The U.S. Department of Commerce’s National Institute of Standards and Technology’s National Vulnerability Database has hit a new record high of reported vulnerabilities in 2021.
The new record, the fifth straight year the record has been broken, saw 18,378 vulnerabilities reported. The number of high severity vulnerabilities reported fell slightly compared to the year before – 3,646 in 2021 compared to 4,381 the year before. Medium risk vulnerabilities reported came in at 11,767 while low-risk vulnerabilities were 2,965, both up from last year.
Researchers at Redscan Cyber Security Ltd. crunched the numbers in the report and found an average of 50 common vulnerabilities and exposures were logged with NIST every day through 2021. Of those reported, 90% can be exploited by attackers with limited technical skill, while 61% of CVEs require no user interaction such as clicking a link, downloading a file, or sharing credentials.
Not all the trends were negative. “No privilege” CVEs declined in 2021, coming in at 55%, down from 59% in 2020 and 66% in 2019. Vulnerabilities with a high confidentiality rating – that is, they are likely to impact confidential data,…