CVE Records of Known Exploited Vulnerabilities

Understanding vulnerability trends is critical to the risk management process. The goal of this paper is to raise the awareness and inform the users about the Common Vulnerabilities and Exposures (CVE) associated with Known Exploited Vulnerabilities that might affect users of the products by gathering data from the National Vulnerability Database (NVD) and CVE details from 2017 to Present. We built a system using Python and CVE Analyzer, which allow users to search for specific CVE records based on CVE ID, vendors, products, published date and the last updated date and export rows of data based on the filtered keyword. We also analyze the overall frequency of CVE records each year regarding Common Vulnerability Scoring System (CVSS) base metric trends, the vendors, and products with the most ransomware vulnerabilities. Our findings show that the frequency of all ransomware vulnerabilities increased from 2019 to 2021. Also, the number of high CVSS score of CVE records associated with ransomware is higher than those with low CVSS scores. Apple and Microsoft are the top vendors with the most exploited ransomware vulnerabilities, and IOS and Windows 10 are the products with the highest vulnerable versions by Apple and Microsoft. Our system can help users to prevent and mitigate the impact of ransomware attacks using datasets and data analysis.