December 2024
December 2024 closed with 3,514 published CVEs — +26.9% YoY . 316 criticals, 16 added to CISA KEV (4 ransomware-linked). сообщество свободного программного обеспечения led volume, mostly via linux. Biggest breakout: openrobotics at ×5.3 their 12-month median. Top weakness class — CWE-79 (712 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
December 2024 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 3linux354 CVE
- KEV 3ооо «русбитех-астра»291 CVE
- KEV 3ао "нппкт"272 CVE
- KEV 3ооо «ред софт»256 CVE
- KEV 3ооо «открытая мобильная платформа»54 CVE
- KEV 2redhat196 CVE
- KEV 1novell inc.95 CVE
- KEV 1microsoft91 CVE
What's spreading where in December 2024
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — December 2024
Breakout vendors
CVE count ≥3× their own 12-period median.
- 5.3×openrobotics21 CVE
- 4.0×abb24 CVE
- 3.9×adobe177 CVE
- 3.9×ооо «открытая мобильная платформа»54 CVE
- 3.6×phpgurukul47 CVE
- 3.4×novell inc.95 CVE
- 3.4×ооо «нцпр»37 CVE
- 3.3×code-projects56 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #25gstreamer29 CVE
- #26сообщество gstreamer29 CVE
- #271000projects28 CVE
- #281000 projects27 CVE
- #29abb24 CVE
- #33openrobotics21 CVE
- #37vibethemes18 CVE
- #44image access gmbh14 CVE
- #46codezips13 CVE
- #57veeam12 CVE
Top vendors
Ranked by distinct CVE count this period.
- 456 CVE32 critCVSS 6.4KEV 3Nuclei 1PoC 17linux (354) · debian gnu/linux (270) · drupal (8)
- 354 CVECVSS 6.1KEV 3linux (354) · linux kernel (354)
- 291 CVE18 critCVSS 6.6KEV 3PoC 4astra linux special edition (291) · astra linux common edition (30) · astra linux special edition для «эльбрус» (1)
- 272 CVE17 critCVSS 6.5KEV 3PoC 6осон основа оnyx (272)
- 256 CVE25 critCVSS 6.7KEV 3PoC 11ред ос (256)
- 206 CVE2 critCVSS 6.1PoC 2ubuntu (204) · lxd (2)
- 196 CVE17 critCVSS 6.6KEV 2PoC 6red hat enterprise linux (181) · red hat build of keycloak (4) · red hat openshift container platform (4)
- 177 CVE3 critCVSS 6.2×3.9adobe experience manager (92) · experience manager (90) · adobe connect (20)
- 95 CVE6 critCVSS 6.3×3.4KEV 1PoC 3opensuse leap (89) · suse linux enterprise server (85) · suse linux enterprise desktop (84)
- 91 CVE3 critCVSS 7.6KEV 1PoC 12windows server 2025 (58) · windows server 2025 (server core installation) (58) · windows server 2022, 23h2 edition (server core installation) (57)
- 64 CVE4 critCVSS 7.3KEV 1Nuclei 1android (54) · chrome (7) · google chrome (7)
- 62 CVE6 critCVSS 6.5macos (59) · ios and ipados (28) · ipados (28)
- 56 CVECVSS 5.7×3.3PoC 35job recruitment (10) · simple admin panel (10) · online class and exam scheduling system (7)
- 56 CVE1 critCVSS 5.8cognos controller (10) · cognos analytics (5) · security guardium key lifecycle manager (5)
- 54 CVE1 critCVSS 5.0harmonyos (26) · secospace usg6300 firmware (7) · secospace usg6500 (7)
- 54 CVE16 critCVSS 8.1×3.9KEV 3PoC 2ос аврора (53) · аврора центр (1)
- 47 CVE5 critCVSS 5.3×3.6PoC 26land record system (12) · maid hiring management system (7) · online nurse hiring system (5)
- 42 CVE7 critCVSS 7.7KEV 1Nuclei 1PoC 7drupal/core (7) · drupal/core-recommended (5) · drupal/drupal (5)
- 39 CVE5 critCVSS 6.8PoC 2github.com/siyuan-note/siyuan/kernel (4) · github.com/mattermost/mattermost/server/v8 (3) · github.com/cosmwasm/wasmvm (2)
- 39 CVE10 critCVSS 7.1Nuclei 3PoC 6org.apache.tomcat:tomcat-catalina (3) · org.keycloak:keycloak-quarkus-server (2) · org.apache.tomcat.embed:tomcat-embed-core (2)
- 37 CVE17 critCVSS 8.5×3.4PoC 2мсвсфера (37)
- 36 CVE1 critCVSS 5.3Nuclei 35PoC 36wordpress button plugin maxbuttons (2) · paid membership plugin, ecommerce, user registration form, login form, user profile & restrict content (2) · system dashboard (2)
- 35 CVE1 critCVSS 7.2recoverpoint for virtual machines (7) · elastic cloud storage (3) · ecs (3)
- 32 CVE5 critCVSS 7.5PoC 2matrix-synapse (6) · apache-superset (4) · django (2)
- 29 CVE16 critCVSS 8.6NEWPoC 2gstreamer (29)
- 29 CVE16 critCVSS 8.6NEWPoC 2gstreamer (29)
- 28 CVE1 critCVSS 7.0NEWPoC 28portfolio management system mca (11) · attendance tracking management system (9) · library management system (2)
- 27 CVECVSS 7.0NEWPoC 27portfolio management system mca (11) · attendance tracking management system (9) · library management system (2)
- 24 CVE14 critCVSS 8.9NEW×4.0nexus series nexus-3-x (24) · matrix series mat-x (24) · nexus series (24)
- 23 CVECVSS 7.5PoC 1cosmwasm-vm (2) · pgp (2) · age (1)
- 22 CVE4 critCVSS 7.1Nuclei 3PoC 2directus (2) · astro (2) · cookie-encrypter (1)
- 21 CVE9 critCVSS 8.1PoC 11e-learning management system (21)
- 21 CVE15 critCVSS 9.2NEW×5.3PoC 21robot operating system (21)
- 19 CVE6 critCVSS 7.8PoC 1qts (10) · quts hero (10) · qulog center (2)
- 18 CVECVSS 7.6navisworks manage (14) · navisworks (14) · navisworks freedom (14)
- 18 CVE6 critCVSS 7.7PoC 1qts (10) · quts hero (10) · qulog center (2)
- 18 CVE11 critCVSS 9.2NEWNuclei 18wordpress learning management system (15) · wplms (15) · vibebp (3)
- 17 CVE7 critCVSS 7.5Nuclei 2PoC 2superset (4) · tomcat (3) · hive (2)
- 17 CVE7 critCVSS 7.4Nuclei 2PoC 2superset (4) · apache superset (4) · apache tomcat (3)
- 16 CVE5 critCVSS 8.0connect secure (5) · cloud services application (3) · cloud services appliance (3)
- 15 CVE1 critCVSS 7.2recoverpoint (6) · powerscale onefs (3) · openmanage server administrator (2)
- 15 CVECVSS 4.9teamcity (9) · youtrack (6)
- 15 CVECVSS 6.8mt6580, mt6739, mt6761, mt6765, mt6768, mt6779, mt6781, mt6785, mt6789, mt6833, mt6835, mt6853, mt6855, mt6873, mt6877, mt6878, mt6879, mt6883, mt6885, mt6886, mt6889, mt6893, mt6895, mt6896, mt6897, mt6983, mt6985, mt6989, mt8321, mt8666, mt8667, mt8673, mt8678, mt8765, mt8766, mt8766r, mt8768, mt8771, mt8781, mt8786, mt8788, mt8788e, mt8791t, mt8797, mt8798, mt8863t (3) · mt2737, mt3605, mt6985, mt6989, mt6990, mt7925, mt7927, mt8518s, mt8532, mt8678 (1) · mt2737, mt6298, mt6879, mt6886, mt6895, mt6895t, mt6896, mt6980, mt6980d, mt6983, mt6985, mt6989, mt6990, mt8673, mt8676, mt8795t, mt8798 (1)
- 14 CVECVSS 6.2NEWPoC 14scan2net (14)
- 14 CVE2 critCVSS 7.8solid edge se2024 (4) · siemens totally integrated automation portal (tia portal) (3) · comos v10.4.1 (2)
- 13 CVECVSS 6.8NEWPoC 13e-commerce site (4) · technical discussion forum (2) · hospital management system (2)
- 13 CVECVSS 5.6PoC 11online class and exam scheduling system (5) · hospital management system (2) · hostel management system (2)
- 13 CVECVSS 8.0fastconnect 6900 firmware (12) · wsa8835 firmware (12) · wsa8830 firmware (12)
- 13 CVECVSS 7.4snapdragon (13)
- 13 CVECVSS 5.2samsung mobile devices (7) · gaminghub (3) · quick share agent (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 456 | 32 | 3 | 1 | KEV 3Nuclei 1PoC 17 | linux (354) · debian gnu/linux (270) · drupal (8) | — | |
| 2 | linux | 354 | · | 3 | · | KEV 3 | linux (354) · linux kernel (354) | — | |
| 3 | ооо «русбитех-астра» | 291 | 18 | 3 | · | KEV 3PoC 4 | astra linux special edition (291) · astra linux common edition (30) · astra linux special edition для «эльбрус» (1) | — | |
| 4 | ао "нппкт" | 272 | 17 | 3 | · | KEV 3PoC 6 | осон основа оnyx (272) | — | |
| 5 | ооо «ред софт» | 256 | 25 | 3 | · | KEV 3PoC 11 | ред ос (256) | — | |
| 6 | canonical | 206 | 2 | · | · | PoC 2 | ubuntu (204) · lxd (2) | — | |
| 7 | redhat | 196 | 17 | 2 | · | KEV 2PoC 6 | red hat enterprise linux (181) · red hat build of keycloak (4) · red hat openshift container platform (4) | — | |
| 8 | adobe | 177 | 3 | · | · | ×3.9 | adobe experience manager (92) · experience manager (90) · adobe connect (20) | — | |
| 9 | novell inc. | 95 | 6 | 1 | · | ×3.4KEV 1PoC 3 | opensuse leap (89) · suse linux enterprise server (85) · suse linux enterprise desktop (84) | — | |
| 10 | microsoft | 91 | 3 | 1 | · | KEV 1PoC 12 | windows server 2025 (58) · windows server 2025 (server core installation) (58) · windows server 2022, 23h2 edition (server core installation) (57) | — | |
| 11 | 64 | 4 | 1 | 1 | KEV 1Nuclei 1 | android (54) · chrome (7) · google chrome (7) | — | ||
| 12 | apple | 62 | 6 | · | · | macos (59) · ios and ipados (28) · ipados (28) | — | ||
| 13 | code-projects | 56 | · | · | · | ×3.3PoC 35 | job recruitment (10) · simple admin panel (10) · online class and exam scheduling system (7) | — | |
| 14 | ibm | 56 | 1 | · | · | cognos controller (10) · cognos analytics (5) · security guardium key lifecycle manager (5) | — | ||
| 15 | huawei | 54 | 1 | · | · | harmonyos (26) · secospace usg6300 firmware (7) · secospace usg6500 (7) | — | ||
| 16 | ооо «открытая мобильная платформа» | 54 | 16 | 3 | · | ×3.9KEV 3PoC 2 | ос аврора (53) · аврора центр (1) | — | |
| 17 | phpgurukul | 47 | 5 | · | · | ×3.6PoC 26 | land record system (12) · maid hiring management system (7) · online nurse hiring system (5) | — | |
| 18 | packagist | 42 | 7 | 1 | 1 | KEV 1Nuclei 1PoC 7 | drupal/core (7) · drupal/core-recommended (5) · drupal/drupal (5) | — | |
| 19 | go | 39 | 5 | · | · | PoC 2 | github.com/siyuan-note/siyuan/kernel (4) · github.com/mattermost/mattermost/server/v8 (3) · github.com/cosmwasm/wasmvm (2) | — | |
| 20 | maven | 39 | 10 | · | 3 | Nuclei 3PoC 6 | org.apache.tomcat:tomcat-catalina (3) · org.keycloak:keycloak-quarkus-server (2) · org.apache.tomcat.embed:tomcat-embed-core (2) | — | |
| 21 | ооо «нцпр» | 37 | 17 | · | · | ×3.4PoC 2 | мсвсфера (37) | — | |
| 22 | unknown | 36 | 1 | · | 35 | Nuclei 35PoC 36 | wordpress button plugin maxbuttons (2) · paid membership plugin, ecommerce, user registration form, login form, user profile & restrict content (2) · system dashboard (2) | — | |
| 23 | dell | 35 | 1 | · | · | recoverpoint for virtual machines (7) · elastic cloud storage (3) · ecs (3) | — | ||
| 24 | pypi | 32 | 5 | · | · | PoC 2 | matrix-synapse (6) · apache-superset (4) · django (2) | — | |
| 25 | gstreamer | 29 | 16 | · | · | NEWPoC 2 | gstreamer (29) | — | |
| 26 | сообщество gstreamer | 29 | 16 | · | · | NEWPoC 2 | gstreamer (29) | — | |
| 27 | 1000projects | 28 | 1 | · | · | NEWPoC 28 | portfolio management system mca (11) · attendance tracking management system (9) · library management system (2) | — | |
| 28 | 1000 projects | 27 | · | · | · | NEWPoC 27 | portfolio management system mca (11) · attendance tracking management system (9) · library management system (2) | — | |
| 29 | abb | 24 | 14 | · | · | NEW×4.0 | nexus series nexus-3-x (24) · matrix series mat-x (24) · nexus series (24) | — | |
| 30 | crates.io | 23 | · | · | · | PoC 1 | cosmwasm-vm (2) · pgp (2) · age (1) | — | |
| 31 | npm | 22 | 4 | · | 3 | Nuclei 3PoC 2 | directus (2) · astro (2) · cookie-encrypter (1) | — | |
| 32 | lopalopa | 21 | 9 | · | · | PoC 11 | e-learning management system (21) | — | |
| 33 | openrobotics | 21 | 15 | · | · | NEW×5.3PoC 21 | robot operating system (21) | — | |
| 34 | qnap | 19 | 6 | · | · | PoC 1 | qts (10) · quts hero (10) · qulog center (2) | — | |
| 35 | autodesk | 18 | · | · | · | navisworks manage (14) · navisworks (14) · navisworks freedom (14) | — | ||
| 36 | qnap systems, inc. | 18 | 6 | · | · | PoC 1 | qts (10) · quts hero (10) · qulog center (2) | — | |
| 37 | vibethemes | 18 | 11 | · | 18 | NEWNuclei 18 | wordpress learning management system (15) · wplms (15) · vibebp (3) | — | |
| 38 | apache | 17 | 7 | · | 2 | Nuclei 2PoC 2 | superset (4) · tomcat (3) · hive (2) | — | |
| 39 | apache software foundation | 17 | 7 | · | 2 | Nuclei 2PoC 2 | superset (4) · apache superset (4) · apache tomcat (3) | — | |
| 40 | ivanti | 16 | 5 | · | · | connect secure (5) · cloud services application (3) · cloud services appliance (3) | — | ||
| 41 | dell technologies | 15 | 1 | · | · | recoverpoint (6) · powerscale onefs (3) · openmanage server administrator (2) | — | ||
| 42 | jetbrains | 15 | · | · | · | teamcity (9) · youtrack (6) | — | ||
| 43 | mediatek, inc. | 15 | · | · | · | mt6580, mt6739, mt6761, mt6765, mt6768, mt6779, mt6781, mt6785, mt6789, mt6833, mt6835, mt6853, mt6855, mt6873, mt6877, mt6878, mt6879, mt6883, mt6885, mt6886, mt6889, mt6893, mt6895, mt6896, mt6897, mt6983, mt6985, mt6989, mt8321, mt8666, mt8667, mt8673, mt8678, mt8765, mt8766, mt8766r, mt8768, mt8771, mt8781, mt8786, mt8788, mt8788e, mt8791t, mt8797, mt8798, mt8863t (3) · mt2737, mt3605, mt6985, mt6989, mt6990, mt7925, mt7927, mt8518s, mt8532, mt8678 (1) · mt2737, mt6298, mt6879, mt6886, mt6895, mt6895t, mt6896, mt6980, mt6980d, mt6983, mt6985, mt6989, mt6990, mt8673, mt8676, mt8795t, mt8798 (1) | — | ||
| 44 | image access gmbh | 14 | · | · | · | NEWPoC 14 | scan2net (14) | — | |
| 45 | siemens | 14 | 2 | · | · | solid edge se2024 (4) · siemens totally integrated automation portal (tia portal) (3) · comos v10.4.1 (2) | — | ||
| 46 | codezips | 13 | · | · | · | NEWPoC 13 | e-commerce site (4) · technical discussion forum (2) · hospital management system (2) | — | |
| 47 | fabian | 13 | · | · | · | PoC 11 | online class and exam scheduling system (5) · hospital management system (2) · hostel management system (2) | — | |
| 48 | qualcomm | 13 | · | · | · | fastconnect 6900 firmware (12) · wsa8835 firmware (12) · wsa8830 firmware (12) | — | ||
| 49 | qualcomm, inc. | 13 | · | · | · | snapdragon (13) | — | ||
| 50 | samsung mobile | 13 | · | · | · | samsung mobile devices (7) · gaminghub (3) · quick share agent (1) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins1,062 CVE122 crit3 KEV704 vendorsCVSS 6.7wordpress learning management system (15) · wplms (15) · wp mailster (12)
- Operating Systems725 CVE258 crit107 KEV38 vendorsCVSS 7.6linux (708) · linux kernel (354) · astra linux special edition (291)
- Enterprise Software431 CVE86 crit4 KEV104 vendorsCVSS 7.7cognos controller (10) · glpi (10) · whatsup gold (9)
- OSS Libraries320 CVE138 crit1 KEV89 vendorsCVSS 8.3gstreamer (87) · tcpdf (13) · ffmpeg (4)
- Consumer Software233 CVE10 crit32 vendorsCVSS 7.5adobe experience manager (181) · experience manager (90) · adobe connect (39)
- Mobile Apps202 CVE30 crit1 KEV12 vendorsCVSS 6.6android (61) · harmonyos (26) · chrome (7)
- Hardware Firmware143 CVE52 crit26 vendorsCVSS 8.0qts (30) · quts hero (30) · synology router manager (srm) (8)
- Security Products116 CVE25 crit15 KEV52 vendorsCVSS 7.7connect secure (5) · cloud services appliance (3) · cloud services application (3)
- Networking Infrastructure107 CVE30 crit5 KEV44 vendorsCVSS 8.4ruijie reyee os (10) · iap-420 firmware (5) · ac6 firmware (4)
- ICS / OT / IoT100 CVE450 crit36 vendorsCVSS 9.0aspect-enterprise (24) · aspect-enterprise asp-ent-x (24) · matrix series (24)
- Cloud & SaaS89 CVE7 crit57 vendorsCVSS 7.5frontend admin (3) · docusign (2) · linkace (2)
- DevTools & CI51 CVE3 crit18 vendorsCVSS 8.1teamcity (9) · youtrack (6) · labview (3)
- AI / ML30 CVE18 crit10 vendorsCVSS 10.0robot operating system (21) · yocto (1)
- Communications28 CVE5 crit2 KEV16 vendorsCVSS 7.4misskey (11) · synapse (11) · mattermost (5)
- Databases22 CVE2 crit1 KEV11 vendorsCVSS 7.5oracle exadata (4) · cognos analytics (2) · ibm db2 (2)
- Unclassified290 CVE39 crit207 vendorsCVSS 6.8мсвсфера (37) · job recruitment (6) · rebuild (4)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 6 | 1,062 | 122 | 3 | 704 | 901 | 6.7 | wordpress learning management system (15) · wplms (15) · wp mailster (12) |
| Operating Systems▸ 5 | 725 | 258 | 107 | 38 | 347 | 7.6 | linux (708) · linux kernel (354) · astra linux special edition (291) |
| Enterprise Software▸ 7 | 431 | 86 | 4 | 104 | 343 | 7.7 | cognos controller (10) · glpi (10) · whatsup gold (9) |
| OSS Libraries▸ 11 | 320 | 138 | 1 | 89 | 286 | 8.3 | gstreamer (87) · tcpdf (13) · ffmpeg (4) |
| Consumer Software▸ 4 | 233 | 10 | · | 32 | 91 | 7.5 | adobe experience manager (181) · experience manager (90) · adobe connect (39) |
| Mobile Apps▸ 3 | 202 | 30 | 1 | 12 | 126 | 6.6 | android (61) · harmonyos (26) · chrome (7) |
| Hardware Firmware▸ 5 | 143 | 52 | · | 26 | 881 | 8.0 | qts (30) · quts hero (30) · synology router manager (srm) (8) |
| Security Products▸ 6 | 116 | 25 | 15 | 52 | 106 | 7.7 | connect secure (5) · cloud services appliance (3) · cloud services application (3) |
| Networking Infrastructure▸ 5 | 107 | 30 | 5 | 44 | 176 | 8.4 | ruijie reyee os (10) · iap-420 firmware (5) · ac6 firmware (4) |
| ICS / OT / IoT▸ 5 | 100 | 450 | · | 36 | 162 | 9.0 | aspect-enterprise (24) · aspect-enterprise asp-ent-x (24) · matrix series (24) |
| Cloud & SaaS▸ 5 | 89 | 7 | · | 57 | 84 | 7.5 | frontend admin (3) · docusign (2) · linkace (2) |
| DevTools & CI▸ 5 | 51 | 3 | · | 18 | 18 | 8.1 | teamcity (9) · youtrack (6) · labview (3) |
| AI / ML▸ 4 | 30 | 18 | · | 10 | 11 | 10.0 | robot operating system (21) · yocto (1) |
| Communications▸ 4 | 28 | 5 | 2 | 16 | 17 | 7.4 | misskey (11) · synapse (11) · mattermost (5) |
| Databases▸ 4 | 22 | 2 | 1 | 11 | 22 | 7.5 | oracle exadata (4) · cognos analytics (2) · ibm db2 (2) |
| Unclassified | 290 | 39 | · | 207 | 221 | 6.8 | мсвсфера (37) · job recruitment (6) · rebuild (4) |
Which weaknesses hit which solution categories in December 2024
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.