Vulnerability Management
CVE trends, patch management statistics, vulnerability disclosure timelines, and remediation benchmarks.
Related Topics
Showing 1-20 of 97 results
95% of Anthropic Mythos disclosures have no public advisory and are not visible through CVE, NVD, GitHub advisory, or scanner-driven workflows.
38% of LLM vulnerabilities were fixed while 62% remain open.
78% of organizations experienced fully automated scanning tools missing critical vulnerabilities and returning false negatives.
In 2025, macOS privilege escalation vulnerabilities increased 5,600%.
In 2025, network infrastructure critical vulnerabilities increased 235%.
In 2025, vulnerabilities in security software rose 39%.
Total disclosed software vulnerabilities in enterprise environments increased 92% year-over-year in 2025.
In 2025, network infrastructure remote code execution (RCE) vulnerabilities rose 238%.
In 2025, network infrastructure elevation-of-privilege (EoP) vulnerabilities surged 266%.
In 2025, browser privilege escalation vulnerabilities surged 183%.
85% of senior security and IT leaders at U.S. enterprises with 500+ employees express concern that AI-accelerated vulnerability discovery is outpacing their organization's ability to prioritize and respond.
Enterprise application exploitation surged 800% in 2025, making ERP, CRM, collaboration, and operational business platforms top targets.
In 2025, privilege escalation vulnerabilities in security software jumped 107%.
Remote code execution (RCE) vulnerabilities surged 128% year-over-year in 2025.
Across all financial services vendors, 50.2% carry high-severity CVEs.
Only 9% of organizations remediate critical or high-severity vulnerabilities in production within 24 hours.
74% of organizations remediate critical or high-severity vulnerabilities in production within 1 to 7 days.
Organizations that remediate vulnerabilities in 4–7 days are breached by a known vulnerability at a 97% rate.
Organizations that patch vulnerabilities within 24 hours are breached by a known vulnerability at a 77% rate.
92% of organizations prioritizing risk identification before deployment experience a known-vulnerability incident in the past year.