Skip to main content

Vendor Intelligence

Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 64 vendors

Period: 30d 90d 6m 1y All
# Vendor Risk Score CVEs Severity KEV PoC Avg EPSS Patch Rate Trend
1 Suse 21186 7134
410 CRITICAL 2535 HIGH 4177 MEDIUM
21 737 0.3% 98% +7134
2 Red Hat 17774 6506
299 CRITICAL 2311 HIGH 3892 MEDIUM 2 LOW
18 580 0.3% 96% +6506
3 Microsoft 14545 2749
195 CRITICAL 1585 HIGH 881 MEDIUM 78 LOW
90 219 2.6% 55% +2749
4 WordPress 14436 6069
416 CRITICAL 1398 HIGH 4174 MEDIUM 74 LOW
0 583 0.7% 11% +6069
5 Linux 6728 5061
86 CRITICAL 1322 HIGH 2707 MEDIUM 13 LOW
2 60 0.0% 95% +5061
6 Google 6494 1955
107 CRITICAL 884 HIGH 819 MEDIUM 126 LOW
16 136 0.4% 56% +1955
7 Tenda 5557 546
56 CRITICAL 365 HIGH 87 MEDIUM 38 LOW
0 439 0.6% 0% +546
8 D-Link 4369 493
63 CRITICAL 232 HIGH 116 MEDIUM 82 LOW
1 342 0.9% 2% +493
9 Apple 4180 1341
123 CRITICAL 412 HIGH 723 MEDIUM 82 LOW
18 49 0.3% 31% +1341
10 TOTOLINK 2619 257
42 CRITICAL 129 HIGH 79 MEDIUM 7 LOW
0 207 2.1% 0% +257
11 Apache 2231 484
82 CRITICAL 202 HIGH 173 MEDIUM 12 LOW
5 44 1.4% 80% +484
12 Mozilla 2178 446
133 CRITICAL 188 HIGH 121 MEDIUM 4 LOW
0 12 0.3% 94% +446
13 Debian 2158 1229
28 CRITICAL 248 HIGH 784 MEDIUM 59 LOW
3 92 0.1% 98% +1229
14 Adobe 1563 536
21 CRITICAL 130 HIGH 373 MEDIUM 12 LOW
14 14 2.2% 12% +536
15 Cisco 1363 376
26 CRITICAL 102 HIGH 245 MEDIUM 3 LOW
11 15 0.5% 1% +376
16 Ivanti 1080 104
15 CRITICAL 56 HIGH 33 MEDIUM
12 9 11.4% 6% +104
17 TP-Link 964 140
3 CRITICAL 117 HIGH 18 MEDIUM 1 LOW
1 50 0.8% 21% +140
18 Linksys 958 89
8 CRITICAL 51 HIGH 19 MEDIUM 11 LOW
0 81 1.1% 0% +89
19 Oracle 946 400
23 CRITICAL 93 HIGH 259 MEDIUM 25 LOW
5 11 1.3% 40% +400
20 Fortinet 909 207
17 CRITICAL 62 HIGH 103 MEDIUM 25 LOW
8 8 2.1% 0% +207
21 IBM 832 730
23 CRITICAL 132 HIGH 525 MEDIUM 46 LOW
1 1 0.2% 19% +730
22 Gitlab 787 254
5 CRITICAL 68 HIGH 143 MEDIUM 37 LOW
0 57 0.1% 32% +254
23 Dell 727 311
11 CRITICAL 138 HIGH 134 MEDIUM 22 LOW
1 1 0.3% 37% +311
24 Netgear 706 65
23 CRITICAL 31 HIGH 9 MEDIUM 2 LOW
0 41 4.1% 9% +65
25 Nginx 682 130
20 CRITICAL 68 HIGH 36 MEDIUM 4 LOW
0 26 1.9% 78% +130
26 SAP 639 254
30 CRITICAL 40 HIGH 164 MEDIUM 20 LOW
3 1 0.6% 9% +254
27 Samsung 545 213
16 CRITICAL 62 HIGH 128 MEDIUM 3 LOW
2 2 0.6% 9% +213
28 Nvidia 544 206
9 CRITICAL 107 HIGH 61 MEDIUM 28 LOW
0 1 0.1% 14% +206
29 Intel 472 340
3 CRITICAL 80 HIGH 220 MEDIUM 24 LOW
2 1 0.2% 23% +340
30 VMware 421 57
2 CRITICAL 30 HIGH 23 MEDIUM 1 LOW
5 2 1.6% 23% +57
31 Drupal 404 196
16 CRITICAL 49 HIGH 125 MEDIUM 6 LOW
0 6 0.2% 81% +196
32 Juniper 390 129
7 CRITICAL 64 HIGH 58 MEDIUM
1 1 0.3% 38% +129
33 Citrix 307 16
3 CRITICAL 10 HIGH 3 MEDIUM
4 4 5.1% 50% +16
34 Hashicorp 294 66
10 CRITICAL 22 HIGH 25 MEDIUM 6 LOW
1 7 0.4% 61% +66
35 Paloalto 290 67
3 CRITICAL 19 HIGH 33 MEDIUM 8 LOW
3 2 3.1% 19% +67
36 Canonical 262 96
11 CRITICAL 30 HIGH 44 MEDIUM 3 LOW
0 4 0.0% 92% +96
37 Zyxel 222 27
2 CRITICAL 14 HIGH 11 MEDIUM
2 2 4.9% 0% +27
38 Amd 190 135
1 CRITICAL 45 HIGH 80 MEDIUM 3 LOW
0 0 0.0% 62% +135
39 Joomla 187 39
6 CRITICAL 12 HIGH 17 MEDIUM 3 LOW
0 7 0.2% 5% +39
40 Ubiquiti 184 28
15 CRITICAL 8 HIGH 5 MEDIUM
0 0 0.2% 46% +28
41 HP 171 46
5 CRITICAL 18 HIGH 22 MEDIUM
0 5 1.5% 35% +46
42 Wazuh 171 20
4 CRITICAL 3 HIGH 12 MEDIUM 1 LOW
1 8 4.8% 80% +20
43 Atlassian 158 40
9 CRITICAL 15 HIGH 13 MEDIUM 3 LOW
0 1 0.4% 72% +40
44 Siemens 154 36
1 CRITICAL 15 HIGH 18 MEDIUM 2 LOW
1 1 2.7% 3% +36
45 Broadcom 153 25
2 CRITICAL 16 HIGH 6 MEDIUM
1 1 0.4% 28% +25
46 Jenkins 150 109
5 CRITICAL 23 HIGH 78 MEDIUM 2 LOW
0 1 0.1% 50% +109
47 Rockwell 133 24
2 CRITICAL 22 HIGH
0 0 0.2% 0% +24
48 Elastic 112 56
4 CRITICAL 12 HIGH 37 MEDIUM 2 LOW
0 3 0.3% 57% +56
49 Synology 106 39
5 CRITICAL 14 HIGH 19 MEDIUM 1 LOW
0 0 0.2% 62% +39
50 Qnap 98 89
1 CRITICAL 21 HIGH 62 MEDIUM 5 LOW
0 0 0.1% 43% +89
51 Abb 89 16
2 CRITICAL 11 HIGH 3 MEDIUM
0 0 0.1% 0% +16
52 Lenovo 78 40
19 HIGH 20 MEDIUM
0 0 0.0% 45% +40
53 Sonicwall 69 13
2 CRITICAL 6 HIGH 3 MEDIUM 2 LOW
0 0 0.1% 0% +13
54 Zte 69 15
5 HIGH 9 MEDIUM 1 LOW
0 3 0.0% 0% +15
55 Hikvision 64 8
1 CRITICAL 7 HIGH
0 0 0.5% 0% +8
56 Mikrotik 62 6
3 HIGH 3 MEDIUM
0 3 1.0% 0% +6
57 Aruba 53 21
7 HIGH 12 MEDIUM 2 LOW
0 0 0.1% 0% +21
58 Ericsson 43 11
8 HIGH 3 MEDIUM
0 0 0.1% 27% +11
59 Fortigate 37 5
3 HIGH 1 MEDIUM 1 LOW
0 0 0.0% 0% +5
60 Qualcomm 20 12
3 HIGH 6 MEDIUM
0 1 0.1% 75% +12
61 Mediatek 20 19
5 HIGH 12 MEDIUM
0 0 0.0% 100% +19
62 Dahua 10 3
1 CRITICAL 1 MEDIUM 1 LOW
0 0 0.2% 0% +3
63 Nokia 8 4
2 HIGH 2 MEDIUM
0 0 0.1% 25% +4
64 Huawei 0 7
7 MEDIUM
0 0 0.0% 100% +7

How to read this table

Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy