Skip to main content

Vendor Intelligence

Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 53 vendors

Period: 30d 90d 6m 1y All
# Vendor Risk Score CVEs Severity KEV PoC Avg EPSS Patch Rate Trend
1 Suse 5938 2635
162 CRITICAL 999 HIGH 1474 MEDIUM
1 34 0.1% 98% +1329
2 Microsoft 5846 1525
134 CRITICAL 919 HIGH 430 MEDIUM 36 LOW
7 60 0.3% 92% +1010
3 Google 5186 1780
170 CRITICAL 811 HIGH 730 MEDIUM 66 LOW
1 24 0.1% 94% +1304
4 Red Hat 4534 2123
96 CRITICAL 801 HIGH 1225 MEDIUM
1 40 0.1% 96% +1045
5 WordPress 4319 1378
97 CRITICAL 394 HIGH 874 MEDIUM 13 LOW
0 219 0.2% 9% +153
6 Linux 4174 1884
106 CRITICAL 744 HIGH 921 MEDIUM 9 LOW
1 11 0.1% 98% +1145
7 Oracle 2303 445
143 CRITICAL 157 HIGH 122 MEDIUM 22 LOW
3 10 0.3% 21% +359
8 Apache 1544 384
84 CRITICAL 150 HIGH 129 MEDIUM 15 LOW
0 13 0.2% 77% +263
9 Tenda 1129 141
16 CRITICAL 108 HIGH 9 MEDIUM 8 LOW
0 64 0.3% 0% +29
10 Apple 930 395
19 CRITICAL 163 HIGH 199 MEDIUM 13 LOW
0 11 0.1% 91% +126
11 Mozilla 610 176
25 CRITICAL 84 HIGH 65 MEDIUM 1 LOW
0 3 0.1% 90% +57
12 IBM 520 160
34 CRITICAL 45 HIGH 78 MEDIUM 1 LOW
0 0 0.2% 63% -30
13 Nginx 474 94
19 CRITICAL 47 HIGH 27 MEDIUM 1 LOW
0 12 0.2% 71% +44
14 Cisco 430 57
3 CRITICAL 35 HIGH 19 MEDIUM
4 6 0.4% 26% -67
15 Ubiquiti 384 34
13 CRITICAL 20 HIGH 1 MEDIUM
3 3 0.3% 100% +24
16 Adobe 373 140
14 CRITICAL 34 HIGH 88 MEDIUM 4 LOW
1 3 0.7% 6% +41
17 D-Link 365 44
5 CRITICAL 21 HIGH 6 MEDIUM 12 LOW
0 26 0.2% 4% -134
18 Nvidia 350 94
8 CRITICAL 60 HIGH 26 MEDIUM
0 2 0.1% 21% +66
19 Canonical 340 88
12 CRITICAL 37 HIGH 34 MEDIUM 5 LOW
0 9 0.1% 90% +59
20 Gitlab 318 95
5 CRITICAL 21 HIGH 56 MEDIUM 13 LOW
0 23 0.1% 94% +26
21 Hashicorp 290 56
12 CRITICAL 20 HIGH 18 MEDIUM 3 LOW
1 5 0.1% 75% +45
22 Dell 266 134
5 CRITICAL 54 HIGH 70 MEDIUM 5 LOW
0 0 0.2% 83% +91
23 Ivanti 232 19
3 CRITICAL 13 HIGH 3 MEDIUM
2 3 0.5% 0% +12
24 Paloalto 155 39
1 CRITICAL 7 HIGH 23 MEDIUM 8 LOW
2 2 0.6% 100% +33
25 Debian 140 39
4 CRITICAL 17 HIGH 15 MEDIUM 1 LOW
0 4 0.2% 100% -55
26 Amd 126 73
1 CRITICAL 29 HIGH 38 MEDIUM 1 LOW
0 0 0.1% 59% +63
27 SAP 116 41
8 CRITICAL 4 HIGH 25 MEDIUM 4 LOW
0 0 0.1% 10% -12
28 Fortinet 93 26
4 CRITICAL 5 HIGH 16 MEDIUM 1 LOW
0 1 0.2% 0% -35
29 Intel 85 41
2 CRITICAL 16 HIGH 23 MEDIUM
0 0 0.0% 49% +26
30 Atlassian 76 16
4 CRITICAL 7 HIGH 5 MEDIUM
0 1 0.2% 88% +10
31 Jenkins 76 62
1 CRITICAL 13 HIGH 46 MEDIUM 2 LOW
0 1 0.1% 39% +55
32 VMware 62 11
1 CRITICAL 8 HIGH 2 MEDIUM
0 0 0.0% 9% +4
33 Juniper 62 25
1 CRITICAL 13 HIGH 11 MEDIUM
0 0 0.3% 88% -4
34 Mikrotik 53 5
3 HIGH 2 MEDIUM
0 2 0.1% 0% +5
35 Elastic 52 37
2 CRITICAL 7 HIGH 28 MEDIUM
0 0 0.1% 43% +24
36 Zte 49 9
2 HIGH 7 MEDIUM
0 2 0.0% 0% +7
37 Samsung 46 51
7 HIGH 44 MEDIUM
0 0 0.0% 14% +5
38 Citrix 44 9
7 HIGH 2 MEDIUM
0 2 0.3% 89% +7
39 HP 44 11
2 CRITICAL 6 HIGH 2 MEDIUM
0 0 0.1% 64% +6
40 Zyxel 41 11
4 HIGH 7 MEDIUM
0 0 0.2% 0% +3
41 Abb 41 6
4 HIGH 2 MEDIUM
0 0 0.0% 0% +3
42 Lenovo 36 12
7 HIGH 4 MEDIUM
0 1 0.1% 100% +4
43 TP-Link 36 12
7 HIGH 5 MEDIUM
0 1 0.1% 92% -40
44 Wazuh 32 7
2 CRITICAL 1 HIGH 4 MEDIUM
0 1 0.1% 100% -2
45 Synology 30 23
1 CRITICAL 5 HIGH 14 MEDIUM 3 LOW
0 0 0.0% 100% +17
46 Qualcomm 18 5
1 CRITICAL 2 HIGH 1 MEDIUM
0 0 0.1% 100% +4
47 Nokia 16 6
2 HIGH 4 MEDIUM
0 1 0.3% 67% +3
48 Ericsson 16 4
4 HIGH
0 0 0.0% 100%
49 Qnap 12 11
3 HIGH 6 MEDIUM 2 LOW
0 0 0.3% 91% +4
50 Huawei 12 3
1 HIGH 2 MEDIUM
0 1 0.1% 67% +3
51 Mediatek 12 7
3 HIGH 4 MEDIUM
0 0 0.0% 86% +7
52 Dahua 4 3
1 HIGH 1 MEDIUM 1 LOW
0 0 0.1% 0% +2
53 Netgear 0 18
18 MEDIUM
0 0 0.1% 83% +15

How to read this table

Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy