Around 494 vulnerabilities across 21 private local firms — mostly enterprise technology and financial services companies