Vendor Intelligence

Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 64 vendors

Period: 30d 90d 6m 1y All
# Vendor Risk Score CVEs Severity KEV PoC Avg EPSS Patch Rate Trend
1 Suse 16968 5713
298 CRITICAL 1818 HIGH 3478 MEDIUM 1 LOW
18 727 0.4% 98% +5713
2 Redhat 14138 5103
213 CRITICAL 1709 HIGH 3173 MEDIUM 3 LOW
14 559 0.4% 96% +5103
3 WordPress 13279 5870
379 CRITICAL 1291 HIGH 3786 MEDIUM 72 LOW
0 538 0.6% 10% +5870
4 Microsoft 8947 2104
127 CRITICAL 1198 HIGH 713 MEDIUM 61 LOW
35 140 1.5% 23% +2104
5 Google 5070 1503
80 CRITICAL 652 HIGH 670 MEDIUM 44 LOW
14 120 0.3% 46% +1503
6 Tenda 4963 480
53 CRITICAL 322 HIGH 97 MEDIUM 8 LOW
0 390 0.6% 0% +480
7 Linux 4368 3747
27 CRITICAL 910 HIGH 2153 MEDIUM 15 LOW
1 51 0.0% 88% +3747
8 D-Link 4029 450
58 CRITICAL 220 HIGH 162 MEDIUM 9 LOW
0 318 1.0% 2% +450
9 Apple 3531 1166
116 CRITICAL 325 HIGH 652 MEDIUM 71 LOW
14 44 0.3% 13% +1166
10 TOTOLINK 2895 288
42 CRITICAL 140 HIGH 96 MEDIUM 10 LOW
0 236 2.0% 0% +288
11 Debian 2322 1415
26 CRITICAL 256 HIGH 822 MEDIUM 84 LOW
3 111 0.1% 98% +1415
12 Apache 1283 327
44 CRITICAL 144 HIGH 124 MEDIUM 11 LOW
1 27 1.1% 74% +327
13 Mozilla 1128 244
68 CRITICAL 94 HIGH 79 MEDIUM 3 LOW
0 9 0.4% 87% +244
14 Cisco 1035 339
20 CRITICAL 95 HIGH 221 MEDIUM 3 LOW
7 10 0.5% 1% +339
15 TP-Link 960 135
3 CRITICAL 116 HIGH 14 MEDIUM 1 LOW
1 50 0.9% 20% +135
16 Linksys 954 88
8 CRITICAL 50 HIGH 30 MEDIUM
0 81 1.1% 0% +88
17 Ivanti 914 88
13 CRITICAL 46 HIGH 29 MEDIUM
10 8 12.4% 2% +88
18 Fortinet 776 170
13 CRITICAL 55 HIGH 80 MEDIUM 22 LOW
7 6 2.6% 0% +170
19 Netgear 706 65
23 CRITICAL 31 HIGH 10 MEDIUM 1 LOW
0 41 4.1% 9% +65
20 IBM 674 672
19 CRITICAL 117 HIGH 489 MEDIUM 45 LOW
0 0 0.1% 18% +672
21 Dell 654 249
10 CRITICAL 119 HIGH 97 MEDIUM 19 LOW
1 1 0.4% 10% +249
22 Gitlab 653 227
2 CRITICAL 62 HIGH 128 MEDIUM 34 LOW
0 46 0.1% 17% +227
23 Adobe 626 470
7 CRITICAL 99 HIGH 355 MEDIUM 9 LOW
2 5 0.5% 11% +470
24 Sap 540 223
26 CRITICAL 38 HIGH 142 MEDIUM 17 LOW
2 1 0.6% 11% +223
25 Nginx 465 88
13 CRITICAL 43 HIGH 25 MEDIUM 5 LOW
0 20 2.7% 64% +88
26 Samsung 455 175
16 CRITICAL 54 HIGH 100 MEDIUM 3 LOW
1 1 0.4% 9% +175
27 Nvidia 450 178
6 CRITICAL 91 HIGH 53 MEDIUM 28 LOW
0 1 0.1% 14% +178
28 Oracle 406 261
12 CRITICAL 59 HIGH 177 MEDIUM 13 LOW
0 6 0.2% 47% +261
29 Drupal 404 196
16 CRITICAL 49 HIGH 125 MEDIUM 6 LOW
0 6 0.2% 81% +196
30 Juniper 399 128
6 CRITICAL 64 HIGH 58 MEDIUM
1 1 0.3% 0% +128
31 VMware 388 51
1 CRITICAL 24 HIGH 23 MEDIUM 1 LOW
5 2 1.7% 22% +51
32 Joomla 360 64
18 CRITICAL 25 HIGH 17 MEDIUM 3 LOW
0 7 0.2% 3% +64
33 Citrix 332 16
3 CRITICAL 10 HIGH 3 MEDIUM
4 4 5.1% 0% +16
34 Intel 293 295
1 CRITICAL 67 HIGH 199 MEDIUM 23 LOW
0 0 0.0% 19% +295
35 Paloalto 232 64
2 CRITICAL 19 HIGH 32 MEDIUM 7 LOW
2 1 3.1% 0% +64
36 Zyxel 212 20
2 CRITICAL 11 HIGH 7 MEDIUM
2 2 6.6% 0% +20
37 Wazuh 161 13
3 CRITICAL 3 HIGH 6 MEDIUM 1 LOW
1 7 7.4% 38% +13
38 Canonical 158 55
7 CRITICAL 18 HIGH 27 MEDIUM
0 2 0.1% 89% +55
39 Hp 156 38
4 CRITICAL 15 HIGH 19 MEDIUM
0 5 1.9% 21% +38
40 Broadcom 151 25
2 CRITICAL 15 HIGH 6 MEDIUM
1 1 0.4% 24% +25
41 Rockwell 133 24
2 CRITICAL 22 HIGH
0 0 0.2% 0% +24
42 Qnap 129 90
2 CRITICAL 21 HIGH 62 MEDIUM 5 LOW
0 0 0.1% 0% +90
43 Hashicorp 121 36
2 CRITICAL 13 HIGH 19 MEDIUM 2 LOW
0 6 0.6% 53% +36
44 Atlassian 120 35
6 CRITICAL 13 HIGH 13 MEDIUM 3 LOW
0 1 0.5% 69% +35
45 Jenkins 120 87
4 CRITICAL 18 HIGH 63 MEDIUM 2 LOW
0 1 0.1% 53% +87
46 Amd 120 87
30 HIGH 53 MEDIUM 2 LOW
0 0 0.0% 68% +87
47 Ubiquiti 111 16
7 CRITICAL 4 HIGH 5 MEDIUM
0 0 0.2% 0% +16
48 Synology 108 29
4 CRITICAL 12 HIGH 12 MEDIUM 1 LOW
0 0 0.2% 10% +29
49 Elastic 98 44
3 CRITICAL 11 HIGH 28 MEDIUM 1 LOW
0 3 0.3% 52% +44
50 Fortigate 97 9
1 CRITICAL 3 HIGH 4 MEDIUM 1 LOW
1 0 0.3% 0% +9
51 Siemens 91 34
1 CRITICAL 14 HIGH 16 MEDIUM 3 LOW
0 0 0.2% 0% +34
52 Abb 85 16
2 CRITICAL 10 HIGH 4 MEDIUM
0 0 0.1% 0% +16
53 Lenovo 68 30
14 HIGH 16 MEDIUM
0 0 0.0% 27% +30
54 Hikvision 60 7
1 CRITICAL 6 HIGH
0 0 0.6% 0% +7
55 Sonicwall 57 13
2 CRITICAL 3 HIGH 2 MEDIUM 2 LOW
0 0 0.1% 0% +13
56 Ericsson 57 11
8 HIGH 2 MEDIUM 1 LOW
0 0 0.1% 0% +11
57 Aruba 53 19
7 HIGH 10 MEDIUM 2 LOW
0 0 0.1% 0% +19
58 Zte 33 5
2 HIGH 2 MEDIUM 1 LOW
0 0 0.0% 0% +5
59 Mikrotik 29 4
3 HIGH 1 MEDIUM
0 2 1.4% 0% +4
60 Qualcomm 16 9
2 HIGH 5 MEDIUM
0 1 0.1% 67% +9
61 Mediatek 16 19
4 HIGH 11 MEDIUM
0 0 0.0% 100% +19
62 Dahua 10 3
1 CRITICAL 1 MEDIUM 1 LOW
0 0 0.2% 0% +3
63 Nokia 8 4
2 HIGH 2 MEDIUM
0 0 0.1% 25% +4
64 Huawei 0 5
5 MEDIUM
0 0 0.0% 100% +5

How to read this table

Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy