PoC 6 | github.com/siyuan-note/siyuan/kernel (14) · github.com/olivetin/olivetin (11) · github.com/forceu/gokapi (8) | — | |
| 7 | microsoft corp | 134 | 7 | 2 | · | KEV 2 | microsoft edge (45) · windows 10 22h2 (42) · windows 10 21h2 (42) | — | |
| 8 | themerex | 105 | 13 | · | 54 | NEWNuclei 54 | aldo (1) · alliance (1) · aqualots (1) | — | |
| 9 | microsoft | 99 | 5 | · | · | windows 10 version 21h2 (43) · windows 10 version 22h2 (43) · windows 10 22h2 (42) | — | ||
| 10 | pypi | 94 | 6 | · | 2 | Nuclei 2PoC 2 | glances (10) · openssl-encrypt (5) · justhtml (4) | — | |
| 11 | apple | 89 | 3 | · | · | macos (79) · ios and ipados (44) · ipados (43) | — | ||
| 12 | packagist | 88 | 8 | · | · | PoC 4 | craftcms/cms (19) · wwbn/avideo (10) · admidio/admidio (9) | — | |
| 13 | tenda | 88 | 14 | · | · | PoC 17 | f453 (17) · f453 firmware (17) · w20e firmware (9) | — | |
| 14 | wwbn | 84 | 11 | · | 1 | NEWNuclei 1 | avideo (81) · avideo-encoder (3) | — | |
| 15 | adobe | 81 | · | · | · | adobe experience manager (33) · experience manager (33) · commerce (19) | — | ||
| 16 | adobe systems inc. | 80 | · | · | · | adobe experience manager (33) · adobe commerce b2b (19) · adobe commerce (19) | — | ||
| 17 | ibm | 72 | · | · | · | infosphere information server (16) · sterling b2b integrator (7) · sterling file gateway (7) | — | ||
| 18 | cisco | 69 | 2 | 1 | 1 | ×4.9KEV 1Nuclei 1PoC 69 | cisco secure firewall threat defense (ftd) software (40) · cisco secure firewall adaptive security appliance (asa) software (25) · adaptive security appliance software (22) | — | |
| 19 | dlink | 65 | 26 | · | · | ×3.3PoC 20 | dir-513 firmware (35) · dns-340l firmware (20) · dns-343 firmware (20) | — | |
| 20 | parse-community | 65 | 10 | · | · | NEW | parse-server (65) | — | |
| 21 | parseplatform | 65 | 10 | · | · | NEW | parse-server (65) | — | |
| 22 | google inc | 61 | 2 | 2 | · | ×3.2KEV 2 | google chrome (61) | — | |
| 23 | red hat | 60 | · | · | · | red hat enterprise linux 9 (39) · red hat enterprise linux 8 (38) · red hat enterprise linux 10 (35) | — | ||
| 24 | sourcecodester | 60 | · | · | · | ×3.3PoC 1 | sales and inventory system (20) · client database management system (4) · resort reservation system (4) | — | |
| 25 | code-projects | 55 | · | · | · | simple flight ticket booking system (9) · exam form submission (8) · simple laundry system (7) | — | ||
| 26 | mozilla | 51 | 21 | · | · | firefox (48) · thunderbird (47) · focus for ios (1) | — | ||
| 27 | crates.io | 50 | 1 | · | · | zeptoclaw (5) · aws-lc-sys (5) · vaultwarden (4) | — | ||
| 28 | discourse | 48 | · | · | · | discourse (48) | — | ||
| 29 | linuxfoundation | 45 | 3 | · | · | ×3.8 | everest (18) · nats-server (13) · tekton pipelines (2) | — | |
| 30 | itsourcecode | 44 | · | · | · | PoC 6 | university management system (11) · payroll management system (6) · college management system (6) | — | |
| 31 | open-emr | 44 | 4 | · | · | NEW | openemr (44) | — | |
| 32 | openemr | 44 | 4 | · | · | NEW | openemr (44) | — | |
| 33 | nuget | 43 | · | · | · | ×6.1 | magick.net-q16-anycpu (19) · magick.net-q16-hdri-anycpu (19) · magick.net-q16-hdri-openmp-arm64 (19) | — | |
| 34 | redhat | 43 | · | · | · | enterprise linux (32) · openshift container platform (9) · build of keycloak (8) | — | ||
| 35 | ancorathemes | 40 | 3 | · | 25 | NEWNuclei 25 | grit (1) · handyman (1) · honor (1) | — | |
| 36 | chamilo | 38 | 9 | · | · | NEWPoC 15 | chamilo-lms (38) · chamilo lms (30) | — | |
| 37 | red hat inc. | 37 | 1 | · | · | red hat enterprise linux (35) · openshift container platform (5) · red hat openshift container platform (4) | — | ||
| 38 | ahsanriaz26gmailcom | 36 | 1 | · | · | NEW | sales and inventory system (31) · inventory system (5) | — | |
| 39 | color | 36 | · | · | · | NEW | iccdev (36) | — | |
| 40 | d-link | 36 | 5 | · | · | PoC 1 | dns-726-4 (20) · dns-320lw (20) · dns-321 (20) | — | |
| 41 | internationalcolorconsortium | 36 | · | · | · | NEW | iccdev (36) | — | |
| 42 | craftcms | 34 | 3 | · | · | NEWPoC 1 | craft cms (23) · cms (23) · craft commerce (7) | — | |
| 43 | mattermost | 34 | · | · | · | ×3.8 | mattermost (34) · mattermost server (30) · ms teams (1) | — | |
| 44 | oretnom23 | 33 | 8 | · | · | ×3.0PoC 15 | pharmacy point of sale system (9) · online food ordering system (7) · simple online men\'s salon management system (4) | — | |
| 45 | hcl | 31 | 1 | · | · | NEW | aftermarket dpc (17) · aion (10) · sametime (3) | — | |
| 46 | hcltech | 30 | · | · | · | aftermarket cloud (17) · aion (7) · unica (2) | — | ||
| 47 | mikado-themes | 29 | · | · | 19 | NEWNuclei 19 | amfissa (1) · aviana (1) · belfort (1) | — | |
| 48 | siyuan-note | 28 | 12 | · | 5 | NEWNuclei 5 | siyuan (28) | — | |
| 49 | gitlab | 27 | · | · | · | gitlab (27) | — | ||
| 50 | b3log | 26 | 11 | · | 4 | NEWNuclei 4 | siyuan (26) | — |