Network security situation assessment plays an important role in the design and implementation of network defense strategies. The existing situation assessment methods gather the information of both attack and defense to construct an assessment model， which is extremely sensitive to the accuracy of attack detection and the relationship between attack and vulnerability exploitation. To deal with the above challenges and improve the accuracy of assessment， this paper proposes a situation assessment method combining attack and vulnerability. Firstly， various attack data sets are used to train attack detection models， and the attack detection results of different models are fused by the idea of ensemble learning. Secondly， with the help of the open source security model， the exploitation knowledge between different attack types and security vulnerabilities is extracted. Finally， the security situation assessment results are obtained by integrating the degree of attack damage and the probability of vulnerability exploitation calculated using the extracted exploitation knowledge. The results show that the proposed method improves the performance of attack detection， and the average F₁-score reaches 96.24. Furthermore， combined with the attack detection results， a situation assessment application case is given to show the effectiveness of the proposed method.