Qualys Threat Research Unit Report: Rise in CVEs and Top 10 Exploited Vulnerabilities in Mid-2024

The Qualys Threat Research Unit (TRU) has released new research showing a 30% increase in Common Vulnerabilities and Exposures (CVEs) from 2023 to 2024, with the count rising from 17,114 to 22,254. This rise in CVEs is attributed to the increasing software complexity and wider technology usage, emphasizing the need for advanced vulnerability management strategies to combat evolving cybersecurity threats.

An analysis of the reported vulnerabilities in 2024 revealed that 0.91% had been weaponized, posing the most severe threats through exploits, active exploitation via ransomware, threat actors, malware, or confirmed wild exploitation instances. Additionally, there has been a notable increase in the weaponization of older CVEs identified before 2024, indicating the importance of not only staying ahead but also not falling behind in cybersecurity measures.

Saeed Abbasi, Product Manager of Vulnerability Research at Qualys TRU, highlighted the need for a proactive and predictive cybersecurity approach to mitigate risks effectively. The research also identified the top 10 exploited vulnerabilities in mid-2024, crucial for organizations to address promptly to protect sensitive systems.

While some vulnerabilities narrowly missed the top 10 list, they still pose a significant threat and require immediate attention from cybersecurity teams. Adopting a hybrid vulnerability management strategy, including network, external, and passive scans, is essential to identify and mitigate vulnerabilities effectively, especially those actively exploited on network and perimeter devices.

Organizations are urged to prioritize regular updates, diligent patch management, and advanced threat detection systems to enhance their security posture and safeguard critical assets in an increasingly interconnected world.