Skip to main content
HomeTopicsVulnerabilities

Vulnerabilities

We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.

Showing 41-60 of 342 results

Nearly 40% of the top-targeted vulnerabilities impacted end- of-life (EOL) devices.

Cisco Talos5/27/2026
EOL Devices

Exploited high and critical severity vulnerabilities increased 105% from 71 in 2024 to 146 in 2025.

2026 Global Threat Landscape Report 5/27/2026
Vulnerability Exploitation

Threat actors deployed more than 147,000 malicious domains, nearly 58,000 malware files, and actively exploited 549 vulnerabilities in 2025.

2026 In the Wild Threat Report5/27/2026
Malicious DomainsMalware

Routers account for one-third of the most critical vulnerabilities in organizational networks.

Forescout5/27/2026
Network InfrastructureRouters

The median time from a vulnerability's publication to its inclusion in the CISA KEV catalog dropped from 8.5 days to 5.0 days.

2026 Global Threat Landscape Report 5/27/2026
CISA KEV

The mean time from a vulnerability's publication to its inclusion in the CISA KEV catalog dropped from 61.0 days to 28.5 days.

2026 Global Threat Landscape Report 5/27/2026
CISA KEV

For network intrusions, unpatched vulnerabilities were the root cause 21% of the time.

BakerHostetler5/27/2026
Network IntrusionNetwork Security

29.15% of organizations are vulnerable to the React2Shell RCE vulnerability.

Orca Security5/27/2026
React2Shell RCE Vulnerability

More than 81% of organizations deploy vulnerable dependencies.

Orca Security5/27/2026
Vulnerable DependenciesSoftware Dependencies

Routers and switches average nearly 32 vulnerabilities per device.

Forescout5/27/2026
Network InfrastructureSwitches

46.20% of organizations remain exposed to Log4Shell years after disclosure.

Orca Security5/27/2026
Log4ShellSupply Chain Attacks

In 2025, one in three vulnerabilities (33%) had publicly available exploit code.

Flashpoint5/27/2026
Exploit Code

26 of 30 pull requests (87%) introduce at least one vulnerability.

DryRun Security5/27/2026
Application SecurityAI Development

Zero-day vulnerabilities are being mass exploited in as little as 24 hours after discovery.

Flashpoint5/27/2026
Zero-Day VulnerabilitiesZero-Day Exploits

Vulnerability disclosures increased by 12% between January 2025 and December 2025.

Flashpoint5/27/2026
Vulnerability Disclosures

143 security issues are identified across 38 security scans.

DryRun Security5/27/2026
Application SecuritySecurity Scanning

11.3% of software flaws pose real-world danger.

Veracode5/27/2026
Risk Prioritization

47.2% of SMBs say lack of skills is the key hurdle to resolving security vulnerabilities and incidents.

N-able5/27/2026
SMBsTalent

47.2% of SMBs say alert fatigue is the key hurdle to resolving security vulnerabilities and incidents.

N-able5/27/2026
SMBsAlert Fatigue

Among respondents who identified at least one affected technology, vulnerabilities tied to reported open source incidents were distributed across infrastructure and middleware (51.9%), software development frameworks and libraries (50.0%), and databases and data technologies (48.1%).

TuxCare5/27/2026
Open SourceCybersecurity Incident