Weekly Enterprise Exploitation Trend Report

17-06-2026 to 23-06-2026

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

274

Actively Exploited Vulnerabilities

114

Vendors Actively Exploited

Apache

Most Exploited Vendor

Microsoft Exchange

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Cisco

Atlassian

Citrix

VMware

Microsoft

Oracle

Palo Alto Networks

Adobe

Top 10 CVEs of 2025 with the Highest EPSS Scores -23-06-2026

CVE-2024-3400

PaloAlto PAN-OS
Command Injection
EPSS: 0.99999
Percentile: 1

CVE-2024-23897

Jenkins
Arbitrary File Read
EPSS: 0.99999
Percentile: 0.99995

CVE-2024-21893

Ivanti Connect Secure
Privilege Escalation
EPSS: 0.99999
Percentile: 0.99999

CVE-2024-21887

Ivanti Connect Secure
Command Injection
EPSS: 0.99999
Percentile: 1

CVE-2023-4966

Netscaler ADC and Gateway
Sensitive Information Disclosure
EPSS:0.99999
Percentile: 0.99993

CVE-2023-44487

HTTP/2
Denial of Service
EPSS: 0.99999
Percentile: 0.99996

CVE-2023-35082

Ivanti EPMM
Authentication Bypass
EPSS: 0.99999
Percentile: 0.99996

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.99999
Percentile: 0.99995

CVE-2023-27350

PaperCut NG
Authentication Bypass
EPSS: 0.99999
Percentile: 0.99991

CVE-2023-22518

Confluence Data Center and Server
Command Injection
EPSS: 0.99999
Percentile: 0.99996

Top Exploited CVEs Against Enterprise Applications

CVE-2022-41082

Critical

Microsoft

Command Injection
Exchange
Used by Ransomware
-
United States

CVE-2026-41940

Critical

cPanel

Authentication Bypass
cPanel and WHM
Used by Ransomware
-
United States

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Command Injection
PHPUnit
-
Ireland

CVE-2021-42013

Critical

Apache

Path Traversal
Apache HTTP Server
Used by Ransomware
-
China

CVE-2023-20198

Critical

Cisco

Privilege Escalation
Cisco IOS XE
-
United States

CVE-2025-5777

High

Citrix

Sensitive Data Exposure
Citrix NetScaler
Used by Ransomware
-
United States

CVE-2019-1653

High

Cisco

Sensitive Data Exposure
Cisco RV320/RV325
-
United States

CVE-2021-22986

Critical

Command Injection
BIG-IP
Used by Ransomware
-
Ireland

CVE-2021-44228

Critical

Apache

Command Injection
Log4j
Used by Ransomware
-
United States

CVE-2025-55182

Critical

Meta

Command Injection
React Server Components
Used by Ransomware
-
India

Top 10 Targeted Countries

China

439795

United States

32687

Ireland

15172

Pakistan

12455

Vietnam

11856

Singapore

6332

4529

Egypt

4164

South Korea

4161

India

3895

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Banking

Industry

France

Country

qilin

Aerospace

Industry

Austria

Country

aurora

Automotive

Industry

IIndia

Country

wallstreet

Education

Industry

India

Country

dragonforce

Manufacturing

Industry

India

Country

the gentlemen

Automotive

Industry

United States

Country

cmd organization

Media

Industry

Canada

Country

inc ransom

Healthcare

Industry

Norway

Country

nova

Travel & Leisure

Industry

Vietnam

Country

ransomexx

Insurance

Industry

Switzerland

Country

payload

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2026-20253

CVE-2026-48907

CVE-2026-54420

CVE-2026-20262

CVE-2026-35273

CVE-2026-10520

CVE-2026-11645

CVE-2026-7473

CVE-2026-20245

CVE-2026-42271

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Subscribe