November 2024
November 2024 closed with 4,154 published CVEs — +62.3% YoY . 348 criticals, 22 added to CISA KEV (5 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: irfanview at ×17.4 their 12-month median. Top weakness class — CWE-79 (824 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
November 2024 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 3ао "нппкт"218 CVE
- KEV 3redhat148 CVE
- KEV 3microsoft106 CVE
- KEV 2canonical165 CVE
- KEV 2google136 CVE
- KEV 1linux279 CVE
- KEV 1novell inc.44 CVE
- KEV 1siemens34 CVE
What's spreading where in November 2024
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — November 2024
Breakout vendors
CVE count ≥3× their own 12-period median.
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #11irfanview87 CVE
- #32anisha32 CVE
- #34tungsten automation32 CVE
- #42trimble24 CVE
- #431000 projects23 CVE
- #45мартин догиамас22 CVE
- #46advantech21 CVE
- #51advantech co., ltd19 CVE
- #551000projects18 CVE
- #56allegra18 CVE
Top vendors
Ranked by distinct CVE count this period.
- 375 CVE12 critCVSS 6.2KEV 4Nuclei 3PoC 17linux (281) · debian gnu/linux (212) · needrestart (4)
- 279 CVECVSS 6.0KEV 1PoC 1linux kernel (279) · linux (274)
- 263 CVE12 critCVSS 6.3KEV 3Nuclei 1PoC 14astra linux special edition (261) · astra linux common edition (51) · astra linux special edition для «эльбрус» (2)
- 246 CVE11 critCVSS 6.2KEV 1Nuclei 3PoC 17ред ос (241) · ред база данных (5)
- 218 CVE8 critCVSS 6.4KEV 3PoC 6осон основа оnyx (218)
- 165 CVE2 critCVSS 6.2KEV 2PoC 5ubuntu (164) · ubuntu's pulseaudio (1)
- 148 CVE2 critCVSS 6.3KEV 3PoC 7red hat enterprise linux (114) · red hat enterprise linux 9 (17) · red hat enterprise linux 8 (17)
- 136 CVE5 critCVSS 7.2KEV 2PoC 3android (118) · chrome (13) · google chrome (13)
- 106 CVE5 critCVSS 7.9KEV 3PoC 2windows server 2022 (34) · windows server 2022 (server core installation) (34) · windows server 2022 23h2 (32)
- 104 CVE3 critCVSS 6.0×5.0Nuclei 2PoC 104cisco catalyst sd-wan manager (18) · cisco sd-wan (17) · catalyst sd-wan manager (17)
- 87 CVECVSS 7.8NEW×17.4irfanview (87) · formats (4)
- 74 CVE2 critCVSS 5.7Nuclei 4PoC 20moodle/moodle (25) · librenms/librenms (13) · symfony/symfony (5)
- 59 CVECVSS 6.2intel arc graphics (4) · video processing library (4) · intel iris xe graphics (4)
- 57 CVECVSS 6.8substance3d - painter (23) · substance 3d painter (23) · adobe substance 3d painter (22)
- 51 CVE5 critCVSS 7.1Nuclei 3PoC 8calibreweb (3) · transformers (3) · aiohttp (2)
- 50 CVECVSS 5.5fedora (50)
- 49 CVE8 critCVSS 7.6endpoint manager (18) · connect secure (18) · policy secure (15)
- 49 CVECVSS 6.2×7.5r7000p (27) · r7000p firmware (26) · r8500 firmware (25)
- 48 CVE5 critCVSS 7.3PoC 4org.keycloak:keycloak-quarkus-server (6) · org.keycloak:keycloak-services (4) · ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (2)
- 47 CVE7 critCVSS 6.7PoC 3альт сп 10 (35) · альт 8 сп (18)
- 46 CVECVSS 5.9PoC 46e-health care system (10) · farmacia (10) · job recruitment (6)
- 44 CVE1 critCVSS 5.8KEV 1PoC 2opensuse leap (34) · suse linux enterprise server (33) · suse linux enterprise desktop (32)
- 42 CVE5 critCVSS 7.1Nuclei 1PoC 5github.com/goharbor/harbor (6) · github.com/moby/moby (3) · github.com/drakkan/sftpgo/v2 (2)
- 39 CVECVSS 6.6pdf-xchange editor (39) · pdf-tools (38)
- 39 CVE2 critCVSS 5.4Nuclei 39PoC 38logo slider (2) · rss feed widget (2) · appointment booking calendar — simply schedule appointments booking plugin (2)
- 38 CVECVSS 6.7pdf-xchange editor (38) · pdf-xchange pro (11) · pdf-tools (11)
- 36 CVE3 critCVSS 7.8wsa8830 firmware (21) · wsa8835 firmware (21) · wcd9380 firmware (20)
- 36 CVE3 critCVSS 7.8snapdragon (36)
- 36 CVECVSS 6.4power pdf (36)
- 34 CVE2 critCVSS 5.0PoC 33online shopping portal (11) · user registration \& login and user management system (4) · complaint management system (4)
- 34 CVE3 critCVSS 5.9KEV 1teamcenter visualization v14.2 (10) · teamcenter visualization v14.3 (10) · tecnomatix plant simulation v2404 (10)
- 32 CVECVSS 6.0NEW×5.3PoC 32e-health care system (10) · farmacia (8) · job recruitment (6)
- 32 CVE4 critCVSS 6.3concert (5) · concert software (5) · security verify access (4)
- 32 CVECVSS 6.3NEWpower pdf (32)
- 32 CVE1 critCVSS 6.4KEV 1PoC 2rosa virtualization 3.0 (21) · роса кобальт (12) · роса хром (7)
- 29 CVE4 critCVSS 7.4Nuclei 3PoC 16di-8003 (7) · di-8003 firmware (7) · dsl6740c firmware (7)
- 29 CVE3 critCVSS 6.9×3.6qts (16) · quts hero (16) · notes station 3 (4)
- 26 CVE6 critCVSS 7.4tomcat (4) · traffic server (4) · nimble (4)
- 25 CVE6 critCVSS 7.6apache tomcat (4) · apache nimble (4) · tomcat (4)
- 25 CVECVSS 5.9Nuclei 1PoC 1moodle (25)
- 24 CVE4 critCVSS 7.3PoC 2firefox (20) · thunderbird (17) · firefox esr (10)
- 24 CVECVSS 7.7NEWsketchup viewer (19) · sketchup (8) · sketchup pro (2)
- 23 CVECVSS 7.0NEWPoC 23beauty parlour management system (11) · bookstore management system (9) · portfolio management system mca (3)
- 22 CVECVSS 6.8PoC 2@sveltejs/kit (2) · vue-i18n (2) · petite-vue-i18n (2)
- 22 CVECVSS 6.0NEW×4.0Nuclei 1PoC 1moodle (22)
- 21 CVE6 critCVSS 7.9NEWeki-6333ac-2g firmware (20) · eki-6333ac-2gd (20) · eki-6333ac-2gd firmware (20)
- 21 CVE1 critCVSS 7.9PoC 2surrealdb-core (3) · surrealdb (3) · mimalloc (1)
- 21 CVECVSS 5.8harmonyos (21) · emui (5)
- 20 CVE3 critCVSS 7.2PoC 2hpe athonet core (7) · hpe aruba networking access points, instant aos-8, and aos-10 (6) · insight remote support (5)
- 20 CVE2 critCVSS 6.8PoC 6e-learning management system (20)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 375 | 12 | 4 | 3 | KEV 4Nuclei 3PoC 17 | linux (281) · debian gnu/linux (212) · needrestart (4) | — | |
| 2 | linux | 279 | · | 1 | · | KEV 1PoC 1 | linux kernel (279) · linux (274) | — | |
| 3 | ооо «русбитех-астра» | 263 | 12 | 3 | 1 | KEV 3Nuclei 1PoC 14 | astra linux special edition (261) · astra linux common edition (51) · astra linux special edition для «эльбрус» (2) | — | |
| 4 | ооо «ред софт» | 246 | 11 | 1 | 3 | KEV 1Nuclei 3PoC 17 | ред ос (241) · ред база данных (5) | — | |
| 5 | ао "нппкт" | 218 | 8 | 3 | · | KEV 3PoC 6 | осон основа оnyx (218) | — | |
| 6 | canonical | 165 | 2 | 2 | · | KEV 2PoC 5 | ubuntu (164) · ubuntu's pulseaudio (1) | — | |
| 7 | redhat | 148 | 2 | 3 | · | KEV 3PoC 7 | red hat enterprise linux (114) · red hat enterprise linux 9 (17) · red hat enterprise linux 8 (17) | — | |
| 8 | 136 | 5 | 2 | · | KEV 2PoC 3 | android (118) · chrome (13) · google chrome (13) | — | ||
| 9 | microsoft | 106 | 5 | 3 | · | KEV 3PoC 2 | windows server 2022 (34) · windows server 2022 (server core installation) (34) · windows server 2022 23h2 (32) | — | |
| 10 | cisco | 104 | 3 | · | 2 | ×5.0Nuclei 2PoC 104 | cisco catalyst sd-wan manager (18) · cisco sd-wan (17) · catalyst sd-wan manager (17) | — | |
| 11 | irfanview | 87 | · | · | · | NEW×17.4 | irfanview (87) · formats (4) | — | |
| 12 | packagist | 74 | 2 | · | 4 | Nuclei 4PoC 20 | moodle/moodle (25) · librenms/librenms (13) · symfony/symfony (5) | — | |
| 13 | intel | 59 | · | · | · | intel arc graphics (4) · video processing library (4) · intel iris xe graphics (4) | — | ||
| 14 | adobe | 57 | · | · | · | substance3d - painter (23) · substance 3d painter (23) · adobe substance 3d painter (22) | — | ||
| 15 | pypi | 51 | 5 | · | 3 | Nuclei 3PoC 8 | calibreweb (3) · transformers (3) · aiohttp (2) | — | |
| 16 | fedora project | 50 | · | · | · | fedora (50) | — | ||
| 17 | ivanti | 49 | 8 | · | · | endpoint manager (18) · connect secure (18) · policy secure (15) | — | ||
| 18 | netgear | 49 | · | · | · | ×7.5 | r7000p (27) · r7000p firmware (26) · r8500 firmware (25) | — | |
| 19 | maven | 48 | 5 | · | · | PoC 4 | org.keycloak:keycloak-quarkus-server (6) · org.keycloak:keycloak-services (4) · ca.uhn.hapi.fhir:org.hl7.fhir.dstu3 (2) | — | |
| 20 | ао «ивк» | 47 | 7 | · | · | PoC 3 | альт сп 10 (35) · альт 8 сп (18) | — | |
| 21 | code-projects | 46 | · | · | · | PoC 46 | e-health care system (10) · farmacia (10) · job recruitment (6) | — | |
| 22 | novell inc. | 44 | 1 | 1 | · | KEV 1PoC 2 | opensuse leap (34) · suse linux enterprise server (33) · suse linux enterprise desktop (32) | — | |
| 23 | go | 42 | 5 | · | 1 | Nuclei 1PoC 5 | github.com/goharbor/harbor (6) · github.com/moby/moby (3) · github.com/drakkan/sftpgo/v2 (2) | — | |
| 24 | pdf-xchange | 39 | · | · | · | pdf-xchange editor (39) · pdf-tools (38) | — | ||
| 25 | unknown | 39 | 2 | · | 39 | Nuclei 39PoC 38 | logo slider (2) · rss feed widget (2) · appointment booking calendar — simply schedule appointments booking plugin (2) | — | |
| 26 | tracker software products ltd. | 38 | · | · | · | pdf-xchange editor (38) · pdf-xchange pro (11) · pdf-tools (11) | — | ||
| 27 | qualcomm | 36 | 3 | · | · | wsa8830 firmware (21) · wsa8835 firmware (21) · wcd9380 firmware (20) | — | ||
| 28 | qualcomm, inc. | 36 | 3 | · | · | snapdragon (36) | — | ||
| 29 | tungstenautomation | 36 | · | · | · | power pdf (36) | — | ||
| 30 | phpgurukul | 34 | 2 | · | · | PoC 33 | online shopping portal (11) · user registration \& login and user management system (4) · complaint management system (4) | — | |
| 31 | siemens | 34 | 3 | 1 | · | KEV 1 | teamcenter visualization v14.2 (10) · teamcenter visualization v14.3 (10) · tecnomatix plant simulation v2404 (10) | — | |
| 32 | anisha | 32 | · | · | · | NEW×5.3PoC 32 | e-health care system (10) · farmacia (8) · job recruitment (6) | — | |
| 33 | ibm | 32 | 4 | · | · | concert (5) · concert software (5) · security verify access (4) | — | ||
| 34 | tungsten automation | 32 | · | · | · | NEW | power pdf (32) | — | |
| 35 | ао «нтц ит роса» | 32 | 1 | 1 | · | KEV 1PoC 2 | rosa virtualization 3.0 (21) · роса кобальт (12) · роса хром (7) | — | |
| 36 | dlink | 29 | 4 | · | 3 | Nuclei 3PoC 16 | di-8003 (7) · di-8003 firmware (7) · dsl6740c firmware (7) | — | |
| 37 | qnap | 29 | 3 | · | · | ×3.6 | qts (16) · quts hero (16) · notes station 3 (4) | — | |
| 38 | apache | 26 | 6 | · | · | tomcat (4) · traffic server (4) · nimble (4) | — | ||
| 39 | apache software foundation | 25 | 6 | · | · | apache tomcat (4) · apache nimble (4) · tomcat (4) | — | ||
| 40 | moodle | 25 | · | · | 1 | Nuclei 1PoC 1 | moodle (25) | — | |
| 41 | mozilla | 24 | 4 | · | · | PoC 2 | firefox (20) · thunderbird (17) · firefox esr (10) | — | |
| 42 | trimble | 24 | · | · | · | NEW | sketchup viewer (19) · sketchup (8) · sketchup pro (2) | — | |
| 43 | 1000 projects | 23 | · | · | · | NEWPoC 23 | beauty parlour management system (11) · bookstore management system (9) · portfolio management system mca (3) | — | |
| 44 | npm | 22 | · | · | · | PoC 2 | @sveltejs/kit (2) · vue-i18n (2) · petite-vue-i18n (2) | — | |
| 45 | мартин догиамас | 22 | · | · | 1 | NEW×4.0Nuclei 1PoC 1 | moodle (22) | — | |
| 46 | advantech | 21 | 6 | · | · | NEW | eki-6333ac-2g firmware (20) · eki-6333ac-2gd (20) · eki-6333ac-2gd firmware (20) | — | |
| 47 | crates.io | 21 | 1 | · | · | PoC 2 | surrealdb-core (3) · surrealdb (3) · mimalloc (1) | — | |
| 48 | huawei | 21 | · | · | · | harmonyos (21) · emui (5) | — | ||
| 49 | hpe | 20 | 3 | · | · | PoC 2 | hpe athonet core (7) · hpe aruba networking access points, instant aos-8, and aos-10 (6) · insight remote support (5) | — | |
| 50 | lopalopa | 20 | 2 | · | · | PoC 6 | e-learning management system (20) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins990 CVE116 crit690 vendorsCVSS 7.0element pack (6) · jobsearch wp job board (5) · kognetiks chatbot (5)
- Operating Systems738 CVE145 crit154 KEV47 vendorsCVSS 7.9linux (555) · linux kernel (279) · astra linux special edition (261)
- Enterprise Software540 CVE75 crit4 KEV129 vendorsCVSS 7.4zabbix (28) · glpi (24) · itop (14)
- OSS Libraries389 CVE53 crit88 vendorsCVSS 7.9ffmpeg (17) · mongoose (10) · mongoose web server (10)
- Consumer Software356 CVE25 crit45 vendorsCVSS 7.4irfanview (87) · power pdf (32) · tsmuxer (7)
- Networking Infrastructure332 CVE39 crit6 KEV58 vendorsCVSS 7.7r7000p (27) · r7000p firmware (26) · r8500 (25)
- Hardware Firmware243 CVE86 crit31 vendorsCVSS 7.8amd ryzen™ ai software (4) · bluefield 1 (4) · bluefield ga (4)
- Mobile Apps190 CVE8 crit17 KEV12 vendorsCVSS 9.0android (132) · harmonyos (21) · chrome (13)
- Security Products184 CVE28 crit10 KEV67 vendorsCVSS 7.6connect secure (18) · endpoint manager (18) · policy secure (15)
- ICS / OT / IoT181 CVE131 crit11 KEV49 vendorsCVSS 9.8monitouch v-sft (24) · eki-6333ac-1gpo (20) · eki-6333ac-1gpo firmware (20)
- Cloud & SaaS146 CVE25 crit5 KEV70 vendorsCVSS 8.2nextcloud server (21) · security-advisories (17) · nextcloud enterprise server (10)
- DevTools & CI58 CVE9 crit32 vendorsCVSS 7.7gitlab (24) · enterprise server (3) · helix core (3)
- Communications47 CVE4 crit2 KEV26 vendorsCVSS 6.6mattermost (4) · mattermost server (4) · chatwoot (3)
- AI / ML44 CVE6 crit27 vendorsCVSS 10.0harbor (6) · transformers (6) · yocto (2)
- Databases25 CVE3 crit3 KEV16 vendorsCVSS 7.4postgresql (8) · oracle exadata (4) · postgres pro certified (4)
- Unclassified349 CVE56 crit1 KEV228 vendorsCVSS 6.9allegra (18) · bitcoin core (11) · wave 2.0 (11)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 6 | 990 | 116 | · | 690 | 907 | 7.0 | element pack (6) · jobsearch wp job board (5) · kognetiks chatbot (5) |
| Operating Systems▸ 5 | 738 | 145 | 154 | 47 | 415 | 7.9 | linux (555) · linux kernel (279) · astra linux special edition (261) |
| Enterprise Software▸ 7 | 540 | 75 | 4 | 129 | 398 | 7.4 | zabbix (28) · glpi (24) · itop (14) |
| OSS Libraries▸ 11 | 389 | 53 | · | 88 | 307 | 7.9 | ffmpeg (17) · mongoose (10) · mongoose web server (10) |
| Consumer Software▸ 4 | 356 | 25 | · | 45 | 83 | 7.4 | irfanview (87) · power pdf (32) · tsmuxer (7) |
| Networking Infrastructure▸ 6 | 332 | 39 | 6 | 58 | 424 | 7.7 | r7000p (27) · r7000p firmware (26) · r8500 (25) |
| Hardware Firmware▸ 5 | 243 | 86 | · | 31 | 994 | 7.8 | amd ryzen™ ai software (4) · bluefield 1 (4) · bluefield ga (4) |
| Mobile Apps▸ 3 | 190 | 8 | 17 | 12 | 56 | 9.0 | android (132) · harmonyos (21) · chrome (13) |
| Security Products▸ 6 | 184 | 28 | 10 | 67 | 103 | 7.6 | connect secure (18) · endpoint manager (18) · policy secure (15) |
| ICS / OT / IoT▸ 6 | 181 | 131 | 11 | 49 | 255 | 9.8 | monitouch v-sft (24) · eki-6333ac-1gpo (20) · eki-6333ac-1gpo firmware (20) |
| Cloud & SaaS▸ 5 | 146 | 25 | 5 | 70 | 101 | 8.2 | nextcloud server (21) · security-advisories (17) · nextcloud enterprise server (10) |
| DevTools & CI▸ 5 | 58 | 9 | · | 32 | 46 | 7.7 | gitlab (24) · enterprise server (3) · helix core (3) |
| Communications▸ 4 | 47 | 4 | 2 | 26 | 41 | 6.6 | mattermost (4) · mattermost server (4) · chatwoot (3) |
| AI / ML▸ 5 | 44 | 6 | · | 27 | 27 | 10.0 | harbor (6) · transformers (6) · yocto (2) |
| Databases▸ 5 | 25 | 3 | 3 | 16 | 22 | 7.4 | postgresql (8) · oracle exadata (4) · postgres pro certified (4) |
| Unclassified | 349 | 56 | 1 | 228 | 255 | 6.9 | allegra (18) · bitcoin core (11) · wave 2.0 (11) |
Which weaknesses hit which solution categories in November 2024
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.