Updated: This is an outdated list, but I leave it here as a reminder.  Software has security a half-life.  That half-life is the combination of how long it takes for an attacker to find a weakness, for an exploit to be developed, and for you to realize it’s sitting on your network.

In this older article from CSO magazine, we see a list of applications and specific versions that are out of support.   They represent a higher risk than current versions. You can change the version numbers from the original articles, yet the message is the same..
Adobe AIR 18.x
Adobe AIR 3.x
Adobe Flash Player 18.x
Google Chrome 43.x
Google Chrome 44.x
Microsoft XML Core Services 4.x
Mozilla Firefox 39.x
Mozilla Firefox 40.x
Oracle Java JRE 1.6.x and 6.x
Oracle Java JRE 1.7.x and 7.x
It’s no coincidence these are technologies used to deliver web content. Many organizations have less than perfect control of the software present on PCs, so Email and web drive-by attacks specifically exploit vulnerabilities in these packages. Your anti-virus may be up to date and your firewall working perfectly, but ransomware and other other malware slips by and finds a foothold by exploiting these unpatched applications.