Weekly Enterprise Exploitation Trend Report
24-06-2026 to 30-06-2026
The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.
273
273
Actively Exploited Vulnerabilities
114
114
Vendors Actively Exploited
Apache
Apache
Most Exploited Vendor
Microsoft Exchange
Microsoft Exchange
Most Exploited Product
Top 10 Actively Exploited Vendors
1
Apache
2
Ivanti
3
Cisco
4
Atlassian
5
VMware
6
Microsoft
7
Oracle
8
Citrix
9
Palo Alto Networks
10
Adobe
Top 10 CVEs of 2025 with the Highest EPSS Scores -30-06-2026
1
CVE-2024-3400
- PaloAlto PAN-OS
- Command Injection
- EPSS: 0.99999
- Percentile: 1
2
CVE-2024-23897
- Jenkins
- Arbitrary File Read
- EPSS: 0.99999
- Percentile: 0.99995
3
CVE-2024-21893
- Ivanti Connect Secure
- Privilege Escalation
- EPSS: 0.99999
- Percentile: 0.99999
4
CVE-2024-21887
- Ivanti Connect Secure
- Command Injection
- EPSS: 0.99999
- Percentile: 1
5
CVE-2023-4966
- Netscaler ADC and Gateway
- Sensitive Information Disclosure
- EPSS:0.99999
- Percentile: 0.99993
6
CVE-2023-44487
- HTTP/2
- Denial of Service
- EPSS: 0.99999
- Percentile: 0.99996
7
CVE-2023-35082
- Ivanti EPMM
- Authentication Bypass
- EPSS: 0.99999
- Percentile: 0.99996
8
CVE-2023-35078
- Ivanti EPMM
- Authentication Bypass
- EPSS: 0.99999
- Percentile: 0.99995
9
CVE-2023-32315
- Openfire
- Path Traversal
- EPSS: 0.99999
- Percentile: 0.9999
10
CVE-2023-27350
- OPaperCut NG
- Authentication Bypass
- EPSS: 0.99999
- Percentile: 0.99991
Top Exploited CVEs Against Enterprise Applications
CVE-2022-41082
High
High
High
High
- Remote Code Injection
- Exchange
- Used by Ransomware-United States
CVE-2023-20198
Critical
Critical
Critical
Critical
- Privilege Escalation
- Cisco IOS XE
- -United States
CVE-2026-41940
Critical
Critical
Critical
Critical
- Authentication Bypass
- cPanel and WHM
- Used by Ransomware-United States
CVE-2017-9841
Critical
Critical
Critical
Critical
- Command Injection
- PHPUnit
- -China
CVE-2021-42013
Critical
Critical
Critical
Critical
- Path Traversal
- Apache HTTP Server
- Used by Ransomware-China
CVE-2025-55182
Critical
Critical
Critical
Critical
- Remote Code Injection
- React Server Components
- Used by Ransomware-United States
CVE-2025-5777
High
High
High
High
- Out-of-Bounds Read
- Citrix NetScaler
- Used by Ransomware-United States
CVE-2019-1653
High
High
High
High
- Sensitive Information Disclosure
- Cisco RV320/RV325
- -United States
CVE-2024-20767
High
High
High
High
- Improper Access Control
- ColdFusion
- -Netherlands
CVE-2023-27351
High
High
High
High
- Improper Authentication
- PaperCut MF/NG
- Used by Ransomware-Netherlands
Top 10 Targeted Countries
Top 10 Targeted Countries
United States
:
42548
China
:
37484
Pakistan
:
13183
Ireland
:
12930
Germany
:
5375
UK
:
5286
Singapore
:
5212
India
:
4284
Egypt
:
4022
France
:
3621
Actively Exploited Enterprise Vendors
Apache | Ivanti | Cisco | Atlassian | D-Link | VMware | Microsoft | Oracle | Citrix | Palo Alto Networks | Adobe | Fortinet | Draytek | Netgear | F5 | Zoho | Progress | Spring | Geoserver | SAP | Wordpress | ZyXEL | JetBrains | QNAP | SysAid | Realtek | PaperCut | SolarWinds | Synacor | Jenkins | Zimbra | Tenda | SonicWall | Hikvision | Aviatrix | Drupal | Sitecore | Juniper | Gladinet | IBM | Sonatype | CrushFTP | Dassualt Systems | SmarterTools | Dasan | cPanel | PHPUnit - Sebastian Bergmann | Meta | Metabase | Zyxel/Billion | Pulse Secure | Check Point | ownCloud | ConnectWise | vBulletin | Mitel | Laravel | Dahua | MobileIron | SaltStack | Micro Focus | NAKIVO | Sunhillo | Webmin | LG | dotCMS | Roundcube | Elastic | GLPI (teclib) | Lime Technology | Terramaster | mongo-express | nostromo | Linear | WSO2 | CONTEC | ASUS | PrimeFaces | Paessler | MinIO | Schneider Electric | TP-Link | Barco/AWIND | Sophos | NextGen Healthcare | Open Source Matters, Inc/Joomla community | Qlik | Fortra | Grafana | wftpserver.com | XWiki | PHP Foundation | Langflow | Versa | Yealink | ForgeRock | Rejetto | Node.js | FreePBX | Hitachi Vantara | Commvault | CyberPanel | SugarCRM | Cleo | Telerik | RedHat | Kentico | HPE | Grandstream | Omnissa | Cacti | Ruckus | GeoVision | Edimax
Most Active Ransomware Groups
Ransomware Posting Frequency by Group - Last 7 Days
Remotely Exploited CISA KEV CVEs Added
These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them to mitigate risks.
CVE-2026-48558
CVE-2026-12569
CVE-2026-20230
CVE-2025-67038
CVE-2026-34910
CVE-2026-34909
CVE-2026-34908
CVE-2026-20253
CVE-2026-48907
CVE-2026-54420




