October 2024
October 2024 closed with 3,667 published CVEs — +32.7% YoY . 364 criticals, 17 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: cisco at ×4.5 their 12-month median. Top weakness class — CWE-79 (735 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
October 2024 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 3microsoft152 CVE
- KEV 2ivanti13 CVE
- KEV 1ооо «русбитех-астра»312 CVE
- KEV 1ао "нппкт"306 CVE
- KEV 1ао «ивк»130 CVE
- KEV 1cisco94 CVE
- KEV 1mozilla28 CVE
- KEV 1qualcomm20 CVE
What's spreading where in October 2024
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — October 2024
Breakout vendors
CVE count ≥3× their own 12-period median.
- 4.5×cisco94 CVE
- 4.2×dlink55 CVE
- 3.7×novell inc.100 CVE
- 3.1×phpgurukul40 CVE
- 3.0×mitel networks corp.15 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #27draytek29 CVE
- #33esafenet24 CVE
- #36codezips21 CVE
- #41mitel17 CVE
- #47mitel networks corp.15 CVE
- #55gradio12 CVE
- #61funadmin11 CVE
- #76sharp corporation9 CVE
- #77solidigm9 CVE
- #78toshibatec9 CVE
Top vendors
Ranked by distinct CVE count this period.
- 542 CVE19 critCVSS 6.3KEV 2Nuclei 5PoC 30linux (419) · debian gnu/linux (365) · ollama (4)
- 415 CVE1 critCVSS 6.1linux (415) · linux kernel (415)
- 312 CVE7 critCVSS 6.4KEV 1PoC 7astra linux special edition (308) · astra linux common edition (52) · astra linux special edition для «эльбрус» (5)
- 306 CVE7 critCVSS 6.3KEV 1PoC 9осон основа оnyx (306)
- 302 CVE6 critCVSS 6.2KEV 1Nuclei 2PoC 16ред ос (302)
- 234 CVECVSS 6.1PoC 4ubuntu (229) · juju (3) · authd (2)
- 212 CVE5 critCVSS 6.4Nuclei 1PoC 5red hat enterprise linux (181) · red hat enterprise linux 8 (11) · red hat enterprise linux 9 (11)
- 152 CVE2 critCVSS 7.4KEV 3PoC 5windows server 2022, 23h2 edition (server core installation) (87) · windows server 2022 23h2 (87) · windows server 2019 (server core installation) (80)
- 130 CVE2 critCVSS 5.9KEV 1PoC 2альт 8 сп (109) · альт сп 10 (45)
- 100 CVE1 critCVSS 5.7×3.7PoC 1opensuse leap (82) · suse linux enterprise desktop (76) · suse linux enterprise server for sap applications (76)
- 94 CVE4 critCVSS 6.7×4.5KEV 1PoC 94cisco firepower threat defense software (25) · secure firewall management center (25) · firepower threat defense (25)
- 88 CVE2 critCVSS 5.9mysql (28) · mysql server (25) · e-business suite (17)
- 84 CVE3 critCVSS 6.0macos (67) · ios and ipados (41) · iphone os (40)
- 78 CVE5 critCVSS 7.2PoC 3android (49) · google chrome (22) · chrome (21)
- 72 CVE4 critCVSS 5.9Nuclei 1PoC 9magento/community-edition (20) · funadmin/funadmin (11) · librenms/librenms (6)
- 65 CVE4 critCVSS 6.5Nuclei 3PoC 4github.com/rancher/rancher (6) · github.com/juju/juju (6) · github.com/mattermost/mattermost/server/v8 (5)
- 55 CVE2 critCVSS 8.4×4.2PoC 40dir-605l (21) · dir-605l firmware (21) · dir-619l (18)
- 54 CVE1 critCVSS 6.1magento (22) · commerce (22) · adobe commerce (22)
- 53 CVE9 critCVSS 6.9Nuclei 2PoC 10@saltcorn/server (5) · dompurify (2) · @openc3/tool-common (2)
- 45 CVE8 critCVSS 6.9PoC 11gradio (13) · lollms (3) · open-webui (3)
- 44 CVE7 critCVSS 7.0Nuclei 3PoC 4com.liferay.portal:release.dxp.bom (5) · com.liferay.portal:release.portal.bom (5) · org.openrefine:openrefine (4)
- 42 CVECVSS 5.6PoC 42pharmacy management system (14) · blood bank management system (10) · blood bank system (9)
- 40 CVECVSS 8.6PoC 37dir-605l (21) · dir-619l b1 (18) · dsl-2750u (1)
- 40 CVE4 critCVSS 5.9×3.1PoC 28boat booking system (11) · medical card generation system (6) · user registration \& login and user management system (5)
- 35 CVE3 critCVSS 5.8PoC 1tecnomatix plant simulation (14) · teamcenter visualization v14.3 (14) · teamcenter visualization v14.2 (14)
- 30 CVECVSS 5.7PoC 27online eyewear shop (7) · petrol pump management software (5) · online hotel reservation system (3)
- 29 CVE6 critCVSS 7.4NEWPoC 3vigor 2866 (14) · vigor 2620 (14) · vigor 2865 (14)
- 29 CVE1 critCVSS 7.8ос аврора (29)
- 28 CVECVSS 6.6PoC 28junos os evolved (17) · junos (16) · junos containerized routing protocol daemon (1)
- 28 CVECVSS 6.7PoC 28junos os evolved (18) · junos os (17) · junos (17)
- 28 CVE5 critCVSS 7.4KEV 1firefox (27) · thunderbird (23) · firefox esr (21)
- 24 CVECVSS 7.8autocad electrical (22) · advance steel (22) · autocad (22)
- 24 CVECVSS 6.2NEWPoC 23cdg (24)
- 23 CVECVSS 6.3PoC 3роса хром (10) · роса кобальт (10) · rosa virtualization 3.0 (5)
- 22 CVECVSS 5.9fedora (22)
- 21 CVECVSS 6.9NEWPoC 20pet shop management system (6) · sales management system (6) · tourist management system (2)
- 20 CVECVSS 7.8autocad plant 3d (20) · autodesk civil 3d (20) · autocad (20)
- 20 CVE1 critCVSS 7.8KEV 1wsa8835 firmware (14) · wsa8830 firmware (14) · fastconnect 7800 firmware (12)
- 20 CVE1 critCVSS 7.5KEV 1snapdragon (20)
- 18 CVECVSS 4.8youtrack (11) · teamcity (5) · hub (1)
- 17 CVE5 critCVSS 7.7NEWKEV 1Nuclei 2PoC 1micollab (16) · mivoice business solution virtual instance (3) · micontact center business (1)
- 17 CVECVSS 6.6PoC 1umbraco.cms (4) · opcfoundation.netstandard.opc.ua (2) · opcfoundation.netstandard.opc.ua.core (2)
- 16 CVE2 critCVSS 7.8KEV 1debian linux (16)
- 15 CVE1 critCVSS 7.1Nuclei 1cloudstack (4) · solr (2) · syncope (1)
- 15 CVE1 critCVSS 7.2Nuclei 1apache cloudstack (3) · apache solr (2) · apache avro java sdk (1)
- 15 CVECVSS 5.7PoC 15blood bank management system (12) · hospital management system (3)
- 15 CVE5 critCVSS 7.7NEW×3.0KEV 1Nuclei 2PoC 1mitel micollab (15) · mivoice business solution virtual instance (mivb svi) (3)
- 15 CVE1 critCVSS 7.0rancher (6) · opensuse tumbleweed (4) · opensuse leap 15.5 (3)
- 14 CVE3 critCVSS 6.5mt6761, mt6765, mt6768, mt6779, mt6785, mt6853, mt6873, mt6885, mt8385, mt8666, mt8667, mt8766, mt8768, mt8781, mt8788, mt8789 (4) · mt6580, mt6739, mt6761, mt6765, mt6768, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6855, mt6873, mt6877, mt6879, mt6883, mt6885, mt6889, mt6893, mt6895, mt6983, mt8666, mt8667, mt8673, mt8675, mt8678 (2) · mt3605, mt6985, mt6989, mt6990, mt7927, mt8183, mt8512, mt8676, mt8678, mt8695, mt8698, mt8755, mt8775, mt8792, mt8796 (1)
- 13 CVECVSS 7.6KEV 2avalanche (5) · csa (cloud services appliance) (3) · ivanti cloud services appliance (3)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 542 | 19 | 2 | 5 | KEV 2Nuclei 5PoC 30 | linux (419) · debian gnu/linux (365) · ollama (4) | — | |
| 2 | linux | 415 | 1 | · | · | linux (415) · linux kernel (415) | — | ||
| 3 | ооо «русбитех-астра» | 312 | 7 | 1 | · | KEV 1PoC 7 | astra linux special edition (308) · astra linux common edition (52) · astra linux special edition для «эльбрус» (5) | — | |
| 4 | ао "нппкт" | 306 | 7 | 1 | · | KEV 1PoC 9 | осон основа оnyx (306) | — | |
| 5 | ооо «ред софт» | 302 | 6 | 1 | 2 | KEV 1Nuclei 2PoC 16 | ред ос (302) | — | |
| 6 | canonical | 234 | · | · | · | PoC 4 | ubuntu (229) · juju (3) · authd (2) | — | |
| 7 | redhat | 212 | 5 | · | 1 | Nuclei 1PoC 5 | red hat enterprise linux (181) · red hat enterprise linux 8 (11) · red hat enterprise linux 9 (11) | — | |
| 8 | microsoft | 152 | 2 | 3 | · | KEV 3PoC 5 | windows server 2022, 23h2 edition (server core installation) (87) · windows server 2022 23h2 (87) · windows server 2019 (server core installation) (80) | — | |
| 9 | ао «ивк» | 130 | 2 | 1 | · | KEV 1PoC 2 | альт 8 сп (109) · альт сп 10 (45) | — | |
| 10 | novell inc. | 100 | 1 | · | · | ×3.7PoC 1 | opensuse leap (82) · suse linux enterprise desktop (76) · suse linux enterprise server for sap applications (76) | — | |
| 11 | cisco | 94 | 4 | 1 | · | ×4.5KEV 1PoC 94 | cisco firepower threat defense software (25) · secure firewall management center (25) · firepower threat defense (25) | — | |
| 12 | oracle | 88 | 2 | · | · | mysql (28) · mysql server (25) · e-business suite (17) | — | ||
| 13 | apple | 84 | 3 | · | · | macos (67) · ios and ipados (41) · iphone os (40) | — | ||
| 14 | 78 | 5 | · | · | PoC 3 | android (49) · google chrome (22) · chrome (21) | — | ||
| 15 | packagist | 72 | 4 | · | 1 | Nuclei 1PoC 9 | magento/community-edition (20) · funadmin/funadmin (11) · librenms/librenms (6) | — | |
| 16 | go | 65 | 4 | · | 3 | Nuclei 3PoC 4 | github.com/rancher/rancher (6) · github.com/juju/juju (6) · github.com/mattermost/mattermost/server/v8 (5) | — | |
| 17 | dlink | 55 | 2 | · | · | ×4.2PoC 40 | dir-605l (21) · dir-605l firmware (21) · dir-619l (18) | — | |
| 18 | adobe | 54 | 1 | · | · | magento (22) · commerce (22) · adobe commerce (22) | — | ||
| 19 | npm | 53 | 9 | · | 2 | Nuclei 2PoC 10 | @saltcorn/server (5) · dompurify (2) · @openc3/tool-common (2) | — | |
| 20 | pypi | 45 | 8 | · | · | PoC 11 | gradio (13) · lollms (3) · open-webui (3) | — | |
| 21 | maven | 44 | 7 | · | 3 | Nuclei 3PoC 4 | com.liferay.portal:release.dxp.bom (5) · com.liferay.portal:release.portal.bom (5) · org.openrefine:openrefine (4) | — | |
| 22 | code-projects | 42 | · | · | · | PoC 42 | pharmacy management system (14) · blood bank management system (10) · blood bank system (9) | — | |
| 23 | d-link | 40 | · | · | · | PoC 37 | dir-605l (21) · dir-619l b1 (18) · dsl-2750u (1) | — | |
| 24 | phpgurukul | 40 | 4 | · | · | ×3.1PoC 28 | boat booking system (11) · medical card generation system (6) · user registration \& login and user management system (5) | — | |
| 25 | siemens | 35 | 3 | · | · | PoC 1 | tecnomatix plant simulation (14) · teamcenter visualization v14.3 (14) · teamcenter visualization v14.2 (14) | — | |
| 26 | sourcecodester | 30 | · | · | · | PoC 27 | online eyewear shop (7) · petrol pump management software (5) · online hotel reservation system (3) | — | |
| 27 | draytek | 29 | 6 | · | · | NEWPoC 3 | vigor 2866 (14) · vigor 2620 (14) · vigor 2865 (14) | — | |
| 28 | ооо «открытая мобильная платформа» | 29 | 1 | · | · | ос аврора (29) | — | ||
| 29 | juniper | 28 | · | · | · | PoC 28 | junos os evolved (17) · junos (16) · junos containerized routing protocol daemon (1) | — | |
| 30 | juniper networks | 28 | · | · | · | PoC 28 | junos os evolved (18) · junos os (17) · junos (17) | — | |
| 31 | mozilla | 28 | 5 | 1 | · | KEV 1 | firefox (27) · thunderbird (23) · firefox esr (21) | — | |
| 32 | autodesk | 24 | · | · | · | autocad electrical (22) · advance steel (22) · autocad (22) | — | ||
| 33 | esafenet | 24 | · | · | · | NEWPoC 23 | cdg (24) | — | |
| 34 | ао «нтц ит роса» | 23 | · | · | · | PoC 3 | роса хром (10) · роса кобальт (10) · rosa virtualization 3.0 (5) | — | |
| 35 | fedora project | 22 | · | · | · | fedora (22) | — | ||
| 36 | codezips | 21 | · | · | · | NEWPoC 20 | pet shop management system (6) · sales management system (6) · tourist management system (2) | — | |
| 37 | autodesk inc. | 20 | · | · | · | autocad plant 3d (20) · autodesk civil 3d (20) · autocad (20) | — | ||
| 38 | qualcomm | 20 | 1 | 1 | · | KEV 1 | wsa8835 firmware (14) · wsa8830 firmware (14) · fastconnect 7800 firmware (12) | — | |
| 39 | qualcomm, inc. | 20 | 1 | 1 | · | KEV 1 | snapdragon (20) | — | |
| 40 | jetbrains | 18 | · | · | · | youtrack (11) · teamcity (5) · hub (1) | — | ||
| 41 | mitel | 17 | 5 | 1 | 2 | NEWKEV 1Nuclei 2PoC 1 | micollab (16) · mivoice business solution virtual instance (3) · micontact center business (1) | — | |
| 42 | nuget | 17 | · | · | · | PoC 1 | umbraco.cms (4) · opcfoundation.netstandard.opc.ua (2) · opcfoundation.netstandard.opc.ua.core (2) | — | |
| 43 | debian | 16 | 2 | 1 | · | KEV 1 | debian linux (16) | — | |
| 44 | apache | 15 | 1 | · | 1 | Nuclei 1 | cloudstack (4) · solr (2) · syncope (1) | — | |
| 45 | apache software foundation | 15 | 1 | · | 1 | Nuclei 1 | apache cloudstack (3) · apache solr (2) · apache avro java sdk (1) | — | |
| 46 | fabian | 15 | · | · | · | PoC 15 | blood bank management system (12) · hospital management system (3) | — | |
| 47 | mitel networks corp. | 15 | 5 | 1 | 2 | NEW×3.0KEV 1Nuclei 2PoC 1 | mitel micollab (15) · mivoice business solution virtual instance (mivb svi) (3) | — | |
| 48 | suse | 15 | 1 | · | · | rancher (6) · opensuse tumbleweed (4) · opensuse leap 15.5 (3) | — | ||
| 49 | mediatek, inc. | 14 | 3 | · | · | mt6761, mt6765, mt6768, mt6779, mt6785, mt6853, mt6873, mt6885, mt8385, mt8666, mt8667, mt8766, mt8768, mt8781, mt8788, mt8789 (4) · mt6580, mt6739, mt6761, mt6765, mt6768, mt6779, mt6781, mt6785, mt6789, mt6833, mt6853, mt6855, mt6873, mt6877, mt6879, mt6883, mt6885, mt6889, mt6893, mt6895, mt6983, mt8666, mt8667, mt8673, mt8675, mt8678 (2) · mt3605, mt6985, mt6989, mt6990, mt7927, mt8183, mt8512, mt8676, mt8678, mt8695, mt8698, mt8755, mt8775, mt8792, mt8796 (1) | — | ||
| 50 | ivanti | 13 | · | 2 | · | KEV 2 | avalanche (5) · csa (cloud services appliance) (3) · ivanti cloud services appliance (3) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins978 CVE128 crit2 KEV869 vendorsCVSS 6.9seopress (6) · wp easy post types (6) · bold page builder (4)
- Operating Systems891 CVE103 crit121 KEV35 vendorsCVSS 7.8linux (834) · linux kernel (415) · debian gnu/linux (365)
- OSS Libraries432 CVE53 crit94 vendorsCVSS 7.0magento/community-edition (20) · funadmin/funadmin (11) · librenms/librenms (6)
- Enterprise Software340 CVE71 crit5 KEV106 vendorsCVSS 8.7cacti (8) · checkmk (6) · librenms (6)
- Networking Infrastructure313 CVE91 crit8 KEV53 vendorsCVSS 7.4junos os evolved (53) · cisco firepower management center (44) · firepower threat defense (38)
- Mobile Apps179 CVE25 crit10 vendorsCVSS 8.1android (55) · google chrome (22) · chrome (21)
- Security Products165 CVE28 crit14 KEV60 vendorsCVSS 7.5passwork (6) · application automation tools (5) · avanpost idm (5)
- Consumer Software136 CVE35 crit5 KEV28 vendorsCVSS 7.5adobe commerce (44) · autocad (42) · autocad architecture (42)
- Hardware Firmware118 CVE405 crit128 KEV33 vendorsCVSS 7.8vgpu (8) · timeprovider 4100 (7) · timeprovider 4100 firmware (7)
- Databases111 CVE35 crit16 vendorsCVSS 9.8mysql server (50) · e-business suite (30) · mysql (29)
- ICS / OT / IoT95 CVE127 crit55 vendorsCVSS 9.3mbnet.mini (5) · rex 100 firmware (5) · rex100 (5)
- Cloud & SaaS82 CVE17 crit61 vendorsCVSS 7.0lylme spage (5) · namaste! lms (4) · elabftw (3)
- AI / ML72 CVE26 crit30 vendorsCVSS 8.8chuanhuchatgpt (5) · gaizhenbiao/chuanhuchatgpt (5) · open webui (5)
- DevTools & CI66 CVE7 crit26 vendorsCVSS 6.8jetty (4) · anka build (3) · anka build cloud (3)
- Communications54 CVE20 crit4 KEV33 vendorsCVSS 8.6mattermost (6) · mattermost server (4) · team\+ pro (3)
- Unclassified312 CVE39 crit259 vendorsCVSS 7.1dir-605l (21) · dir-619l b1 (18) · cute png (8)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 6 | 978 | 128 | 2 | 869 | 1,274 | 6.9 | seopress (6) · wp easy post types (6) · bold page builder (4) |
| Operating Systems▸ 5 | 891 | 103 | 121 | 35 | 413 | 7.8 | linux (834) · linux kernel (415) · debian gnu/linux (365) |
| OSS Libraries▸ 12 | 432 | 53 | · | 94 | 312 | 7.0 | magento/community-edition (20) · funadmin/funadmin (11) · librenms/librenms (6) |
| Enterprise Software▸ 7 | 340 | 71 | 5 | 106 | 541 | 8.7 | cacti (8) · checkmk (6) · librenms (6) |
| Networking Infrastructure▸ 6 | 313 | 91 | 8 | 53 | 327 | 7.4 | junos os evolved (53) · cisco firepower management center (44) · firepower threat defense (38) |
| Mobile Apps▸ 3 | 179 | 25 | · | 10 | 55 | 8.1 | android (55) · google chrome (22) · chrome (21) |
| Security Products▸ 6 | 165 | 28 | 14 | 60 | 122 | 7.5 | passwork (6) · application automation tools (5) · avanpost idm (5) |
| Consumer Software▸ 5 | 136 | 35 | 5 | 28 | 79 | 7.5 | adobe commerce (44) · autocad (42) · autocad architecture (42) |
| Hardware Firmware▸ 5 | 118 | 405 | 128 | 33 | 951 | 7.8 | vgpu (8) · timeprovider 4100 (7) · timeprovider 4100 firmware (7) |
| Databases▸ 5 | 111 | 35 | · | 16 | 116 | 9.8 | mysql server (50) · e-business suite (30) · mysql (29) |
| ICS / OT / IoT▸ 5 | 95 | 127 | · | 55 | 310 | 9.3 | mbnet.mini (5) · rex 100 firmware (5) · rex100 (5) |
| Cloud & SaaS▸ 5 | 82 | 17 | · | 61 | 76 | 7.0 | lylme spage (5) · namaste! lms (4) · elabftw (3) |
| AI / ML▸ 5 | 72 | 26 | · | 30 | 42 | 8.8 | chuanhuchatgpt (5) · gaizhenbiao/chuanhuchatgpt (5) · open webui (5) |
| DevTools & CI▸ 5 | 66 | 7 | · | 26 | 35 | 6.8 | jetty (4) · anka build (3) · anka build cloud (3) |
| Communications▸ 4 | 54 | 20 | 4 | 33 | 35 | 8.6 | mattermost (6) · mattermost server (4) · team\+ pro (3) |
| Unclassified | 312 | 39 | · | 259 | 289 | 7.1 | dir-605l (21) · dir-619l b1 (18) · cute png (8) |
Which weaknesses hit which solution categories in October 2024
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.