Vendor Intelligence
Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 65 vendors
| # | Vendor | Risk Score | CVEs | Severity | KEV | PoC | Avg EPSS | Patch Rate | Trend |
|---|---|---|---|---|---|---|---|---|---|
| 1 | Microsoft | 95524 | 17258 |
2477 CRITICAL
9303 HIGH
5146 MEDIUM
324 LOW
|
351 | 1998 | 7.5% | 56% | +17258 |
| 2 | WordPress | 70607 | 17309 |
1198 CRITICAL
3699 HIGH
12220 MEDIUM
185 LOW
|
3 | 5458 | 2.0% | 20% | +17309 |
| 3 | 48068 | 13973 |
1144 CRITICAL
5836 HIGH
6570 MEDIUM
404 LOW
|
86 | 1122 | 1.1% | 36% | +13973 | |
| 4 | Apple | 31060 | 8065 |
684 CRITICAL
3168 HIGH
3743 MEDIUM
469 LOW
|
132 | 616 | 1.5% | 12% | +8065 |
| 5 | Adobe | 27731 | 5603 |
1345 CRITICAL
2131 HIGH
2026 MEDIUM
101 LOW
|
67 | 300 | 6.8% | 52% | +5603 |
| 6 | Linux | 24991 | 12817 |
320 CRITICAL
3962 HIGH
7779 MEDIUM
178 LOW
|
23 | 599 | 0.6% | 91% | +12817 |
| 7 | Suse | 22822 | 9353 |
435 CRITICAL
2986 HIGH
5930 MEDIUM
|
20 | 691 | 0.3% | 98% | +9353 |
| 8 | Tenda | 21890 | 1817 |
625 CRITICAL
970 HIGH
181 MEDIUM
41 LOW
|
3 | 1448 | 1.5% | 0% | +1817 |
| 9 | Red Hat | 18760 | 8628 |
274 CRITICAL
2646 HIGH
5634 MEDIUM
71 LOW
|
18 | 567 | 0.3% | 93% | +8628 |
| 10 | Oracle | 17931 | 7769 |
609 CRITICAL
1959 HIGH
4405 MEDIUM
795 LOW
|
41 | 244 | 2.6% | 59% | +7769 |
| 11 | Cisco | 17720 | 5526 |
400 CRITICAL
2106 HIGH
2982 MEDIUM
38 LOW
|
75 | 190 | 2.3% | 3% | +5526 |
| 12 | D-Link | 15371 | 1370 |
393 CRITICAL
613 HIGH
274 MEDIUM
90 LOW
|
20 | 995 | 5.8% | 4% | +1370 |
| 13 | Apache | 14270 | 2543 |
524 CRITICAL
966 HIGH
981 MEDIUM
64 LOW
|
42 | 382 | 9.5% | 75% | +2543 |
| 14 | Mozilla | 12786 | 2672 |
587 CRITICAL
1053 HIGH
995 MEDIUM
36 LOW
|
10 | 274 | 1.8% | 30% | +2672 |
| 15 | IBM | 9760 | 5580 |
342 CRITICAL
1293 HIGH
3421 MEDIUM
520 LOW
|
6 | 108 | 1.2% | 44% | +5580 |
| 16 | Qualcomm | 5549 | 1142 |
241 CRITICAL
692 HIGH
204 MEDIUM
2 LOW
|
4 | 21 | 0.4% | 44% | +1142 |
| 17 | SAP | 4886 | 1669 |
162 CRITICAL
470 HIGH
980 MEDIUM
57 LOW
|
13 | 89 | 1.9% | 5% | +1669 |
| 18 | Netgear | 4464 | 748 |
142 CRITICAL
316 HIGH
283 MEDIUM
7 LOW
|
8 | 170 | 4.6% | 19% | +748 |
| 19 | TP-Link | 4064 | 440 |
79 CRITICAL
250 HIGH
109 MEDIUM
1 LOW
|
5 | 250 | 4.9% | 11% | +440 |
| 20 | Gitlab | 4002 | 1245 |
61 CRITICAL
283 HIGH
806 MEDIUM
94 LOW
|
4 | 255 | 2.6% | 16% | +1245 |
| 21 | Intel | 3914 | 1699 |
55 CRITICAL
698 HIGH
886 MEDIUM
55 LOW
|
4 | 45 | 0.9% | 27% | +1699 |
| 22 | VMware | 3750 | 643 |
94 CRITICAL
270 HIGH
261 MEDIUM
17 LOW
|
23 | 71 | 4.9% | 36% | +643 |
| 23 | Samsung | 3740 | 980 |
114 CRITICAL
354 HIGH
439 MEDIUM
71 LOW
|
4 | 120 | 1.4% | 5% | +980 |
| 24 | Dell | 3618 | 1272 |
95 CRITICAL
541 HIGH
578 MEDIUM
55 LOW
|
2 | 49 | 1.4% | 29% | +1272 |
| 25 | Juniper | 3286 | 984 |
69 CRITICAL
482 HIGH
429 MEDIUM
4 LOW
|
8 | 31 | 1.2% | 12% | +984 |
| 26 | Ivanti | 3256 | 386 |
57 CRITICAL
246 HIGH
78 MEDIUM
5 LOW
|
25 | 52 | 13.1% | 4% | +386 |
| 27 | HP | 3105 | 651 |
165 CRITICAL
208 HIGH
245 MEDIUM
32 LOW
|
2 | 62 | 8.7% | 13% | +651 |
| 28 | Jenkins | 3067 | 1691 |
77 CRITICAL
437 HIGH
1145 MEDIUM
32 LOW
|
5 | 37 | 2.8% | 66% | +1691 |
| 29 | Nvidia | 2840 | 919 |
35 CRITICAL
549 HIGH
287 MEDIUM
48 LOW
|
0 | 35 | 0.4% | 23% | +919 |
| 30 | Debian | 2806 | 1305 |
49 CRITICAL
293 HIGH
815 MEDIUM
60 LOW
|
4 | 118 | 0.4% | 94% | +1305 |
| 31 | Fortinet | 2625 | 639 |
65 CRITICAL
202 HIGH
335 MEDIUM
37 LOW
|
15 | 49 | 3.4% | 7% | +639 |
| 32 | TOTOLINK | 2495 | 245 |
38 CRITICAL
128 HIGH
72 MEDIUM
7 LOW
|
0 | 197 | 2.1% | 0% | +245 |
| 33 | Huawei | 2387 | 803 |
67 CRITICAL
367 HIGH
330 MEDIUM
39 LOW
|
0 | 28 | 0.6% | 2% | +803 |
| 34 | Nginx | 2271 | 369 |
63 CRITICAL
181 HIGH
118 MEDIUM
6 LOW
|
0 | 114 | 4.8% | 57% | +369 |
| 35 | Citrix | 2115 | 256 |
54 CRITICAL
99 HIGH
99 MEDIUM
4 LOW
|
15 | 51 | 6.6% | 21% | +256 |
| 36 | Atlassian | 2073 | 394 |
48 CRITICAL
113 HIGH
224 MEDIUM
9 LOW
|
10 | 78 | 7.6% | 32% | +394 |
| 37 | Zyxel | 1935 | 211 |
46 CRITICAL
89 HIGH
76 MEDIUM
|
11 | 68 | 7.8% | 16% | +211 |
| 38 | Paloalto | 1794 | 363 |
42 CRITICAL
113 HIGH
175 MEDIUM
29 LOW
|
14 | 25 | 4.1% | 14% | +363 |
| 39 | Aruba | 1521 | 343 |
81 CRITICAL
150 HIGH
108 MEDIUM
4 LOW
|
0 | 11 | 2.1% | 8% | +343 |
| 40 | Linksys | 1493 | 140 |
16 CRITICAL
80 HIGH
30 MEDIUM
14 LOW
|
0 | 123 | 4.1% | 1% | +140 |
| 41 | Hashicorp | 1403 | 344 |
52 CRITICAL
128 HIGH
138 MEDIUM
23 LOW
|
1 | 40 | 1.0% | 60% | +344 |
| 42 | Qnap | 1395 | 273 |
50 CRITICAL
83 HIGH
116 MEDIUM
24 LOW
|
7 | 24 | 4.8% | 18% | +273 |
| 43 | Synology | 1135 | 265 |
40 CRITICAL
95 HIGH
123 MEDIUM
7 LOW
|
0 | 42 | 2.2% | 16% | +265 |
| 44 | Rockwell | 1134 | 214 |
37 CRITICAL
134 HIGH
38 MEDIUM
5 LOW
|
1 | 19 | 4.4% | 7% | +214 |
| 45 | Drupal | 1100 | 319 |
24 CRITICAL
83 HIGH
199 MEDIUM
13 LOW
|
6 | 28 | 4.2% | 82% | +319 |
| 46 | Sonicwall | 1080 | 113 |
29 CRITICAL
47 HIGH
34 MEDIUM
3 LOW
|
7 | 27 | 11.3% | 1% | +113 |
| 47 | Amd | 979 | 459 |
18 CRITICAL
151 HIGH
278 MEDIUM
6 LOW
|
1 | 18 | 0.6% | 68% | +459 |
| 48 | Elastic | 971 | 321 |
25 CRITICAL
101 HIGH
184 MEDIUM
10 LOW
|
3 | 20 | 3.3% | 42% | +321 |
| 49 | Ubiquiti | 956 | 125 |
36 CRITICAL
64 HIGH
22 MEDIUM
3 LOW
|
3 | 23 | 1.0% | 39% | +125 |
| 50 | Siemens | 949 | 319 |
32 CRITICAL
119 HIGH
145 MEDIUM
23 LOW
|
1 | 11 | 1.7% | 23% | +319 |
| 51 | Joomla | 930 | 261 |
30 CRITICAL
63 HIGH
163 MEDIUM
4 LOW
|
1 | 38 | 6.0% | 15% | +261 |
| 52 | Schneider Electric | 897 | 174 |
52 CRITICAL
64 HIGH
52 MEDIUM
6 LOW
|
0 | 13 | 3.2% | 23% | +174 |
| 53 | Lenovo | 794 | 299 |
12 CRITICAL
135 HIGH
145 MEDIUM
6 LOW
|
0 | 15 | 1.1% | 25% | +299 |
| 54 | Abb | 785 | 136 |
27 CRITICAL
79 HIGH
26 MEDIUM
4 LOW
|
0 | 22 | 1.8% | 8% | +136 |
| 55 | Zte | 772 | 163 |
23 CRITICAL
58 HIGH
76 MEDIUM
6 LOW
|
0 | 35 | 4.8% | 0% | +163 |
| 56 | Broadcom | 758 | 123 |
24 CRITICAL
69 HIGH
28 MEDIUM
|
1 | 22 | 2.2% | 22% | +123 |
| 57 | Canonical | 727 | 247 |
21 CRITICAL
79 HIGH
136 MEDIUM
8 LOW
|
0 | 25 | 1.2% | 89% | +247 |
| 58 | Mikrotik | 600 | 53 |
4 CRITICAL
29 HIGH
20 MEDIUM
|
2 | 39 | 6.5% | 0% | +53 |
| 59 | Mediatek | 570 | 230 |
2 CRITICAL
119 HIGH
103 MEDIUM
6 LOW
|
1 | 3 | 0.3% | 52% | +230 |
| 60 | Dahua | 452 | 57 |
14 CRITICAL
23 HIGH
15 MEDIUM
5 LOW
|
2 | 13 | 9.6% | 37% | +57 |
| 61 | Hikvision | 345 | 32 |
9 CRITICAL
13 HIGH
8 MEDIUM
2 LOW
|
2 | 9 | 17.2% | 22% | +32 |
| 62 | Nokia | 322 | 57 |
4 CRITICAL
21 HIGH
31 MEDIUM
1 LOW
|
0 | 22 | 1.4% | 9% | +57 |
| 63 | Wazuh | 260 | 32 |
7 CRITICAL
10 HIGH
14 MEDIUM
1 LOW
|
1 | 12 | 3.7% | 69% | +32 |
| 64 | Ericsson | 214 | 36 |
2 CRITICAL
18 HIGH
16 MEDIUM
|
0 | 13 | 3.6% | 22% | +36 |
| 65 | Fortigate | 8 | 4 |
2 HIGH
1 MEDIUM
1 LOW
|
0 | 0 | 0.1% | 0% | +4 |
How to read this table
Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.