They don't crop up randomly in an otherwise sane software. There are probably hundred to be discovered in that closed software. Probably many are already discovered and exploited, but not made public yet. Please say "newly discovered" to hint at this facts.