All patch & vulnerability trackers

Non-Microsoft exploited vulnerabilitiesBeta

Every vulnerability in CISA's Known Exploited Vulnerabilities catalog that is not from Microsoft, ranked by EPSS exploit probability. Each one is confirmed exploited in the wild, so it tops any patch queue. Microsoft's Security Update Guide stops at Microsoft. This is the part it leaves out: the Apache, Cisco, Citrix, Fortinet, Ivanti, and VMware flaws attackers are using right now, ranked in one view. For Microsoft, see the Microsoft patch tracker.

  • Confirmed exploited. Straight from CISA KEV, the authoritative actively-exploited list.
  • EPSS-ranked. Ordered by FIRST.org exploit probability, ransomware-linked flagged.
  • Every vendor. Apache, Cisco, Citrix, Fortinet, Ivanti, and the rest, in one view.
  • Open data. Search, sort, and export to CSV or JSON.

Sourced from CISA KEV, NVD, and FIRST.org EPSS, cross-referenced with VulnCheck KEV and the ENISA EUVD (EU). The Fix column links each vendor's PSIRT advisory. Last updated 2026-06-30.

Most-exploited vendors
Vendors with the most CVEs added to CISA KEV in the time frame. Microsoft is shown for comparison; the rest of this page covers non-Microsoft software. The red portion of each bar is the ransomware-linked share.
All time
Exploitation trend
Non-Microsoft CVEs added to CISA KEV per month, ransomware-linked highlighted.
12 months
Export:RSS

This is the list. Senserva tells you which ones are in your tenant.
This page is the whole actively-exploited non-Microsoft catalog. Senserva matches it against the software, devices, and apps it finds in your Microsoft 365, Intune, Defender, and Entra ID estate, then ranks what is actually exposed by CISA KEV and EPSS, so you patch the few that matter first.
Scan my tenant free See the Security Center
Tracking Microsoft instead?
See the Microsoft Patch Tracker for every Patch Tuesday KB and the CVEs it fixes, EPSS-ranked.
Microsoft Patch Tracker

Data sources

Every row is built from authoritative, public security feeds, refreshed automatically.

Source What it provides
CISA KEV catalogThe list itself: which CVEs are actively exploited, vendor, product, ransomware use, and the required action.
NVD (NIST)CVSS base score and severity for each CVE.
CIRCL CVE SearchCVSS fallback when NVD has no score yet, so newly added CVEs still get a severity.
EPSS (FIRST.org)Exploit Prediction Scoring System: probability a CVE is exploited within 30 days, used to rank the list.
VulnCheck KEVA broader Known Exploited Vulnerabilities list than CISA KEV. Shown as a "VulnCheck KEV" signal. Data courtesy of VulnCheck, used with attribution.
ENISA EUVDThe European Union Vulnerability Database (ENISA, under NIS2). Shown as an "EU EUVD" signal for the CVEs the EU tracks as exploited. Courtesy of ENISA, used with attribution.
Vendor PSIRTsThe Fix / advisory column links to each vendor's own security advisory (Cisco, Fortinet, Ivanti, Citrix, Adobe, Apple, VMware/Broadcom, and more), where the patched version lives.
Attribution. Exploitation data labeled VulnCheck KEV is provided by VulnCheck and is used with attribution per VulnCheck's terms. EU cross-references are from the ENISA EUVD. Vendor PSIRT advisories are linked, not redistributed. Senserva is not affiliated with or endorsed by these providers.

Senserva makes sure your Microsoft products are actually running the way your compliance rules require, reports on all of it in one place, and helps you fix what is wrong.

Configured to the rules
Continuously checks that your Microsoft 365, Intune, Defender, Entra ID, and Purview are set up the way your compliance frameworks require (MCSB, CIS, NIST 800-53, SOC 2, HIPAA, CISA SCuBA), and flags every drift.
One easy report across every product
Pulls all the data across these products into clear, easy-to-read reports, so you stop stitching separate consoles together to see where you stand.
Full AI enhancement and remediation
Every finding comes with AI-written context and guided, agentic remediation, so you fix what matters instead of just reading about it.

Everything above is public Microsoft and CISA data. Senserva pours your tenant's own findings into these same views. See it on a simulated tenant first, no sign-in needed.

or run a free scan on your tenant

Already running other security and management tools? Use Senserva alongside them. It reads what you have and ranks what matters, it does not replace your stack.