"More Than 26,000 Vulnerabilities Discovered in 2023"

According to security researchers at Qualys Threat Research Unit (TRU), a total of 26,447 vulnerabilities were disclosed in 2023, surpassing the previous year by over 1500 CVEs.  Notably, less than 1% of these vulnerabilities posed the highest risk, being actively exploited in the wild by ransomware, threat actors, and malware.  The researchers also found that 97 high-risk vulnerabilities, likely to be exploited, were not part of the CISA Known Exploited Vulnerabilities catalog, and 25% of high-risk vulnerabilities were exploited the same day they were published.  The deep dive into the vulnerability threat landscape also highlighted that over 7000 vulnerabilities had proof-of-concept exploit code, while 206 had weaponized exploit code, increasing the likelihood of successful compromises.  The researchers revealed that 32.5% of high-risk vulnerabilities affected network devices and web applications, emphasizing the need for a comprehensive vulnerability management strategy.  The researchers also shed light on the mean time to exploit high-risk vulnerabilities in 2023, standing at 44 days.

Infosecurity reports: "More Than 26,000 Vulnerabilities Discovered in 2023"