Weekly Enterprise Exploitation Trend Report

28-01-2026 to 03-02-2026

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

258

Actively Exploited Vulnerabilities

116

Vendors Actively Exploited

Apache

Most Exploited Vendor

Microsoft Exchange

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Atlassian

Oracle

Cisco

Microsoft

VMware

Citrix

Palo Alto Networks

Adobe

Top 10 CVEs of 2025 with the Highest EPSS Scores -03-02-2026

CVE-2024-27198

JetBrains TeamCity
Authentication Bypass
EPSS: 0.94579
Percentile: 1

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94502
Percentile: 1

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94482
Percentile: 0.99998

CVE-2024-6670

WhatsUp Gold
SQL Injection
EPSS: 0.94468
Percentile: 0.99995

CVE-2024-23897

Jenkins
Arbitrary File Read
EPSS: 0.94466
Percentile: 0.99994

CVE-2023-40044

WS_FTP Server
Code Injection
EPSS: 0.94449
Percentile: 0.99991

CVE-2023-32315

Openfire
Path Traversal
EPSS: 0.94441
Percentile: 0.9999

CVE-2023-38035

Ivanti MobileIron Sentry
Authentication Bypass
EPSS: 0.94438
Percentile: 0.99988

CVE-2024-7593

Ivanti vTM
Authentication Bypass
EPSS: 0.94436
Percentile: 0.99986

CVE-2023-46747

Big-IP
Code Injection
EPSS: 0.94436
Percentile: 0.99986

Top Exploited CVEs Against Enterprise Applications

CVE-2022-41082

Critical

Microsoft

Code/command Injection and Execution
Exchange
Used by Ransomware
-
United States

CVE-2023-20198

Critical

Cisco

Code/command Injection and Execution
Cisco IOS XE
-
United States

CVE-2021-42013

Critical

Apache

Code/command Injection and Execution
Apache HTTP Server
Used by Ransomware
-
United States

CVE-2017-9841

Critical

PHPUnit - Sebastian Bergmann

Code/command Injection and Execution
PHPUnit
-
United States

CVE-2025-5777

Critical

Citrix

Out-of-Bounds Read
Citrix NetScaler
Used by Ransomware
-
United States

CVE-2025-55182

Critical

Meta

Code/command Injection and Execution
React Server Components
Used by Ransomware
-
United States

CVE-2019-1653

High

Cisco

Sensitive Information Disclosure
Cisco RV320/RV325
-
Netherlands

CVE-2021-44228

Critical

Apache

Code/command Injection and Execution
Log4j
Used by Ransomware
-
United States

CVE-2023-35081

High

Ivanti

Path Traversal
Endpoint Manager Mobile (EPMM), formerly MobileIron Core
-
Thailand

CVE-2024-36401

Critical

Geoserver

Code/command Injection and Execution
Geoserver
-
Taiwan

Top 10 Targeted Countries

China

50811

United States

32515

Singapore

18702

Vietnam

10853

India

8904

Pakistan

6533

Brazil

5410

Russia

4085

4054

South Korea

3369

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Business

Industry

United States

Country

linkc

Business

Industry

Germany

Country

0apt

Business

Industry

United States

Country

devman2

Healthcare

Industry

United States

Country

termite

Business

Industry

Mexico

Country

qilin

Finance

Industry

Cambodia

Country

inc ransom

Business

Industry

United States

Country

dragonforce

Business

Industry

United States

Country

akira

Business

Industry

India

Country

rhysida

Business

Industry

Egypt

Country

the green blood group

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2026-1281

CVE-2026-24858

CVE-2018-14634

CVE-2025-52691

CVE-2026-23760

CVE-2026-24061

CVE-2026-21509

CVE-2024-37079

CVE-2025-68645

CVE-2025-34026

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Subscribe