Solution sectors / consumer-software
Consumer Software
Consumer desktop software — browsers, media players, productivity apps and utilities — is installed on hundreds of millions of machines, making it a broad attack surface. This hub tracks CVEs across it.
Cumulative CVEs
22,075
across 291 monthly snapshots
Latest month
1,401
+92.2% MoM · +266.8% YoY
Peak month
1,401
Jun 26
KEV this month
2
97 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- On-prem94%
- Mixed6%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to Consumer Software.
- CVE-2026-48315ColdFusion | Improper Input Validation (CWE-20)9.3
- CVE-2026-48281ColdFusion | Improper Input Validation (CWE-20)10.0
- CVE-2026-48277ColdFusion | Improper Input Validation (CWE-20)10.0
- CVE-2026-48285ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)8.6
- CVE-2026-48313ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)9.3
- CVE-2026-48307ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)8.8
- CVE-2026-48314ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)6.5
- CVE-2026-48276ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)10.0
- CVE-2026-48282ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)10.0
- CVE-2026-48283ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)10.0
- CVE-2026-48286Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)10.0
- CVE-2026-43716The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to...6.5
- CVE-2026-43700A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted...6.5
- CVE-2026-43720A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web cont...6.5
- CVE-2026-43721This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to silently hijac...6.5
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Top vendors
Most CVEs in this sector, latest monthly snapshot.
| Vendor | CVEs | Crit | KEV |
|---|---|---|---|
| adobe | 145 | 12 | · |
| mozilla | 50 | 8 | · |
| devolutions | 15 | · | · |
| vim | 14 | · | · |
| gnome | 12 | · | · |
| 7-zip | 9 | · | · |
| siyuan-note | 9 | 4 | · |
| mcmilk | 8 | · | · |
| павлов игорь | 8 | · | · |
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| browser | 1,049 | 72 | 2 | 8 | — | chrome (965) · firefox (47) · google chrome (43) |
| — | 130 | 20 | · | 14 | — | coldfusion (24) · adobe reader (18) · indesign (12) |
| productivity | 126 | 33 | · | 27 | — | microsoft 365 apps for enterprise (51) · microsoft office ltsc 2024 (51) · microsoft office ltsc 2021 (48) |
| file-utility | 68 | 1 | · | 32 | — | 7-zip (25) · vim (14) · yt-dlp (6) |
| media-player | 21 | 2 | · | 11 | — | lyrion music server (6) · jellyfin (4) · remotion (2) |
| gaming | 7 | · | · | 5 | — | assassin game (3) · bootimus (1) · snes9x (1) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification