Tons Of Vulnerabilities No Matter What (Public Board)
The most secure machine is a machine that is not connected to anything. Certain projects I worked on had servers and workstations in rooms that had no network access. The room was armored with metal in the walls with poured concrete. In the room was its own network but there was no connection to the outside world, not even a telephone. On top of this you were not allowed to bring cell phones, electronic organizers, cameras, storage - NOTHING into the room.
VPS vulnerabilities are well documented:
https://www.digitalconnectmag.com/common-vps-server-security-vulnerabilities/
https://www.hostinger.com/tutorials/vps-security
https://www.time4vps.com/blog/the-risks-of-not-using-a-vps-server-for-your-website/