August 2024
August 2024 closed with 3,024 published CVEs. 331 criticals, 19 added to CISA KEV (1 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Top weakness class — CWE-79 (517 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
August 2024 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 8microsoft144 CVE
- KEV 2ооо «русбитех-астра»258 CVE
- KEV 2ао "нппкт"230 CVE
- KEV 2google65 CVE
- KEV 2novell inc.28 CVE
What's spreading where in August 2024
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — August 2024
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #1сообщество свободного программного обеспечения410 CVE
- #2ооо «ред софт»338 CVE
- #3linux302 CVE
- #4ооо «русбитех-астра»258 CVE
- #5ао "нппкт"230 CVE
- #6canonical146 CVE
- #7microsoft144 CVE
- #8redhat121 CVE
- #9sourcecodester114 CVE
- #10adobe90 CVE
Top vendors
Ranked by distinct CVE count this period.
- 410 CVE12 critCVSS 6.0NEWKEV 2Nuclei 5PoC 12linux (303) · debian gnu/linux (268) · ofono (7)
- 338 CVE9 critCVSS 6.2NEWKEV 3Nuclei 1PoC 8ред ос (338)
- 302 CVE1 critCVSS 5.8NEWPoC 1linux (302) · linux kernel (302)
- 258 CVE5 critCVSS 6.4NEWKEV 2PoC 6astra linux special edition (249) · astra linux common edition (58) · astra linux special edition для «эльбрус» (10)
- 230 CVE3 critCVSS 6.3NEWKEV 2PoC 3осон основа оnyx (230)
- 146 CVE2 critCVSS 5.9NEWPoC 1ubuntu (146) · wpa_supplicant (1)
- 144 CVE10 critCVSS 7.7NEWKEV 8PoC 4windows server 2022 (59) · windows server 2022, 23h2 edition (server core installation) (57) · windows server 2022 (server core installation) (56)
- 121 CVECVSS 6.3NEWPoC 1red hat enterprise linux (108) · red hat enterprise linux 9 (7) · red hat enterprise linux 8 (7)
- 114 CVECVSS 5.4NEWPoC 114simple realtime quiz system (12) · car driving school management system (12) · clinics patient management system (10)
- 90 CVE1 critCVSS 6.4NEWmagento (23) · magento open source (23) · commerce (23)
- 68 CVE2 critCVSS 6.0NEWPoC 67simple realtime quiz system (12) · car driving school management system (12) · clinic\'s patient management system (10)
- 65 CVE3 critCVSS 7.4NEWKEV 2PoC 1google chrome (48) · chrome (46) · android (14)
- 62 CVE4 critCVSS 6.3NEWNuclei 4PoC 2github.com/mattermost/mattermost/server/v8 (17) · github.com/mattermost/mattermost (3) · github.com/cosmwasm/wasmd (3)
- 59 CVE14 critCVSS 8.5NEWPoC 32fh1206 firmware (23) · ax1806 firmware (11) · fh1201 firmware (11)
- 58 CVE5 critCVSS 6.6NEWPoC 1альт сп 10 (55) · альт 8 сп (15)
- 55 CVECVSS 6.0NEWPoC 1intel oneapi base toolkit (9) · oneapi base toolkit (8) · intel 600 series chipset (5)
- 49 CVE1 critCVSS 5.9NEWNuclei 2PoC 5magento/community-edition (22) · magento/project-community-edition (17) · shopware/platform (4)
- 49 CVE5 critCVSS 7.1NEWPoC 2rosa virtualization 3.0 (36) · роса кобальт (12) · rosa virtualization (7)
- 44 CVE5 critCVSS 6.2NEWNuclei 43PoC 44wp-cart-for-digital-products (3) · woocommerce customers manager (3) · chatbot with chatgpt wordpress (2)
- 42 CVE18 critCVSS 8.8NEWPoC 4school event management system (28) · school attendence monitoring system (22) · credit card (18)
- 42 CVE11 critCVSS 8.6NEWNuclei 3PoC 26x5000r firmware (12) · ex1200l (5) · ac1200 t8 (5)
- 40 CVE1 critCVSS 6.8NEWPoC 4mage-ai (5) · django (4) · ckan (3)
- 38 CVECVSS 6.2NEWPoC 34tailoring management system (5) · airline reservation system (5) · project expense monitoring system (5)
- 38 CVE8 critCVSS 7.2NEWPoC 15music management system (17) · responsive school management system (17) · live membership system (4)
- 34 CVECVSS 5.7NEWKEV 1Nuclei 1android (16) · notes (15) · wear os (1)
- 33 CVE7 critCVSS 7.3NEWNuclei 1PoC 31dnr-202l firmware (18) · dns-726-4 firmware (18) · dns-345 firmware (18)
- 33 CVECVSS 5.6NEWsamsung mobile devices (17) · samsung notes (15) · samsung email (1)
- 32 CVE4 critCVSS 6.9NEWNuclei 3PoC 2directus (3) · elliptic (3) · flowise (2)
- 32 CVECVSS 7.6NEWwcd9380 firmware (31) · qca6698aq firmware (31) · fastconnect 6900 firmware (31)
- 32 CVECVSS 7.7NEWsnapdragon (32)
- 31 CVECVSS 6.0NEWqradar suite software (4) · db2 (4) · db2 for linux, unix and windows (4)
- 30 CVECVSS 6.3NEWamd radeon™ pro w6000 series graphics cards (9) · amd radeon™ rx 6000 series graphics cards (9) · amd ryzen™ embedded r1000 series processors (8)
- 28 CVE2 critCVSS 6.4NEWKEV 2opensuse leap (24) · opensuse tumbleweed (23) · suse package hub (16)
- 27 CVE8 critCVSS 7.5NEWNuclei 1PoC 2org.openhab.ui.bundles:org.openhab.ui.cometvisu (4) · org.apache.dolphinscheduler:dolphinscheduler (2) · org.apache.linkis:linkis (2)
- 25 CVE1 critCVSS 8.4NEWPoC 16tenda fh1206 (9) · tenda fh1201 (4) · tenda o6 (3)
- 24 CVECVSS 7.0NEWPoC 24dns-726-4 (21) · dns-343 (21) · dns-345 (21)
- 24 CVE2 critCVSS 7.0NEWNuclei 1PoC 1sinec traffic analyzer (5) · sinec nms (5) · omnivise t3000 application server (4)
- 23 CVE5 critCVSS 8.6NEWcms netcat extra (23)
- 21 CVE3 critCVSS 7.5NEWPoC 19nx-os (7) · cisco nx-os software (7) · cisco small business spa300 series ip phones (5)
- 21 CVECVSS 5.0NEWmattermost (21) · mattermost server (8) · mattermost channel export (1)
- 20 CVE4 critCVSS 7.5NEWKEV 1Nuclei 2PoC 1dolphinscheduler (3) · linkis (2) · hertzbeat (2)
- 20 CVECVSS 6.4NEWPoC 2emc idrac service module (5) · idrac service module (ism) (5) · poweredge t440 firmware (2)
- 20 CVECVSS 7.9NEWadaudit plus (13) · endpoint central (2) · exchange reporter plus (1)
- 20 CVE1 critCVSS 7.2NEWnetiq advance authentication (6) · arcsight intelligence (3) · performance center (2)
- 20 CVECVSS 8.0NEWmanageengine adaudit plus (13) · manageengine supportcenter plus (2) · manageengine servicedesk plus (2)
- 18 CVE4 critCVSS 7.3NEWKEV 1Nuclei 2PoC 1apache dolphinscheduler (3) · apache cloudstack (2) · apache answer (2)
- 18 CVE2 critCVSS 7.9NEWfirefox (18) · firefox esr (12) · thunderbird (10)
- 17 CVECVSS 6.5NEWPoC 17airline reservation system (5) · placement management system (4) · tailoring management system (4)
- 17 CVECVSS 6.7NEWNuclei 1PoC 16pharmacy management system (4) · job portal (3) · online quiz site (2)
- 17 CVE1 critCVSS 5.5NEWsap business objects business intelligence platform (4) · business objects business intelligence platform (4) · sap netweaver as abap (2)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 410 | 12 | 2 | 5 | NEWKEV 2Nuclei 5PoC 12 | linux (303) · debian gnu/linux (268) · ofono (7) | — | |
| 2 | ооо «ред софт» | 338 | 9 | 3 | 1 | NEWKEV 3Nuclei 1PoC 8 | ред ос (338) | — | |
| 3 | linux | 302 | 1 | · | · | NEWPoC 1 | linux (302) · linux kernel (302) | — | |
| 4 | ооо «русбитех-астра» | 258 | 5 | 2 | · | NEWKEV 2PoC 6 | astra linux special edition (249) · astra linux common edition (58) · astra linux special edition для «эльбрус» (10) | — | |
| 5 | ао "нппкт" | 230 | 3 | 2 | · | NEWKEV 2PoC 3 | осон основа оnyx (230) | — | |
| 6 | canonical | 146 | 2 | · | · | NEWPoC 1 | ubuntu (146) · wpa_supplicant (1) | — | |
| 7 | microsoft | 144 | 10 | 8 | · | NEWKEV 8PoC 4 | windows server 2022 (59) · windows server 2022, 23h2 edition (server core installation) (57) · windows server 2022 (server core installation) (56) | — | |
| 8 | redhat | 121 | · | · | · | NEWPoC 1 | red hat enterprise linux (108) · red hat enterprise linux 9 (7) · red hat enterprise linux 8 (7) | — | |
| 9 | sourcecodester | 114 | · | · | · | NEWPoC 114 | simple realtime quiz system (12) · car driving school management system (12) · clinics patient management system (10) | — | |
| 10 | adobe | 90 | 1 | · | · | NEW | magento (23) · magento open source (23) · commerce (23) | — | |
| 11 | oretnom23 | 68 | 2 | · | · | NEWPoC 67 | simple realtime quiz system (12) · car driving school management system (12) · clinic\'s patient management system (10) | — | |
| 12 | 65 | 3 | 2 | · | NEWKEV 2PoC 1 | google chrome (48) · chrome (46) · android (14) | — | ||
| 13 | go | 62 | 4 | · | 4 | NEWNuclei 4PoC 2 | github.com/mattermost/mattermost/server/v8 (17) · github.com/mattermost/mattermost (3) · github.com/cosmwasm/wasmd (3) | — | |
| 14 | tenda | 59 | 14 | · | · | NEWPoC 32 | fh1206 firmware (23) · ax1806 firmware (11) · fh1201 firmware (11) | — | |
| 15 | ао «ивк» | 58 | 5 | · | · | NEWPoC 1 | альт сп 10 (55) · альт 8 сп (15) | — | |
| 16 | intel | 55 | · | · | · | NEWPoC 1 | intel oneapi base toolkit (9) · oneapi base toolkit (8) · intel 600 series chipset (5) | — | |
| 17 | packagist | 49 | 1 | · | 2 | NEWNuclei 2PoC 5 | magento/community-edition (22) · magento/project-community-edition (17) · shopware/platform (4) | — | |
| 18 | ао «нтц ит роса» | 49 | 5 | · | · | NEWPoC 2 | rosa virtualization 3.0 (36) · роса кобальт (12) · rosa virtualization (7) | — | |
| 19 | unknown | 44 | 5 | · | 43 | NEWNuclei 43PoC 44 | wp-cart-for-digital-products (3) · woocommerce customers manager (3) · chatbot with chatgpt wordpress (2) | — | |
| 20 | janobe | 42 | 18 | · | · | NEWPoC 4 | school event management system (28) · school attendence monitoring system (22) · credit card (18) | — | |
| 21 | totolink | 42 | 11 | · | 3 | NEWNuclei 3PoC 26 | x5000r firmware (12) · ex1200l (5) · ac1200 t8 (5) | — | |
| 22 | pypi | 40 | 1 | · | · | NEWPoC 4 | mage-ai (5) · django (4) · ckan (3) | — | |
| 23 | itsourcecode | 38 | · | · | · | NEWPoC 34 | tailoring management system (5) · airline reservation system (5) · project expense monitoring system (5) | — | |
| 24 | lopalopa | 38 | 8 | · | · | NEWPoC 15 | music management system (17) · responsive school management system (17) · live membership system (4) | — | |
| 25 | samsung | 34 | · | 1 | 1 | NEWKEV 1Nuclei 1 | android (16) · notes (15) · wear os (1) | — | |
| 26 | dlink | 33 | 7 | · | 1 | NEWNuclei 1PoC 31 | dnr-202l firmware (18) · dns-726-4 firmware (18) · dns-345 firmware (18) | — | |
| 27 | samsung mobile | 33 | · | · | · | NEW | samsung mobile devices (17) · samsung notes (15) · samsung email (1) | — | |
| 28 | npm | 32 | 4 | · | 3 | NEWNuclei 3PoC 2 | directus (3) · elliptic (3) · flowise (2) | — | |
| 29 | qualcomm | 32 | · | · | · | NEW | wcd9380 firmware (31) · qca6698aq firmware (31) · fastconnect 6900 firmware (31) | — | |
| 30 | qualcomm, inc. | 32 | · | · | · | NEW | snapdragon (32) | — | |
| 31 | ibm | 31 | · | · | · | NEW | qradar suite software (4) · db2 (4) · db2 for linux, unix and windows (4) | — | |
| 32 | amd | 30 | · | · | · | NEW | amd radeon™ pro w6000 series graphics cards (9) · amd radeon™ rx 6000 series graphics cards (9) · amd ryzen™ embedded r1000 series processors (8) | — | |
| 33 | novell inc. | 28 | 2 | 2 | · | NEWKEV 2 | opensuse leap (24) · opensuse tumbleweed (23) · suse package hub (16) | — | |
| 34 | maven | 27 | 8 | · | 1 | NEWNuclei 1PoC 2 | org.openhab.ui.bundles:org.openhab.ui.cometvisu (4) · org.apache.dolphinscheduler:dolphinscheduler (2) · org.apache.linkis:linkis (2) | — | |
| 35 | shenzhen tenda technology co., ltd. | 25 | 1 | · | · | NEWPoC 16 | tenda fh1206 (9) · tenda fh1201 (4) · tenda o6 (3) | — | |
| 36 | d-link | 24 | · | · | · | NEWPoC 24 | dns-726-4 (21) · dns-343 (21) · dns-345 (21) | — | |
| 37 | siemens | 24 | 2 | · | 1 | NEWNuclei 1PoC 1 | sinec traffic analyzer (5) · sinec nms (5) · omnivise t3000 application server (4) | — | |
| 38 | ооо «неткэт» | 23 | 5 | · | · | NEW | cms netcat extra (23) | — | |
| 39 | cisco | 21 | 3 | · | · | NEWPoC 19 | nx-os (7) · cisco nx-os software (7) · cisco small business spa300 series ip phones (5) | — | |
| 40 | mattermost | 21 | · | · | · | NEW | mattermost (21) · mattermost server (8) · mattermost channel export (1) | — | |
| 41 | apache | 20 | 4 | 1 | 2 | NEWKEV 1Nuclei 2PoC 1 | dolphinscheduler (3) · linkis (2) · hertzbeat (2) | — | |
| 42 | dell | 20 | · | · | · | NEWPoC 2 | emc idrac service module (5) · idrac service module (ism) (5) · poweredge t440 firmware (2) | — | |
| 43 | manageengine | 20 | · | · | · | NEW | adaudit plus (13) · endpoint central (2) · exchange reporter plus (1) | — | |
| 44 | opentext | 20 | 1 | · | · | NEW | netiq advance authentication (6) · arcsight intelligence (3) · performance center (2) | — | |
| 45 | zohocorp | 20 | · | · | · | NEW | manageengine adaudit plus (13) · manageengine supportcenter plus (2) · manageengine servicedesk plus (2) | — | |
| 46 | apache software foundation | 18 | 4 | 1 | 2 | NEWKEV 1Nuclei 2PoC 1 | apache dolphinscheduler (3) · apache cloudstack (2) · apache answer (2) | — | |
| 47 | mozilla | 18 | 2 | · | · | NEW | firefox (18) · firefox esr (12) · thunderbird (10) | — | |
| 48 | angeljudesuarez | 17 | · | · | · | NEWPoC 17 | airline reservation system (5) · placement management system (4) · tailoring management system (4) | — | |
| 49 | code-projects | 17 | · | · | 1 | NEWNuclei 1PoC 16 | pharmacy management system (4) · job portal (3) · online quiz site (2) | — | |
| 50 | sap | 17 | 1 | · | · | NEW | sap business objects business intelligence platform (4) · business objects business intelligence platform (4) · sap netweaver as abap (2) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins842 CVE118 crit3 KEV469 vendorsCVSS 7.7cms netcat extra (23) · pligg cms (16) · car driving school management system (12)
- Operating Systems726 CVE268 crit280 KEV34 vendorsCVSS 7.8linux (605) · ред ос (338) · linux kernel (302)
- Enterprise Software601 CVE196 crit8 KEV114 vendorsCVSS 8.1zabbix (16) · adaudit plus (13) · manageengine adaudit plus (13)
- OSS Libraries313 CVE27 crit70 vendorsCVSS 7.5github.com/mattermost/mattermost/server/v8 (17) · github.com/casdoor/casdoor (3) · github.com/cilium/cilium (3)
- Networking Infrastructure249 CVE286 crit3 KEV56 vendorsCVSS 7.8fh1206 firmware (23) · dnr-202l firmware (18) · dnr-322l firmware (18)
- Hardware Firmware182 CVE43 crit37 vendorsCVSS 7.6amd radeon™ pro w6000 series graphics cards (9) · amd radeon™ rx 6000 series graphics cards (9) · intel oneapi base toolkit (9)
- Consumer Software155 CVE19 crit2 KEV37 vendorsCVSS 8.6adobe commerce (46) · adobe experience manager (26) · commerce (23)
- Security Products126 CVE21 crit4 KEV49 vendorsCVSS 8.1netiq advanced authentication (6) · vynamic security suite (6) · casdoor (5)
- Mobile Apps114 CVE8 crit5 KEV8 vendorsCVSS 9.6google chrome (48) · chrome (46) · android (30)
- ICS / OT / IoT93 CVE33 crit2 KEV50 vendorsCVSS 8.1guardlogix 5580 (5) · microscada x sys600 (5) · twincat/bsd (5)
- Communications77 CVE5 crit22 KEV30 vendorsCVSS 8.1mattermost (21) · mattermost server (8) · olm (3)
- Cloud & SaaS64 CVE16 crit37 vendorsCVSS 7.2caterease (11) · bus ticket reservation system (6) · meetinghub paperless meetings (4)
- DevTools & CI49 CVE7 crit26 vendorsCVSS 8.3gitlab (26) · github enterprise server (6) · enterprise server (3)
- Databases32 CVE1 crit19 vendorsCVSS 6.9ckan (3) · dream report (2) · dream report 2023 (2)
- AI / ML26 CVE5 crit19 vendorsCVSS 8.3llama.cpp (6) · open webui (4) · anythingllm (1)
- Unclassified201 CVE32 crit118 vendorsCVSS 6.9dnr-202l (21) · dnr-322l (21) · dnr-326 (21)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 6 | 842 | 118 | 3 | 469 | 618 | 7.7 | cms netcat extra (23) · pligg cms (16) · car driving school management system (12) |
| Operating Systems▸ 5 | 726 | 268 | 280 | 34 | 285 | 7.8 | linux (605) · ред ос (338) · linux kernel (302) |
| Enterprise Software▸ 7 | 601 | 196 | 8 | 114 | 914 | 8.1 | zabbix (16) · adaudit plus (13) · manageengine adaudit plus (13) |
| OSS Libraries▸ 10 | 313 | 27 | · | 70 | 244 | 7.5 | github.com/mattermost/mattermost/server/v8 (17) · github.com/casdoor/casdoor (3) · github.com/cilium/cilium (3) |
| Networking Infrastructure▸ 6 | 249 | 286 | 3 | 56 | 325 | 7.8 | fh1206 firmware (23) · dnr-202l firmware (18) · dnr-322l firmware (18) |
| Hardware Firmware▸ 5 | 182 | 43 | · | 37 | 1,791 | 7.6 | amd radeon™ pro w6000 series graphics cards (9) · amd radeon™ rx 6000 series graphics cards (9) · intel oneapi base toolkit (9) |
| Consumer Software▸ 5 | 155 | 19 | 2 | 37 | 86 | 8.6 | adobe commerce (46) · adobe experience manager (26) · commerce (23) |
| Security Products▸ 6 | 126 | 21 | 4 | 49 | 120 | 8.1 | netiq advanced authentication (6) · vynamic security suite (6) · casdoor (5) |
| Mobile Apps▸ 3 | 114 | 8 | 5 | 8 | 19 | 9.6 | google chrome (48) · chrome (46) · android (30) |
| ICS / OT / IoT▸ 5 | 93 | 33 | 2 | 50 | 212 | 8.1 | guardlogix 5580 (5) · microscada x sys600 (5) · twincat/bsd (5) |
| Communications▸ 4 | 77 | 5 | 22 | 30 | 86 | 8.1 | mattermost (21) · mattermost server (8) · olm (3) |
| Cloud & SaaS▸ 5 | 64 | 16 | · | 37 | 51 | 7.2 | caterease (11) · bus ticket reservation system (6) · meetinghub paperless meetings (4) |
| DevTools & CI▸ 5 | 49 | 7 | · | 26 | 30 | 8.3 | gitlab (26) · github enterprise server (6) · enterprise server (3) |
| Databases▸ 4 | 32 | 1 | · | 19 | 32 | 6.9 | ckan (3) · dream report (2) · dream report 2023 (2) |
| AI / ML▸ 5 | 26 | 5 | · | 19 | 20 | 8.3 | llama.cpp (6) · open webui (4) · anythingllm (1) |
| Unclassified | 201 | 32 | · | 118 | 156 | 6.9 | dnr-202l (21) · dnr-322l (21) · dnr-326 (21) |
Which weaknesses hit which solution categories in August 2024
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.