September 2024
September 2024 closed with 2,594 published CVEs — -9.4% YoY . 241 criticals, 25 added to CISA KEV (3 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: qnap at ×3.3 their 12-month median. Top weakness class — CWE-79 (414 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
September 2024 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 4microsoft107 CVE
What's spreading where in September 2024
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — September 2024
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #17draytek38 CVE
- #20open networking foundation (onf)37 CVE
- #38gotenna19 CVE
- #43veeam18 CVE
- #44veeam software ag17 CVE
- #51acquia13 CVE
- #52mautic13 CVE
- #58mindsdb12 CVE
- #61planet12 CVE
- #62planet technology12 CVE
Top vendors
Ranked by distinct CVE count this period.
- 366 CVE8 critCVSS 6.2Nuclei 4PoC 26linux (282) · debian gnu/linux (220) · mindsdb (6)
- 277 CVECVSS 6.0PoC 2linux (277) · linux kernel (277)
- 243 CVE7 critCVSS 6.4Nuclei 1PoC 15astra linux special edition (242) · astra linux common edition (23) · astra linux special edition для «эльбрус» (8)
- 240 CVE5 critCVSS 6.3Nuclei 1PoC 7осон основа оnyx (240)
- 223 CVE4 critCVSS 6.3Nuclei 1PoC 14ред ос (216) · ред база данных (7)
- 170 CVE8 critCVSS 6.2Nuclei 2PoC 12red hat enterprise linux (149) · red hat enterprise linux 10 (15) · red hat enterprise linux 9 (14)
- 130 CVECVSS 5.9Nuclei 1PoC 4ubuntu (129) · anbox cloud (1)
- 107 CVE3 critCVSS 7.5KEV 4PoC 5windows server 2022, 23h2 edition (server core installation) (38) · windows server 2022 (38) · windows server 2022 23h2 (38)
- 91 CVE2 critCVSS 5.7macos (74) · iphone os (35) · ios and ipados (35)
- 78 CVE3 critCVSS 5.7Nuclei 77PoC 76wp multitasking (5) · music request manager (3) · starbox (2)
- 67 CVE2 critCVSS 6.8PoC 9альт сп 10 (53) · альт 8 сп (38)
- 60 CVE1 critCVSS 7.1PoC 6android (28) · chrome (26) · google chrome (25)
- 53 CVE8 critCVSS 7.2Nuclei 4PoC 17mindsdb (12) · micropython-copy (3) · micropython-io (3)
- 50 CVECVSS 5.2PoC 42food ordering management system (6) · best house rental management system (6) · online railway reservation system (5)
- 47 CVE2 critCVSS 6.3PoC 9lunary (4) · mattermost-desktop (3) · agnai (3)
- 40 CVE6 critCVSS 6.9Nuclei 5PoC 5github.com/nvidia/nvidia-container-toolkit (4) · github.com/zitadel/zitadel/v2 (3) · github.com/hashicorp/vault (2)
- 38 CVECVSS 7.5NEWvigor3910 firmware (36) · vigor 3910 (5) · vigor 2766 (2)
- 38 CVE4 critCVSS 7.3Nuclei 4PoC 6org.keycloak:keycloak-services (6) · org.keycloak:keycloak-core (4) · org.xwiki.platform:xwiki-platform-notifications-ui (2)
- 37 CVECVSS 6.1libfluid msg (37)
- 37 CVECVSS 6.1NEWlibfluid (37)
- 36 CVE1 critCVSS 6.3Nuclei 2PoC 3mautic/core (14) · mautic/core-lib (5) · concrete5/concrete5 (4)
- 36 CVECVSS 5.4android (19) · exynos 1380 firmware (9) · exynos 850 firmware (9)
- 32 CVE1 critCVSS 7.2KEV 1Nuclei 2PoC 30cisco ios xe software (10) · ios xe (10) · cisco ios xr software (9)
- 29 CVE1 critCVSS 7.0illustrator 2023 (5) · illustrator (5) · media encoder (5)
- 26 CVECVSS 6.7×3.3Nuclei 1quts hero (16) · qts (16) · qutscloud (4)
- 25 CVECVSS 6.3Nuclei 3PoC 24student record system (4) · blood bank system (4) · crud operation system (3)
- 25 CVE1 critCVSS 5.6PoC 24food ordering management system (6) · railway reservation system (5) · online eyewear shop (4)
- 25 CVECVSS 5.3samsung mobile devices (19) · samsung notes (4) · group sharing (1)
- 24 CVE2 critCVSS 7.4KEV 2Nuclei 1PoC 1endpoint manager (16) · ivanti endpoint manager (16) · epm (11)
- 22 CVECVSS 5.8raid web console (9) · intel raid web console (9) · intel xeon processor d family (7)
- 22 CVE3 critCVSS 5.3simatic rf186ci firmware (6) · simatic reader rf685r arib (6) · simatic reader rf685r arib firmware (6)
- 21 CVE2 critCVSS 5.8Nuclei 1PoC 7gitlab (21)
- 21 CVE1 critCVSS 6.0aspera faspex (3) · webmethods integration (3) · mq (2)
- 21 CVECVSS 7.5fastconnect 7800 firmware (21) · wsa8835 firmware (21) · wsa8830 firmware (21)
- 21 CVECVSS 7.7snapdragon (21)
- 20 CVE10 critCVSS 8.8Nuclei 1PoC 9covr-x1870 (5) · dir-x5460a1 (5) · dir-x4860 firmware (5)
- 20 CVECVSS 4.7sap netweaver application server for abap and abap platform (8) · sap business warehouse (bex analyzer) (1) · sap for oil & gas (1)
- 19 CVECVSS 5.4NEWpro (10) · gotenna pro (10) · pro atak plugin (9)
- 19 CVE5 critCVSS 6.6PoC 17best house rental management system (10) · advocate office management system (4) · modern loan management system (2)
- 19 CVE2 critCVSS 6.6Nuclei 1PoC 4rosa virtualization 3.0 (10) · роса хром (7) · роса кобальт (2)
- 18 CVECVSS 5.2emui (18) · harmonyos (18)
- 18 CVE1 critCVSS 5.6PoC 2opensuse leap (14) · suse linux enterprise server for sap applications (11) · suse linux enterprise high performance computing (10)
- 18 CVE3 critCVSS 8.0NEW×3.0KEV 1Nuclei 1PoC 1veeam backup \& replication (6) · backup and recovery (6) · one (6)
- 17 CVE3 critCVSS 8.1NEWKEV 1Nuclei 1PoC 1veeam one (6) · veeam backup & replication (6) · veeam service provider console (vspc) (4)
- 16 CVE2 critCVSS 7.1Nuclei 2PoC 9camaleon_cms (7) · decidim (1) · decidim-admin (1)
- 15 CVE2 critCVSS 6.0atp series firmware (7) · atp (7) · zld (7)
- 14 CVE2 critCVSS 7.3KEV 1Nuclei 2ofbiz (2) · airflow (2) · druid (2)
- 14 CVE2 critCVSS 7.5KEV 1Nuclei 2apache ofbiz (2) · apache druid (2) · ofbiz (2)
- 14 CVECVSS 6.4insightiq (5) · powerscale insightiq (5) · smartfabric os10 (4)
- 14 CVE5 critCVSS 8.3firefox (12) · thunderbird (9) · firefox esr (9)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 366 | 8 | · | 4 | Nuclei 4PoC 26 | linux (282) · debian gnu/linux (220) · mindsdb (6) | · | |
| 2 | linux | 277 | · | · | · | PoC 2 | linux (277) · linux kernel (277) | ↑1 | |
| 3 | ооо «русбитех-астра» | 243 | 7 | · | 1 | Nuclei 1PoC 15 | astra linux special edition (242) · astra linux common edition (23) · astra linux special edition для «эльбрус» (8) | ↑1 | |
| 4 | ао "нппкт" | 240 | 5 | · | 1 | Nuclei 1PoC 7 | осон основа оnyx (240) | ↑1 | |
| 5 | ооо «ред софт» | 223 | 4 | · | 1 | Nuclei 1PoC 14 | ред ос (216) · ред база данных (7) | ↓3 | |
| 6 | redhat | 170 | 8 | · | 2 | Nuclei 2PoC 12 | red hat enterprise linux (149) · red hat enterprise linux 10 (15) · red hat enterprise linux 9 (14) | ↑2 | |
| 7 | canonical | 130 | · | · | 1 | Nuclei 1PoC 4 | ubuntu (129) · anbox cloud (1) | ↓1 | |
| 8 | microsoft | 107 | 3 | 4 | · | KEV 4PoC 5 | windows server 2022, 23h2 edition (server core installation) (38) · windows server 2022 (38) · windows server 2022 23h2 (38) | ↓1 | |
| 9 | apple | 91 | 2 | · | · | macos (74) · iphone os (35) · ios and ipados (35) | — | ||
| 10 | unknown | 78 | 3 | · | 77 | Nuclei 77PoC 76 | wp multitasking (5) · music request manager (3) · starbox (2) | ↑9 | |
| 11 | ао «ивк» | 67 | 2 | · | · | PoC 9 | альт сп 10 (53) · альт 8 сп (38) | ↑4 | |
| 12 | 60 | 1 | · | · | PoC 6 | android (28) · chrome (26) · google chrome (25) | · | ||
| 13 | pypi | 53 | 8 | · | 4 | Nuclei 4PoC 17 | mindsdb (12) · micropython-copy (3) · micropython-io (3) | ↑9 | |
| 14 | sourcecodester | 50 | · | · | · | PoC 42 | food ordering management system (6) · best house rental management system (6) · online railway reservation system (5) | ↓5 | |
| 15 | npm | 47 | 2 | · | · | PoC 9 | lunary (4) · mattermost-desktop (3) · agnai (3) | ↑13 | |
| 16 | go | 40 | 6 | · | 5 | Nuclei 5PoC 5 | github.com/nvidia/nvidia-container-toolkit (4) · github.com/zitadel/zitadel/v2 (3) · github.com/hashicorp/vault (2) | ↓3 | |
| 17 | draytek | 38 | · | · | · | NEW | vigor3910 firmware (36) · vigor 3910 (5) · vigor 2766 (2) | — | |
| 18 | maven | 38 | 4 | · | 4 | Nuclei 4PoC 6 | org.keycloak:keycloak-services (6) · org.keycloak:keycloak-core (4) · org.xwiki.platform:xwiki-platform-notifications-ui (2) | ↑16 | |
| 19 | opennetworking | 37 | · | · | · | libfluid msg (37) | — | ||
| 20 | open networking foundation (onf) | 37 | · | · | · | NEW | libfluid (37) | — | |
| 21 | packagist | 36 | 1 | · | 2 | Nuclei 2PoC 3 | mautic/core (14) · mautic/core-lib (5) · concrete5/concrete5 (4) | ↓4 | |
| 22 | samsung | 36 | · | · | · | android (19) · exynos 1380 firmware (9) · exynos 850 firmware (9) | ↑3 | ||
| 23 | cisco | 32 | 1 | 1 | 2 | KEV 1Nuclei 2PoC 30 | cisco ios xe software (10) · ios xe (10) · cisco ios xr software (9) | ↑16 | |
| 24 | adobe | 29 | 1 | · | · | illustrator 2023 (5) · illustrator (5) · media encoder (5) | ↓14 | ||
| 25 | qnap | 26 | · | · | 1 | ×3.3Nuclei 1 | quts hero (16) · qts (16) · qutscloud (4) | — | |
| 26 | code-projects | 25 | · | · | 3 | Nuclei 3PoC 24 | student record system (4) · blood bank system (4) · crud operation system (3) | ↑23 | |
| 27 | oretnom23 | 25 | 1 | · | · | PoC 24 | food ordering management system (6) · railway reservation system (5) · online eyewear shop (4) | ↓16 | |
| 28 | samsung mobile | 25 | · | · | · | samsung mobile devices (19) · samsung notes (4) · group sharing (1) | ↓1 | ||
| 29 | ivanti | 24 | 2 | 2 | 1 | KEV 2Nuclei 1PoC 1 | endpoint manager (16) · ivanti endpoint manager (16) · epm (11) | ↑30 | |
| 30 | intel | 22 | · | · | · | raid web console (9) · intel raid web console (9) · intel xeon processor d family (7) | ↓14 | ||
| 31 | siemens | 22 | 3 | · | · | simatic rf186ci firmware (6) · simatic reader rf685r arib (6) · simatic reader rf685r arib firmware (6) | ↑6 | ||
| 32 | gitlab | 21 | 2 | · | 1 | Nuclei 1PoC 7 | gitlab (21) | ↑22 | |
| 33 | ibm | 21 | 1 | · | · | aspera faspex (3) · webmethods integration (3) · mq (2) | ↓2 | ||
| 34 | qualcomm | 21 | · | · | · | fastconnect 7800 firmware (21) · wsa8835 firmware (21) · wsa8830 firmware (21) | ↓5 | ||
| 35 | qualcomm, inc. | 21 | · | · | · | snapdragon (21) | ↓5 | ||
| 36 | dlink | 20 | 10 | · | 1 | Nuclei 1PoC 9 | covr-x1870 (5) · dir-x5460a1 (5) · dir-x4860 firmware (5) | ↓10 | |
| 37 | sap_se | 20 | · | · | · | sap netweaver application server for abap and abap platform (8) · sap business warehouse (bex analyzer) (1) · sap for oil & gas (1) | ↑14 | ||
| 38 | gotenna | 19 | · | · | · | NEW | pro (10) · gotenna pro (10) · pro atak plugin (9) | — | |
| 39 | mayurik | 19 | 5 | · | · | PoC 17 | best house rental management system (10) · advocate office management system (4) · modern loan management system (2) | ↑19 | |
| 40 | ао «нтц ит роса» | 19 | 2 | · | 1 | Nuclei 1PoC 4 | rosa virtualization 3.0 (10) · роса хром (7) · роса кобальт (2) | ↓22 | |
| 41 | huawei | 18 | · | · | · | emui (18) · harmonyos (18) | ↑36 | ||
| 42 | novell inc. | 18 | 1 | · | · | PoC 2 | opensuse leap (14) · suse linux enterprise server for sap applications (11) · suse linux enterprise high performance computing (10) | ↓9 | |
| 43 | veeam | 18 | 3 | 1 | 1 | NEW×3.0KEV 1Nuclei 1PoC 1 | veeam backup \& replication (6) · backup and recovery (6) · one (6) | — | |
| 44 | veeam software ag | 17 | 3 | 1 | 1 | NEWKEV 1Nuclei 1PoC 1 | veeam one (6) · veeam backup & replication (6) · veeam service provider console (vspc) (4) | — | |
| 45 | rubygems | 16 | 2 | · | 2 | Nuclei 2PoC 9 | camaleon_cms (7) · decidim (1) · decidim-admin (1) | ↑73 | |
| 46 | zyxel | 15 | 2 | · | · | atp series firmware (7) · atp (7) · zld (7) | — | ||
| 47 | apache | 14 | 2 | 1 | 2 | KEV 1Nuclei 2 | ofbiz (2) · airflow (2) · druid (2) | ↓6 | |
| 48 | apache software foundation | 14 | 2 | 1 | 2 | KEV 1Nuclei 2 | apache ofbiz (2) · apache druid (2) · ofbiz (2) | ↓2 | |
| 49 | dell | 14 | · | · | · | insightiq (5) · powerscale insightiq (5) · smartfabric os10 (4) | ↓7 | ||
| 50 | mozilla | 14 | 5 | · | · | firefox (12) · thunderbird (9) · firefox esr (9) | ↓3 |
Sectors
Solution categories ranked by distinct CVE count this period.
- Operating Systems650 CVE79 crit189 KEV36 vendorsCVSS 8.6linux (559) · linux kernel (277) · astra linux special edition (242)
- Web & CMS Plugins539 CVE71 crit3 KEV349 vendorsCVSS 7.3the ultimate wordpress toolkit – wp extended (7) · wp extended (7) · wp multitasking (6)
- OSS Libraries361 CVE37 crit67 vendorsCVSS 7.3libfluid (37) · node (8) · node.js (8)
- Enterprise Software321 CVE76 crit93 vendorsCVSS 9.3checkmk (9) · active iq unified manager (5) · insightiq (5)
- Networking Infrastructure255 CVE148 crit3 KEV51 vendorsCVSS 8.1vigor3910 firmware (36) · gs-4210-24p2s firmware (12) · gs-4210-24p2s hardware 3.0 (12)
- Mobile Apps209 CVE6 crit10 vendorsCVSS 9.9android (47) · chrome (26) · google chrome (25)
- Hardware Firmware144 CVE33 crit38 vendorsCVSS 7.9intel raid web console (9) · raid web console (9) · intel xeon processor d family (7)
- Security Products121 CVE25 crit6 KEV64 vendorsCVSS 7.4endpoint manager (16) · ivanti endpoint manager (16) · epm (11)
- Cloud & SaaS112 CVE22 crit11 KEV59 vendorsCVSS 8.0mautic (26) · easytest online test platform (12) · emias os (5)
- ICS / OT / IoT104 CVE47 crit10 KEV45 vendorsCVSS 9.1openplc v3 firmware (5) · openplc_v3 (5) · adam-5630 (4)
- Consumer Software80 CVE33 crit35 vendorsCVSS 8.1navisworks (12) · navisworks freedom (6) · navisworks manage (6)
- DevTools & CI61 CVE10 crit24 vendorsCVSS 7.7gitlab (31) · backstage (3) · enterprise server (2)
- Communications54 CVE4 crit20 vendorsCVSS 8.7gotenna pro (10) · pro (10) · mattermost (9)
- AI / ML51 CVE11 crit30 vendorsCVSS 8.3mindsdb (12) · berriai/litellm (1) · litellm (1)
- Databases19 CVE7 crit16 vendorsCVSS 8.0oracle exadata (2) · tidb (2) · ibm cloud pak for multicloud management monitoring (1)
- Unclassified183 CVE28 crit137 vendorsCVSS 6.6enms (6) · nacpremium (6) · dir-x4860 a1 (5)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Operating Systems▸ 5 | 650 | 79 | 189 | 36 | 328 | 8.6 | linux (559) · linux kernel (277) · astra linux special edition (242) |
| Web & CMS Plugins▸ 6 | 539 | 71 | 3 | 349 | 477 | 7.3 | the ultimate wordpress toolkit – wp extended (7) · wp extended (7) · wp multitasking (6) |
| OSS Libraries▸ 9 | 361 | 37 | · | 67 | 268 | 7.3 | libfluid (37) · node (8) · node.js (8) |
| Enterprise Software▸ 7 | 321 | 76 | · | 93 | 350 | 9.3 | checkmk (9) · active iq unified manager (5) · insightiq (5) |
| Networking Infrastructure▸ 6 | 255 | 148 | 3 | 51 | 374 | 8.1 | vigor3910 firmware (36) · gs-4210-24p2s firmware (12) · gs-4210-24p2s hardware 3.0 (12) |
| Mobile Apps▸ 3 | 209 | 6 | · | 10 | 59 | 9.9 | android (47) · chrome (26) · google chrome (25) |
| Hardware Firmware▸ 5 | 144 | 33 | · | 38 | 1,279 | 7.9 | intel raid web console (9) · raid web console (9) · intel xeon processor d family (7) |
| Security Products▸ 6 | 121 | 25 | 6 | 64 | 145 | 7.4 | endpoint manager (16) · ivanti endpoint manager (16) · epm (11) |
| Cloud & SaaS▸ 5 | 112 | 22 | 11 | 59 | 85 | 8.0 | mautic (26) · easytest online test platform (12) · emias os (5) |
| ICS / OT / IoT▸ 5 | 104 | 47 | 10 | 45 | 311 | 9.1 | openplc v3 firmware (5) · openplc_v3 (5) · adam-5630 (4) |
| Consumer Software▸ 5 | 80 | 33 | · | 35 | 65 | 8.1 | navisworks (12) · navisworks freedom (6) · navisworks manage (6) |
| DevTools & CI▸ 4 | 61 | 10 | · | 24 | 27 | 7.7 | gitlab (31) · backstage (3) · enterprise server (2) |
| Communications▸ 4 | 54 | 4 | · | 20 | 27 | 8.7 | gotenna pro (10) · pro (10) · mattermost (9) |
| AI / ML▸ 5 | 51 | 11 | · | 30 | 35 | 8.3 | mindsdb (12) · berriai/litellm (1) · litellm (1) |
| Databases▸ 4 | 19 | 7 | · | 16 | 18 | 8.0 | oracle exadata (2) · tidb (2) · ibm cloud pak for multicloud management monitoring (1) |
| Unclassified | 183 | 28 | · | 137 | 290 | 6.6 | enms (6) · nacpremium (6) · dir-x4860 a1 (5) |
Which weaknesses hit which solution categories in September 2024
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.