Skip to main content
HomeTopicsVulnerabilities

Vulnerabilities

We've curated 342 cybersecurity statistics about Vulnerabilities to help you understand how software weaknesses and system flaws are being exploited by cybercriminals in 2025. This insight can guide you in fortifying your defenses effectively.

Showing 81-100 of 342 results

The most widely detected vulnerability is CVE-2013-2566, which dates to 2013.

Barracuda2/22/2026
CVE-2013-2566

In 2025, 14% of published AI vulnerabilities were MCP-related (315 MCP-related vulnerabilities).

Wallarm2/22/2026
AI VulnerabilitiesModel Context Protocol

MCP vulnerabilities grew 270% from Q2 to Q3 in 2025.

Wallarm2/22/2026
AI SecurityModel Context Protocol

98% of API vulnerabilities are easy or trivial to exploit.

Wallarm2/22/2026
API SecurityExploitability

59% of API vulnerabilities require no authentication.

Wallarm2/22/2026
API SecurityAuthentication

26% percent of advisories in 2025 contained no patch or mitigation from vendors.

Dragos2/22/2026
Patch ManagementICS

63% of mid-sized AppSec teams (11–50 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.

Rein Security2/22/2026
Application SecuritySCA

38% of small AppSec teams (1–10 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.

Rein Security2/22/2026
Application SecuritySCA

25% of ICS-CERT and NVD vulnerabilities have incorrect CVSS scores.

Dragos2/22/2026
Vulnerability ScoringICS-CERT

In 2025, 37 N-day vulnerabilities and 52 zero-day vulnerabilities specifically targeted security and perimeter software.

Flashpoint2/14/2026
N-Day VulnerabilitiesZero-Day Vulnerabilities

Of the 65 CVEs discussed by the BlackBasta ransomware group, 54 are Known Exploited Vulnerabilities (KEVs).

Flashpoint2/14/2026
RansomwareBlackBasta

N-day vulnerabilities represent over 80% of all Known Exploited Vulnerabilities (KEVs) tracked over the past four years.

Flashpoint2/14/2026
Exploit TrendsN-Day Vulnerabilities

242 vulnerabilities are added to the CISA Known Exploited Vulnerabilities catalog, a 30% year-over-year increase, and 285 vulnerabilities are added to the Vedere Labs KEV, a 213% year-over-year increase.

Forescout Technologies Inc2/5/2026
KEV

71% of exploited vulnerabilities are not in the CISA KEV catalog.

Forescout Technologies Inc2/5/2026
KEV

AI-generated code results in 15–18% more security vulnerabilities per line of code compared to human-written code.

Opsera2/4/2026
Software Security

In Q3 2025, the number of newly published vulnerabilities reached over 11,700, with nearly 1,800 classified as high-risk.

Beazley Security11/22/2025

In Q3 2025, 29 vulnerabilities were confirmed to be actively exploited in the wild, representing a 26% decrease from the previous quarter.

Beazley Security11/22/2025
In the wild

60% of all cyber training focuses on vulnerabilities that are more than two years old.

Immersive11/22/2025
Cybersecurity trainingCyber incident simulation

71% of critical vulnerability alerts in Q3 2025 originated from just four legacy CVEs.

ReliaQuest11/9/2025
Cloud SecurityCVEs

As of October 2025, there are over 14,700 Jenkins servers exposed to the internet that remain vulnerable to CVE-2024-23897.

ReliaQuest11/9/2025
Cloud Security