Weekly Enterprise Exploitation Trend Report

14-05-2026 to 19-05-2026

The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.

268

Actively Exploited Vulnerabilities

111

Vendors Actively Exploited

Apache

Most Exploited Vendor

Microsoft Exchange

Most Exploited Product

Top 10 Actively Exploited Vendors

Apache

Ivanti

Cisco

Atlassian

Citrix

VMware

Microsoft

Oracle

Palo Alto Networks

Adobe

Top 10 CVEs of 2025 with the Highest EPSS Scores -20-05-2026

CVE-2023-23752

Joomla
Improper Access Control
EPSS: 0.94527
Percentile: 1

CVE-2024-6670

WhatsUp Gold
SQL Injection
EPSS: 0.94468
Percentile: 0.99997

CVE-2024-23897

Jenkins
Arbitrary File Read
EPSS: 0.94466
Percentile: 0.99996

CVE-2023-32315

Openfire
Path Traversal
EPSS: 0.94441
Percentile: 0.99991

CVE-2023-35078

Ivanti EPMM
Authentication Bypass
EPSS: 0.94438
Percentile: 0.99989

CVE-2024-7593

Ivanti vTM
Authentication Bypass
EPSS: 0.94436
Percentile: 0.99988

CVE-2023-46747

F5 BIG-IP Configuration Utility
Authentication Bypass
EPSS: 0.94436
Percentile: 0.99987

CVE-2023-46604

Java OpenWire protocol
Code Injection
EPSS: 0.94436
Percentile: 0.99988

CVE-2023-40044

WS_FTP Server
Insecure Deserialization
EPSS: 0.94436
Percentile: 0.99987

CVE-2024-4040

CrushFTP
SSTI
EPSS: 0.99983
Percentile: 0.99986

Top Exploited CVEs Against Enterprise Applications

CVE-2022-41082

Critical

Microsoft

Command Injection
Exchange
Used by Ransomware
-
United States

CVE-2023-41265

Critical

Qlik

HTTP Tunneling
Qlik Sense
Used by Ransomware
-
United States

CVE-2020-8193

Medium

Citrix

Authorization Bypass
Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
-
United States

CVE-2023-35078

Critical

AIvanti

Authentication Bypass
Endpoint Manager Mobile (EPMM), formerly MobileIron Core
Used by Ransomware
-
United States

CVE-2021-42013

Critical

Apache

Path Traversal
Apache HTTP Server
Used by Ransomware
-
China

CVE-2023-20198

Critical

Cisco

Privilege Escalation
CCisco IOS XE
-
United States

CVE-2017-9841

Critical

MPHPUnit - Sebastian Bergmann

Command Injection
PHPUnit
-
China

CVE-2026-41940

Critical

cPanel

Command Injection
cPanel and WHM
Used by Ransomware
-
United States

CVE-2019-1653

High

Cisco

Remote Code Execution
Cisco RV320/RV325
-
United States

CVE-2023-4966

High

Citrix

Sensitive Data Exposure
Citrix ADC and Citrix Gateway
Used by Ransomware
-
Poland

Top 10 Targeted Countries

United States

44840

China

34046

Pakistan

7165

India

6466

6222

Brazil

5598

Germany

5034

South Korea

3718

Singapore

3158

Vietnam

3086

Actively Exploited Enterprise Vendors

Most Active Ransomware Groups

Industry

Country

Ransomware

Media

Industry

Germany

Country

safepay

Construction

Industry

United States

Country

nightspire

Landscaping

Industry

Austria

Country

qilin

Technology

Industry

Czech Republic

Country

the gentlemen

Healthcare

Industry

United States

Country

akira

Manufacturing

Industry

Brazil

Country

bavacai

Engineering

Industry

United States

Country

ailock

Healthcare

Industry

United States

Country

cmd organization

Logistics

Industry

Australia

Country

inc ransom

Manufacturing

Industry

United States

Country

qilinchaos

Ransomware Posting Frequency by Group - Last 7 Days

Remotely Exploited CISA KEV CVEs Added

These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.

CVE-2026-42897

CVE-2026-20182

CVE-2026-42208

CVE-2026-6973

CVE-2026-0300

CVE-2026-31431

CVE-2026-41940

CVE-2024-1708

CVE-2026-32202

CVE-2025-29635

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Weekly Enterprise Exploitation Trend Report

Platform

Use Cases

Company

Resources

Subscribe