month report
April 2026
Data as of Jun 4, 2026, 13:26 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
April 2026 closed with 6,439 published CVEs. 607 criticals, 31 added to CISA KEV (7 ransomware-linked). linux led volume, mostly via linux. Top weakness class — CWE-79 (620 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
6,439
— MoM— YoY
Severity mix
607 / 2,244
critical / high
KEV added
31
7 ransomware-linked
Nuclei coverage
0.7%
45 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
7.0
n=38
Within 7 days
50.0%
Within 30 days
89.5%
Days → KEV (median)
5
n=10
Detection gap
KEV pressure, no Nuclei coverage
April 2026 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 3microsoft184 CVE
- KEV 3microsoft corp139 CVE
- KEV 1linux379 CVE
- KEV 1google147 CVE
- KEV 1google inc85 CVE
- KEV 1adobe54 CVE
- KEV 1adobe systems inc.54 CVE
- KEV 1redhat51 CVE
Weakness × Vendor
What's spreading where in April 2026
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS89SQL Injection22Path Traversal862Missing Authorization78OS Command Injection918SSRF416Use After Free74Injection94Code Injection77Command Injectionlinux56npm8321201025264microsoft2265512openclaw6118google58microsoft corp22472oracle corporationoracletotolink6984code-projects2548114825tenda53612apache software foundation2121141
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #4openclaw174 CVE
- #27mervinpraison44 CVE
- #28praison44 CVE
- #29uutils44 CVE
- #30wireshark42 CVE
- #31wireshark foundation42 CVE
- #32churchcrm38 CVE
- #34endian34 CVE
- #37chamilo31 CVE
- #38wwbn31 CVE
Top vendors
Ranked by distinct CVE count this period.
- 379 CVE29 critCVSS 6.8KEV 1linux (379) · linux kernel (374)
- 309 CVEopenclaw (204) · flowise (24) · flowise-components (11)
- 184 CVE15 critCVSS 7.2KEV 3windows server 2025 (server core installation) (121) · windows server 2025 (121) · windows server 2022, 23h2 edition (server core installation) (119)
- 174 CVE2 critCVSS 6.3NEWopenclaw (174)
- 147 CVE9 critCVSS 7.6KEV 1chrome (145) · android (2)
- 139 CVE2 critCVSS 7.2KEV 3windows server 2025 (server core installation) (102) · windows server 2025 (101) · windows 11 24h2 (100)
- 102 CVE5 critCVSS 5.9mysql server (25) · oracle java se (9) · oracle vm virtualbox (9)
- 101 CVE5 critCVSS 5.9mysql server (25) · vm virtualbox (9) · jdk (9)
- 94 CVE63 critCVSS 8.8a7100ru (40) · a8000ru (24) · a3300r firmware (21)
- 91 CVECVSS 5.8simple laundry system (14) · vehicle showroom management system (12) · simple it discussion forum (10)
- 87 CVE6 critCVSS 8.4f456 (27) · f456 firmware (22) · f451 (18)
- 86 CVE11 critCVSS 7.3KEV 1Nuclei 4apache airflow (14) · apache tomcat (10) · apache thrift (8)
- 85 CVE3 critCVSS 7.4KEV 1google chrome (85)
- 84 CVE11 critCVSS 7.3KEV 1Nuclei 4airflow (15) · tomcat (10) · camel (9)
- 70 CVE2 critCVSS 6.6Nuclei 1red hat enterprise linux 9 (38) · red hat enterprise linux 8 (37) · red hat enterprise linux 7 (32)
- 62 CVEgithub.com/lin-snow/ech0 (7) · github.com/patrickhener/goshs/v2 (6) · github.com/kyverno/kyverno (6)
- 58 CVEpraisonai (8) · praisonaiagents (7) · openssl-encrypt (5)
- 57 CVEwwbn/avideo (20) · froxlor/froxlor (6) · pocketmine/pocketmine-mp (5)
- 54 CVE6 critCVSS 7.3KEV 1adobe framemaker (11) · framemaker (11) · indesign (9)
- 54 CVE7 critCVSS 7.3KEV 1adobe framemaker (11) · adobe connect (9) · adobe connect desktop application (9)
- 54 CVECVSS 5.6pizzafy ecommerce system (21) · pharmacy sales and inventory system (20) · record management system (2)
- 52 CVE1 critCVSS 6.7di-8003 firmware (28) · dir-605l firmware (6) · di-8300 firmware (3)
- 52 CVE8 critCVSS 7.5firefox (51) · thunderbird (50) · thin-vec (1)
- 51 CVECVSS 6.3KEV 1enterprise linux (23) · openshift container platform (12) · hardened images (12)
- 48 CVE1 critCVSS 6.3verify identity access container (10) · security verify access container (10) · security verify access (10)
- 45 CVECVSS 5.7data domain operating system (27) · powerprotect data domain (24) · powerprotect dp series appliance (17)
- 44 CVE14 critCVSS 8.1NEWpraisonai (37) · praisonaiagents (10)
- 44 CVE14 critCVSS 8.1NEWpraisonai (35) · praisonaiagents (12)
- 44 CVECVSS 4.9NEWcoreutils (44)
- 42 CVECVSS 5.7NEWwireshark (42)
- 42 CVECVSS 5.7NEWwireshark (42)
- 38 CVE4 critCVSS 7.9NEWNuclei 1crm (38) · churchcrm (29)
- 38 CVE5 critCVSS 8.1exynos 1480 firmware (11) · exynos 1280 firmware (11) · exynos 1330 firmware (11)
- 34 CVECVSS 6.9NEWendian firewall (34) · firewall community (34)
- 33 CVE5 critCVSS 7.4Nuclei 2debian gnu/linux (10) · linux (9) · cups (5)
- 32 CVE6 critCVSS 6.4PoC 32cisco unified computing system (standalone) (10) · cisco unified computing system e-series software (ucse) (9) · cisco enterprise nfv infrastructure software (8)
- 31 CVE3 critCVSS 7.2NEWchamilo lms (31) · chamilo-lms (31)
- 31 CVE3 critCVSS 6.6NEWavideo (31)
- 28 CVE3 critCVSS 6.2KEV 1Nuclei 2fortisoar (8) · fortisoar paas (8) · fortisoar on-premise (8)
- 27 CVECVSS 7.5di-8003 (25) · di-8003g (1) · dir-513 (1)
- 27 CVE1 critCVSS 6.9PoC 27junos os (19) · junos os evolved (9) · jsi lwc (2)
- 26 CVE1 critCVSS 6.0NEWKEV 1spring boot (8) · spring security (6) · spring ai (5)
- 24 CVE3 critCVSS 6.1KEV 1Nuclei 2fortisoar on-premise (7) · fortisoar paas (7) · fortisandbox (6)
- 24 CVE4 critCVSS 7.1construction management system (12) · online student enrollment system (4) · online enrollment system (2)
- 23 CVE1 critCVSS 6.2dir-605l (6) · dir-513 (3) · dns-321 (2)
- 23 CVE5 critCVSS 7.2NEWwolfssl (22) · wolfssh (1)
- 22 CVE11 critCVSS 7.9NEWci4ms (22)
- 22 CVE4 critCVSS 7.0NEWfreescout (22)
- 22 CVECVSS 5.8gitlab (22)
- 22 CVECVSS 5.3NEWdnsdist (11) · recursor (9) · authoritative (6)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | linux | 379 | 29 | 1 | · | KEV 1 | linux (379) · linux kernel (374) | — | |
| 2 | npm | 309 | · | · | · | openclaw (204) · flowise (24) · flowise-components (11) | — | ||
| 3 | microsoft | 184 | 15 | 3 | · | KEV 3 | windows server 2025 (server core installation) (121) · windows server 2025 (121) · windows server 2022, 23h2 edition (server core installation) (119) | — | |
| 4 | openclaw | 174 | 2 | · | · | NEW | openclaw (174) | — | |
| 5 | 147 | 9 | 1 | · | KEV 1 | chrome (145) · android (2) | — | ||
| 6 | microsoft corp | 139 | 2 | 3 | · | KEV 3 | windows server 2025 (server core installation) (102) · windows server 2025 (101) · windows 11 24h2 (100) | — | |
| 7 | oracle corporation | 102 | 5 | · | · | mysql server (25) · oracle java se (9) · oracle vm virtualbox (9) | — | ||
| 8 | oracle | 101 | 5 | · | · | mysql server (25) · vm virtualbox (9) · jdk (9) | — | ||
| 9 | totolink | 94 | 63 | · | · | a7100ru (40) · a8000ru (24) · a3300r firmware (21) | — | ||
| 10 | code-projects | 91 | · | · | · | simple laundry system (14) · vehicle showroom management system (12) · simple it discussion forum (10) | — | ||
| 11 | tenda | 87 | 6 | · | · | f456 (27) · f456 firmware (22) · f451 (18) | — | ||
| 12 | apache software foundation | 86 | 11 | 1 | 4 | KEV 1Nuclei 4 | apache airflow (14) · apache tomcat (10) · apache thrift (8) | — | |
| 13 | google inc | 85 | 3 | 1 | · | KEV 1 | google chrome (85) | — | |
| 14 | apache | 84 | 11 | 1 | 4 | KEV 1Nuclei 4 | airflow (15) · tomcat (10) · camel (9) | — | |
| 15 | red hat | 70 | 2 | · | 1 | Nuclei 1 | red hat enterprise linux 9 (38) · red hat enterprise linux 8 (37) · red hat enterprise linux 7 (32) | — | |
| 16 | go | 62 | · | · | · | github.com/lin-snow/ech0 (7) · github.com/patrickhener/goshs/v2 (6) · github.com/kyverno/kyverno (6) | — | ||
| 17 | pypi | 58 | · | · | · | praisonai (8) · praisonaiagents (7) · openssl-encrypt (5) | — | ||
| 18 | packagist | 57 | · | · | · | wwbn/avideo (20) · froxlor/froxlor (6) · pocketmine/pocketmine-mp (5) | — | ||
| 19 | adobe | 54 | 6 | 1 | · | KEV 1 | adobe framemaker (11) · framemaker (11) · indesign (9) | — | |
| 20 | adobe systems inc. | 54 | 7 | 1 | · | KEV 1 | adobe framemaker (11) · adobe connect (9) · adobe connect desktop application (9) | — | |
| 21 | sourcecodester | 54 | · | · | · | pizzafy ecommerce system (21) · pharmacy sales and inventory system (20) · record management system (2) | — | ||
| 22 | dlink | 52 | 1 | · | · | di-8003 firmware (28) · dir-605l firmware (6) · di-8300 firmware (3) | — | ||
| 23 | mozilla | 52 | 8 | · | · | firefox (51) · thunderbird (50) · thin-vec (1) | — | ||
| 24 | redhat | 51 | · | 1 | · | KEV 1 | enterprise linux (23) · openshift container platform (12) · hardened images (12) | — | |
| 25 | ibm | 48 | 1 | · | · | verify identity access container (10) · security verify access container (10) · security verify access (10) | — | ||
| 26 | dell | 45 | · | · | · | data domain operating system (27) · powerprotect data domain (24) · powerprotect dp series appliance (17) | — | ||
| 27 | mervinpraison | 44 | 14 | · | · | NEW | praisonai (37) · praisonaiagents (10) | — | |
| 28 | praison | 44 | 14 | · | · | NEW | praisonai (35) · praisonaiagents (12) | — | |
| 29 | uutils | 44 | · | · | · | NEW | coreutils (44) | — | |
| 30 | wireshark | 42 | · | · | · | NEW | wireshark (42) | — | |
| 31 | wireshark foundation | 42 | · | · | · | NEW | wireshark (42) | — | |
| 32 | churchcrm | 38 | 4 | · | 1 | NEWNuclei 1 | crm (38) · churchcrm (29) | — | |
| 33 | samsung | 38 | 5 | · | · | exynos 1480 firmware (11) · exynos 1280 firmware (11) · exynos 1330 firmware (11) | — | ||
| 34 | endian | 34 | · | · | · | NEW | endian firewall (34) · firewall community (34) | — | |
| 35 | сообщество свободного программного обеспечения | 33 | 5 | · | 2 | Nuclei 2 | debian gnu/linux (10) · linux (9) · cups (5) | — | |
| 36 | cisco | 32 | 6 | · | · | PoC 32 | cisco unified computing system (standalone) (10) · cisco unified computing system e-series software (ucse) (9) · cisco enterprise nfv infrastructure software (8) | — | |
| 37 | chamilo | 31 | 3 | · | · | NEW | chamilo lms (31) · chamilo-lms (31) | — | |
| 38 | wwbn | 31 | 3 | · | · | NEW | avideo (31) | — | |
| 39 | fortinet | 28 | 3 | 1 | 2 | KEV 1Nuclei 2 | fortisoar (8) · fortisoar paas (8) · fortisoar on-premise (8) | — | |
| 40 | d-link corp. | 27 | · | · | · | di-8003 (25) · di-8003g (1) · dir-513 (1) | — | ||
| 41 | juniper networks | 27 | 1 | · | · | PoC 27 | junos os (19) · junos os evolved (9) · jsi lwc (2) | — | |
| 42 | vmware | 26 | 1 | 1 | · | NEWKEV 1 | spring boot (8) · spring security (6) · spring ai (5) | — | |
| 43 | fortinet inc. | 24 | 3 | 1 | 2 | KEV 1Nuclei 2 | fortisoar on-premise (7) · fortisoar paas (7) · fortisandbox (6) | — | |
| 44 | itsourcecode | 24 | 4 | · | · | construction management system (12) · online student enrollment system (4) · online enrollment system (2) | — | ||
| 45 | d-link | 23 | 1 | · | · | dir-605l (6) · dir-513 (3) · dns-321 (2) | — | ||
| 46 | wolfssl | 23 | 5 | · | · | NEW | wolfssl (22) · wolfssh (1) | — | |
| 47 | ci4-cms-erp | 22 | 11 | · | · | NEW | ci4ms (22) | — | |
| 48 | freescout-help-desk | 22 | 4 | · | · | NEW | freescout (22) | — | |
| 49 | gitlab | 22 | · | · | · | gitlab (22) | — | ||
| 50 | powerdns | 22 | · | · | · | NEW | dnsdist (11) · recursor (9) · authoritative (6) | — |