Vendor Intelligence

Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 54 vendors

Period: 30d 90d 6m 1y All
# Vendor Risk Score CVEs Severity KEV PoC Avg EPSS Patch Rate Trend
1 Suse 5176 1307
136 CRITICAL 449 HIGH 603 MEDIUM 1 LOW
2 240 0.1% 96% +957
2 Redhat 4206 1118
110 CRITICAL 434 HIGH 571 MEDIUM 1 LOW
1 165 0.1% 95% +792
3 WordPress 2066 1332
69 CRITICAL 288 HIGH 869 MEDIUM 9 LOW
0 25 0.1% 2% +177
4 Microsoft 1860 420
35 CRITICAL 256 HIGH 119 MEDIUM 7 LOW
8 9 0.1% 21% +224
5 D-Link 1763 184
26 CRITICAL 114 HIGH 38 MEDIUM 6 LOW
0 128 0.1% 4% +143
6 Google 1570 420
35 CRITICAL 201 HIGH 118 MEDIUM 21 LOW
4 27 0.0% 60% +164
7 Linux 1138 862
19 CRITICAL 181 HIGH 299 MEDIUM 8 LOW
0 28 0.0% 68% +551
8 Tenda 1079 110
5 CRITICAL 91 HIGH 14 MEDIUM
0 80 0.1% 1% +76
9 Apple 570 255
21 CRITICAL 71 HIGH 145 MEDIUM 16 LOW
1 1 0.1% 14% +63
10 Mozilla 570 82
41 CRITICAL 34 HIGH 7 MEDIUM
0 3 0.0% 89% +65
11 Apache 432 114
16 CRITICAL 52 HIGH 38 MEDIUM 5 LOW
0 8 0.4% 75% +74
12 Debian 402 269
5 CRITICAL 78 HIGH 31 MEDIUM 4 LOW
0 5 0.1% 100% +101
13 Cisco 387 112
6 CRITICAL 30 HIGH 76 MEDIUM
3 4 0.1% 0% +92
14 TOTOLINK 262 18
4 CRITICAL 13 HIGH 1 MEDIUM
0 18 0.9% 0% +6
15 Fortinet 247 40
5 CRITICAL 14 HIGH 17 MEDIUM 4 LOW
2 2 0.1% 0% +23
16 Ivanti 233 5
2 CRITICAL 2 HIGH 1 MEDIUM
3 1 31.9% 20% +4
17 Nginx 218 48
9 CRITICAL 26 HIGH 9 MEDIUM 3 LOW
0 3 0.1% 67% +44
18 Gitlab 216 70
1 CRITICAL 24 HIGH 37 MEDIUM 8 LOW
0 11 0.0% 7% +44
19 Juniper 177 52
4 CRITICAL 28 HIGH 20 MEDIUM
0 0 0.0% 0% +52
20 Oracle 174 83
5 CRITICAL 25 HIGH 49 MEDIUM 4 LOW
0 2 0.0% 35% +79
21 TP-Link 172 52
43 HIGH 8 MEDIUM
0 0 0.1% 52% +48
22 Dell 156 40
1 CRITICAL 19 HIGH 16 MEDIUM 3 LOW
1 0 0.9% 12% +7
23 Samsung 136 37
5 CRITICAL 16 HIGH 14 MEDIUM
0 0 0.0% 5% +1
24 Adobe 134 80
1 CRITICAL 21 HIGH 57 MEDIUM 1 LOW
0 2 0.0% 2% +78
25 IBM 124 191
2 CRITICAL 26 HIGH 149 MEDIUM 14 LOW
0 0 0.0% 49% +139
26 Sap 123 54
7 CRITICAL 8 HIGH 35 MEDIUM 4 LOW
0 0 0.1% 7% +35
27 Canonical 120 24
6 CRITICAL 13 HIGH 5 MEDIUM
0 1 0.0% 96% +21
28 Nvidia 111 26
1 CRITICAL 20 HIGH 5 MEDIUM
0 0 0.1% 8% -1
29 Fortigate 93 8
1 CRITICAL 2 HIGH 4 MEDIUM 1 LOW
1 0 0.4% 0% +8
30 Drupal 60 22
5 HIGH 17 MEDIUM
0 5 0.0% 77% +15
31 Broadcom 59 6
2 HIGH 2 MEDIUM
1 0 1.3% 50% -8
32 VMware 59 8
2 HIGH 4 MEDIUM 1 LOW
1 0 1.0% 50% +7
33 Qnap 53 8
2 CRITICAL 2 HIGH 4 MEDIUM
0 0 0.2% 0% -17
34 Wazuh 53 5
2 CRITICAL 3 MEDIUM
0 1 0.1% 0% +2
35 Netgear 52 9
9 HIGH
0 2 0.2% 67% +5
36 Hashicorp 48 8
1 CRITICAL 6 HIGH 1 MEDIUM
0 1 0.0% 38% +6
37 Zyxel 47 8
1 CRITICAL 3 HIGH 4 MEDIUM
0 0 0.2% 0% +6
38 Jenkins 40 14
10 HIGH 4 MEDIUM
0 0 0.0% 100% +13
39 Elastic 34 13
4 HIGH 9 MEDIUM
0 1 0.0% 31% +8
40 Atlassian 30 6
1 CRITICAL 5 HIGH
0 0 0.1% 50% +4
41 Paloalto 29 5
1 HIGH
0 0 0.0% 0%
42 Sonicwall 25 7
1 MEDIUM 2 LOW
0 0 0.1% 0% +6
43 Ubiquiti 18 3
1 CRITICAL 2 HIGH
0 0 0.0% 0% +3
44 Amd 16 6
4 HIGH 2 MEDIUM
0 0 0.0% 67% -4
45 Intel 12 12
2 HIGH 10 MEDIUM
0 0 0.0% 42% -50
46 Hikvision 12 3
3 HIGH
0 0 0.0% 0% +3
47 Nokia 8 3
2 HIGH 1 MEDIUM
0 0 0.1% 0% +3
48 Hp 8 5
2 HIGH 3 MEDIUM
0 0 0.0% 60% +2
49 Abb 8 3
2 HIGH 1 MEDIUM
0 0 0.0% 0% +1
50 Ericsson 8 3
2 HIGH 1 MEDIUM
0 0 0.0% 0% +3
51 Mediatek 4 5
1 HIGH
0 0 0.0% 100% +5
52 Joomla 4 4
1 HIGH 2 MEDIUM
0 0 0.0% 0% +2
53 Synology 4 4
1 HIGH 3 MEDIUM
0 0 0.0% 75% -4
54 Lenovo 0 4
4 MEDIUM
0 0 0.0% 25% -2

How to read this table

Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy