Vulnerabilities
We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.
Explore Subcategories
Related Topics
Showing 321-340 of 342 results
Many of 2024's most exploited vulnerabilities were found in widely used third-party software rather than internally developed applications
Over 4,400 of the disclosed CVEs in 2024 were classified as critical (CVSS 9.0+).
A significant portion of vulnerabilities were weaponized within days of disclosure.
Over 40,000 CVEs were disclosed in 2024.
There was a 38% year-over-year increase in published CVEs.
Nearly three out of every five assets in healthcare environments have a critical vulnerability finding.
20% of HIS (hospital information systems), which manage clinical patient data, as well as administrative and financial information, have KEVs linked to ransomware and insecure internet connectivity, impacting 58% of organisations
9% of IoMT devices contain confirmed KEVs in their systems, impacting 99% of organisations.
Over half of practitioners (53%) and more than a third of security leaders (36%) admit to delaying patches due to operational constraints
89% of healthcare organisations have the top 1% of riskiest IoMT devices on their networks, which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns and an insecure connection to the internet.
Despite 98% of organisations using vulnerability scanning, only 34% find it highly effective due to false positives.
1% of IoMT devices carry KEVs linked to active ransomware campaigns and insecure internet connectivity, impacting 89% of organisations.
8% of imaging systems (X-rays, CT scans, MRI, ultrasound, and more) have KEVs linked to ransomware and insecure internet connectivity, making this the riskiest medical device category and impacting 85% of organisations.
NodeZero exploited 229 known vulnerabilities nearly 100,000 times in customer environments, demonstrating that many organizations struggle to remediate even widely recognized threats.
At Pwn2Own Automotive 2025, 49 unique zero-day vulnerabilities were discovered across primarily in-vehicle infotainment (IVI) and EV-charging systems. This event took place between January 22-24, 2025, in Tokyo and involved top-tier security researchers from 13 countries.
The total count of automotive-related vulnerabilities (“CVEs”) published in 2024 reached 530, representing another annual gain and nearly twice as many as the 2019 count.
More than 77 percent of automotive vulnerabilities were found on onboard or in-vehicle systems in 2024.
80% of SMBs recognise they have cyber vulnerabilities.
Wallarm tracked 439 AI-related CVEs in 2024.
SMB vulnerabilities declined by 72%, while RPC accounted for 92% of all exploitable service tickets.