each CVE received the same number of posts. 35. Summary This report examines discussions regarding CVEs on 15 different Dark Web forums in multiple languages between January 2020 and March 2021 to pinpoint the most popular ones that received the highest number of mentions and the wider distribution among Dark Web platforms. 35 Our findings revealed that there is no 100% correlation between the two parameters, since the top five CVEs that received the highest number of posts are not exactly the ones that were mentioned on the highest number of Dark Web forums examined. However, it is still enough to understand which CVEs were popular among threat actors on the Dark Web during the time examined: CVE-2020-1472 (aka ZeroLogon) CVE-2020-0796 (aka SMBGhost) CVE-2019-19781 CVE-2017-0199 CVE-2017-11882 CVE-2019-0708 (aka BlueKeep) Most of the CVEs in this list were abused by nation-state groups and cybercriminals, such as ransomware gangs, during worldwide campaigns against different sectors. Moreover, our findings also showed that even long time after relevant updates were released, CVEs are still popular on Dark Web platforms, such as CVE-2017-11882, which received the wider distribution (mentioned in 12 out of 15 forums examined). Also, the fact that they old CVEs are still abused by threat actors in the wild (the CVE-2012-0158 was exploited by threat actors during the COVID-19 outbreak in 2020) indicates that organizations are not patching their systems and are not maintaining a resilient security posture. 11 Vulnerability Threat Intelligence Report