As seen above, the popularity of each CVE can be determined in different ways, not just based on number of posts, meaning it should be considered that a post can receive many replies and raise interest or not receive any replies at all, while a wide distribution of posts among a high number of forums in different languages can also provide information about the CVE’s popularity. An additional interesting finding was discovered while checking the “Top ten CVEs” by number of forums, as we identified a CVE that was disclosed in 2012 - CVE-2012- 0158 (a vulnerability in Microsoft Office, CVSS: 9.3) 10 , which has been mentioned in nine different forums between January 2020 and March 2021. Of note, it received only 16 posts, and therefore, it is not among the “Top ten CVEs” by number of posts. This flaw was exploited by threat actors during the COVID-19 outbreak in 2020. 11 The fact that this flaw is still used by threat actors clearly proves that organizations are not patching their systems and are not maintaining a resilient security posture. The table below presents the top mentioned CVE in the past five years, according to the year it was disclosed: https://www.cognyte.com/blog/what-you-need-to-know-about-the-top-4-global-ransomware-vulnerabilities-and-how- to-stay-protected/ 11. https://nvd.nist.gov/vuln/detail/CVE-2016-4437 - a flaw in Apache Shiro. 13. https://nvd.nist.gov/vuln/detail/CVE-2018-13379 - a flaw in Fortinet FortiOS: https://www.fortiguard.com/psirt/FG-IR-18-384 12. 10. TOP MENTIONED CVES IN THE PAST FIVE YEARS Disclosure Year % from all CVEs Top Mentioned CVE by Number of Posts 2020 56.3% CVE-2020-0796 (CVSS:10) 2019 17.3% CVE-2019-19781 (CVSS:9.8) 2018 7.8% CVE-2018-13379 (CVSS:9.8) 12 2017 6.3% CVE-2017-11882 (CVSS:7.8) 2016 1.9% CVE-2016-4437 (CVSS:8.1) 13 6 Vulnerability Threat Intelligence Report