Top 20 Most Exploited Vulnerabilities

   January 13, 2026  Posted in CyberSecurityNews

Top 20 Most Exploited Vulnerabilities

In today’s escalating threat landscape, spotting and patching open vulnerabilities ranks as a top priority for security teams.

Pinpointing weaponized, high-risk CVEs exploited by threat actors and ransomware amid thousands of disclosures proves essential.

Qualys researchers recently highlighted the top 20 most exploited vulnerabilities, noting hackers’ heavy focus on Microsoft products.

Several from this list appear in the latest CISA Joint Cybersecurity Advisory (CSA), released August 3, 2023.

Top 20 Most Exploited Vulnerabilities

Here below, we have mentioned all the top 20 most exploited vulnerabilities:-

1. CVE-2017-11882

google

  • Description: Microsoft Office Memory Corruption Vulnerability
  • Vulnerability Trending Over Years: 2018, 2020, 2021, 2022, 2023 (79 times)
  • Qualys Vulnerability Detection (QID): 110308

2. CVE-2017-0199

  • Description: Microsoft Wordpad Remote Code Execution Vulnerability
  • Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (59 times)
  • Qualys Vulnerability Detection (QID): 110297

3. CVE-2012-0158

  • Description: Vulnerability in Windows Common Controls Could Allow RCE
  • Vulnerability Trending Over Years: 2013, 2020, 2021, 2023 (33 times)
  • Qualys Vulnerability Detection (QID): 90793

4. CVE-2017-8570

  • Description: Microsoft Office Remote Code Execution Vulnerability
  • Vulnerability Trending Over Years: 2018, 2020, 2023 (25 times)
  • Qualys Vulnerability Detection (QID): 110300

5. CVE-2020-1472

  • Description: Zerologon – An Unauthenticated Privilege Escalation to Full Domain Privileges
  • Vulnerability Trending Over Years: 2020, 2021, 2022, 2023 (56 times)
  • Qualys Vulnerability Detection (QID): 91680

6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143

  • Description: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya
  • Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times)
  • Qualys Vulnerability Detection (QID):  91361, 91360, 91359, 91345

7. CVE-2012-1723

  • Description: Java Applet Field Bytecode Verifier Cache Remote Code Execution
  • Vulnerability Trending Over Years: 2023 (6 times)
  • Qualys Vulnerability Detection (QID):  120274

8. CVE-2021-34473, CVE-2021-34523, CVE-2021-31207

  • Description: Microsoft Exchange Server RCE (ProxyShell)
  • Vulnerability Trending Over Years: 2021, 2022, 2023 (39 times)
  • Qualys Vulnerability Detection (QID):  50114, 50111, 50112

9. CVE-2019-11510

  • Description: Pulse Secure Pulse Connect Secure SSL VPN Unauthenticated Path
  • Vulnerability Trending Over Years: 2019, 2020, 2023 (53 times)
  • Qualys Vulnerability Detection (QID):  38771

10. CVE-2021-44228

  • Description: Apache Log4j Remote Code Execution Vulnerability
  • Vulnerability Trending Over Years: 2021, 2022, 2023 (77 times)
  • Qualys Vulnerability Detection (QID):  376157, 730297

11. CVE-2014-6271

  • Description: Shellshock – Linux Bash Vulnerability
  • Vulnerability Trending Over Years: 2014, 2016, 2017, 2020, 2021, 2022, 2023 (70 times)
  • Qualys Vulnerability Detection (QID):  122693, 13038, 150134

12. CVE-2018-8174

  • Description: Windows VBScript Engine Remote Code Execution Vulnerability
  • Vulnerability Trending Over Years: 2018, 2020, 2023 (30 times)
  • Qualys Vulnerability Detection (QID):  91447

13. CVE-2013-0074

  • Description: Microsoft Silverlight Could Allow Remote Code Execution
  • Vulnerability Trending Over Years: 2023 (8 times)
  • Qualys Vulnerability Detection (QID):  90870

14. CVE-2012-0507

  • Description: Oracle Java SE Remote Java Runtime Environment Vulnerability
  • Vulnerability Trending Over Years: 2023 (10 times)
  • Qualys Vulnerability Detection (QID):  119956

15. CVE-2019-19781

  • Description: Citrix ADC and Citrix Gateway – Remote Code Execution (RCE) Vulnerability
  • Vulnerability Trending Over Years: 2020, 2022, 2023 (60 times)
  • Qualys Vulnerability Detection (QID):  372305, 150273

16. CVE-2018-0802

  • Description: Microsoft Office Memory Corruption Vulnerability
  • Vulnerability Trending Over Years: 2021, 2022, 2023 (19 times)
  • Qualys Vulnerability Detection (QID):  110310

17. CVE-2021-26855

  • Description: Microsoft Exchange Server Authentication Bypass (RCE)
  • Vulnerability Trending Over Years: 2021, 2023 (46 times)
  • Qualys Vulnerability Detection (QID):  50107, 50108

18. CVE-2019-2725

  • Description: Oracle WebLogic Affected by Unauthenticated RCE Vulnerability
  • Vulnerability Trending Over Years: 2019, 2020, 2022, 2023 (53 times)
  • Qualys Vulnerability Detection (QID):  150267, 87386

19. CVE-2018-13379

  • Description: Fortinet FortiGate (FortiOS) System File Leak through Secure Sockets Layer (SSL)
  • Vulnerability Trending Over Years: 2020, 2021, 2023 (41 times) 
  • Qualys Vulnerability Detection (QID):  43702 

20. CVE-2021-26084

  • Description: Atlassian Confluence Server Webwork OGNL Injection RCE Vulnerability
  • Vulnerability Trending Over Years: 2021, 2022, 2023 (35 times)
  • Qualys Vulnerability Detection (QID):  730172, 150368, 375839

Recommendation

Security analysts at Qualys urged users to immediately identify the vulnerable assets to these top most exploited CVEs, then prioritize remediation and use Qualys Patch to cut risk fast.

Moreover, make sure to leverage the dynamic Threat Intelligence with Qualys VMDR to streamline high-risk vulnerability prioritization.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.

googlenews





Source link