Exploited CVEs / By vendor
Actively exploited vulnerabilities by vendor
Every vendor with 5 or more CVEs on the CISA Known Exploited Vulnerabilities catalog. Refreshed daily; vendors join the list automatically as CISA catalogs their CVEs.
| Vendor | Exploited CVEs | Ransomware-linked | Newest addition |
|---|---|---|---|
| Microsoft | 378 | 104 | CVE-2026-45659 (2026-07-01) |
| Cisco | 93 | 6 | CVE-2026-20230 (2026-06-25) |
| Apple | 93 | - | CVE-2025-31277 (2026-03-20) |
| Adobe | 79 | 10 | CVE-2009-3459 (2026-05-20) |
| 72 | - | CVE-2026-11645 (2026-06-09) | |
| Oracle | 44 | 13 | CVE-2026-35273 (2026-06-12) |
| Apache | 39 | 7 | CVE-2026-34197 (2026-04-16) |
| Ivanti | 35 | 12 | CVE-2026-10520 (2026-06-11) |
| Linux | 26 | 2 | CVE-2022-0492 (2026-06-02) |
| D-Link | 26 | 2 | CVE-2025-29635 (2026-04-24) |
| Fortinet | 26 | 13 | CVE-2026-21643 (2026-04-13) |
| VMware | 26 | 9 | CVE-2025-22224 (2025-03-04) |
| Citrix | 22 | 7 | CVE-2026-3055 (2026-03-30) |
| Synacor | 18 | 5 | CVE-2025-48700 (2026-04-20) |
| Android | 17 | - | CVE-2025-48595 (2026-06-02) |
| Palo Alto Networks | 15 | 5 | CVE-2026-0257 (2026-05-29) |
| Samsung | 15 | - | CVE-2024-7399 (2026-04-24) |
| SonicWall | 15 | 10 | CVE-2025-40602 (2025-12-17) |
| SAP | 14 | 2 | CVE-2025-42999 (2025-05-15) |
| Mozilla | 13 | 1 | CVE-2010-3765 (2025-10-06) |
| Atlassian | 13 | 8 | CVE-2021-26086 (2024-11-12) |
| Trend Micro | 12 | - | CVE-2026-34926 (2026-05-21) |
| Qualcomm | 12 | - | CVE-2026-21385 (2026-03-03) |
| Zyxel | 12 | 2 | CVE-2024-40890 (2025-02-11) |
| SolarWinds | 11 | 1 | CVE-2026-28318 (2026-06-05) |
| Roundcube | 11 | - | CVE-2025-49113 (2026-02-20) |
| QNAP | 11 | 9 | CVE-2023-47565 (2023-12-21) |
| Arm | 9 | - | CVE-2024-4610 (2024-06-12) |
| Zoho | 9 | 2 | CVE-2022-28810 (2023-03-07) |
| Juniper | 8 | - | CVE-2015-7755 (2025-10-02) |
| Progress | 8 | 4 | CVE-2024-4885 (2025-03-03) |
| NETGEAR | 8 | - | CVE-2017-5521 (2022-09-08) |
| F5 | 7 | 4 | CVE-2025-53521 (2026-03-27) |
| Mitel | 7 | 5 | CVE-2024-41710 (2025-02-12) |
| Sophos | 7 | 1 | CVE-2020-15069 (2025-02-06) |
| Red Hat | 7 | 3 | CVE-2018-14667 (2023-09-28) |
| IBM | 7 | 2 | CVE-2022-47986 (2023-02-21) |
| Jenkins | 6 | 1 | CVE-2017-1000353 (2025-10-02) |
| TP-Link | 6 | - | CVE-2023-50224 (2025-09-03) |
| Drupal | 5 | 2 | CVE-2026-9082 (2026-05-22) |
| GNU | 5 | - | CVE-2026-24061 (2026-01-26) |
| RARLAB | 5 | 3 | CVE-2025-6218 (2025-12-09) |
| DrayTek | 5 | - | CVE-2024-12987 (2025-05-15) |
| Exim | 5 | 1 | CVE-2010-4344 (2022-03-25) |
Vendors below the 5-CVE threshold are in the full exploited-CVE tracker. The newest additions across all vendors: exploited this week.