I think you mean OpenBSD. From their homepage:

> Only two remote holes in the default install, in a heck of a long time!

FreeBSD, not so much.

https://www.cvedetails.com/vulnerability-list/vendor_id-6/pr...

Keep in mind that openbsd has a tiny base install, so it's not exactly surprising that there aren't a lot of remote exploits. Nothing's listening by default, so why would there be?

By the time you set up OpenBSD to do anything, that's gonna change.

Indeed. “Default install” is a big asterisk.