Danish security vendor Secunia records 15343 vulnerabilities across 3870 applications from 500 different vendors during 2014-- an 18% increase over 2013 and a 22% increase in the number of products.

Of that amount 25 vulnerabilities are of the zero-day variety (up from 14 for the previous year), 20 of which are in the 25 most popular products and 7 in operating systems. Such flaws are of the most dangerous kind, together with "Highly Critical" (11%) and "Extremely Critical" (0.3%) vulnerabilities.

The report also has some good news-- over 83% of the 15343 vulnerabilities got patched on day of disclosure.

"Every year, we see an increase in the number of vulnerabilities discovered, emphasising the need for organisations to stay on top of their environment," Secunia says. "IT teams need to have complete visibility of the applications that are in use, and they need firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed."

Among most targeted applications are PDF readers. Adobe Reader, for example, had 43 vulnerabilities in 2014. Secunia says 32% of Personal Software Inspector users lack an up-to-date version of Adobe Reader, putting them at risk.

Other risky applications are internet browsers-- Secunia reports 1035 vulnerabilities in Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari, a 42% increase over 2013.

Also mentioned in the report is Heartleed, the first serious security flaw found in OpenSSL. Secunia says 3rd party vendors should have been quicker in patching OpenSSL following the discovery, and as such there was no general pattern to response time.

"[O]rganisations cannot presume to be able to predict which vendors are dependable and quick to react, when vulnerabilities are discovered in products bundled with open source libraries," the company warns.

Go Secunia Vulnerability Review 2015