MEIFP – Most Exploited Internet-Facing Products

Vendor score = sum of Active CVE scores · Each CVE: 10 pts base, boosted by:

KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3

Vendor Risk Ranking

Ranked by cumulative score from Active CVEs in the selected period · AV:Network only · Click vendor name for CVE details

114 vendors

#	Vendor	Score(hover for detail)	Active CVEs	Products
1	Ivanti	843.4	24	13
2	Cisco	720.3	21	20
3	Microsoft	544.8	15	20
4	Fortinet	527.4	14	18
5	Palo Alto Networks	406.1	11	4
6	Adobe	317.7	8	4
7	Apache Software Foundation	294.7	8	16
8	Oracle	269.8	7	8
9	SolarWinds	269.4	7	2
10	Citrix	245.4	7	3
11	Apple	202.8	5	8
12	Juniper Networks	202.8	5	2
13	SonicWall	165.7	5	5
14	Progress Software Corporation	152.9	4	3
15	Atlassian	121.7	3	2
16	JetBrains	121.7	3	1
17	SmarterTools	121.7	3	1
18	Ubiquiti Inc	121.7	3	20
19	D-Link	112.3	3	20
20	F5	107.5	3	1
21	CrushFTP	107.1	3	1
22	Kentico	105.1	3	1
23	BeyondTrust	101.1	3	4
24	Zyxel	93.4	3	9
25	BerriAI	93.4	3	1
26	Gladinet	92.6	3	3
27	Dassault Systèmes	86.6	3	1
28	craftcms	81.1	2	2
29	geoserver	81.1	2	1
30	GeoVision	81.1	2	20
31	checkpoint	81.1	2	3
32	ServiceNow	81.1	2	1
33	WatchGuard	81.1	2	1
34	SysAid	81.1	2	1
35	langflow-ai	81.1	2	1
36	Roundcube	67.0	2	2
37	ASUS	67.0	2	2
38	Advantive	67.0	2	1
39	Samsung Electronics	67.0	2	1
40	wftpserver	67.0	2	1
41	Commvault	67.0	2	2
42	ConnectWise	66.6	2	1
43	Trend Micro, Inc.	64.6	2	3
44	SAP_SE	64.6	2	3
45	FreePBX	64.6	2	5
46	PTZOptics	64.6	2	2
47	LiteSpeed Technologies	62.6	2	3
48	Versa	60.6	2	2
49	VMware	57.2	2	6
50	N-able	52.8	2	1
51	GitLab	40.6	1	1
52	Arista Networks	40.6	1	6
53	Unitronics	40.6	1	2
54	Mozilla	40.6	1	5
55	xwiki	40.6	1	3
56	Acronis	40.6	1	1
57	North Grid Corporation	40.6	1	3
58	Splunk	40.6	1	4
59	GNU	40.6	1	5
60	tj-actions	40.6	1	2
61	projectSend	40.6	1	1
62	Meta	40.6	1	4
63	Cloud Software Group	40.6	1	1
64	PHP Group	40.6	1	1
65	DrayTek	40.6	1	3
66	Progress Software	40.6	1	2
67	Rejetto	40.6	1	1
68	Jenkins Project	40.6	1	1
69	Fortra	40.6	1	3
70	Veeam	40.6	1	2
71	NAKIVO	40.6	1	1
72	Aviatrix	40.6	1	1
73	Hewlett Packard Enterprise (HPE)	40.6	1	3
74	erlang	40.6	1	1
75	AMI	40.6	1	1
76	ScienceLogic	40.6	1	1
77	TrioFox	40.6	1	1
78	Edimax	40.6	1	12
79	MongoDB Inc.	40.6	1	1
80	Srimax	40.6	1	1
81	reviewdog	40.6	1	1
82	Craft	40.6	1	1
83	Dell	40.6	1	2
84	QUALITIA CO., LTD.	40.6	1	1
85	TeleMessage	40.6	1	1
86	MOTEX Inc.	40.6	1	1
87	Drupal	40.6	1	4
88	PTC	40.6	1	2
89	marimo-team	40.6	1	1
90	WebPros	40.6	1	3
91	Mirasvit	40.6	1	1
92	nrwl	40.6	1	1
93	joomlacontenteditor.net	40.6	1	1
94	AVB Disc Soft	40.6	1	1
95	Zimbra	31.2	1	2
96	wazuh	26.4	1	7
97	FXC Inc.	26.4	1	2
98	gogs	26.4	1	1
99	Facebook	26.4	1	3
100	n8n-io	26.4	1	1
101	Soliton Systems K.K.	26.4	1	1
102	aquasecurity	26.4	1	3
103	team-telnyx	26.4	1	1
104	Google	26.0	1	8
105	livewire	26.0	1	1
106	yiiframework	26.0	1	1
107	FreeType	26.0	1	1
108	Sitecore	26.0	1	6
109	centos-webpanel	26.0	1	1
110	prettier	26.0	1	1
111	TeamT5	24.0	1	1
112	Trimble	24.0	1	3
113	Array Networks	24.0	1	1
114	TP-Link Systems Inc.	24.0	1	6

Recently Active CVEs

Newest 100 CVEs with confirmed active exploitation, sorted by published date · NEW = directly Active · POC→ACT = was POC in Vulnrichment SSVC, now confirmed Active

100 entries

Published	Status	CVE ID	Vendor	Product	CVSS	AC	PR	Auto	Score
2026-06-18	NEW	CVE-2026-12569	PTC	FlexPLM	9.3v4.0	Low	None	YES	40.6
2026-06-15	NEW	CVE-2026-20262	Cisco	Cisco Catalyst SD-WAN Manager	6.5v3.1	Low	Low	—	26.4
2026-06-14	NEW	CVE-2026-54420	LiteSpeed Technologies	cPanel Plugin	8.5v3.1	High	Low	—	22.0
2026-06-11	NEW	CVE-2026-35273	Oracle	PeopleSoft Enterprise PeopleTools	9.8v3.1	Low	None	YES	40.6
2026-06-10	NEW	CVE-2026-20253	Splunk	Splunk Enterprise	9.8v3.1	Low	None	YES	40.6
2026-06-09	NEW	CVE-2026-10520	Ivanti	Sentry	10.0v3.1	Low	None	YES	40.6
2026-06-08	NEW	CVE-2026-11645	Google	Chrome	8.8v3.1	Low	None	—	31.2
2026-06-08	NEW	CVE-2026-50751	checkpoint	Quantum Security Gateway	9.3v3.1	Low	None	YES	40.6
2026-06-05	NEW	CVE-2026-7473	Arista Networks	EOS	6.9v4.0	Low	None	YES	40.6
2026-06-05	NEW	CVE-2026-48907	joomlacontenteditor.net	Joomla Content Editor (JCE) extension for Joomla	10.0v4.0	Low	None	YES	40.6
2026-06-04	NEW	CVE-2026-28318	SolarWinds	Serv-U	7.5v3.1	Low	None	YES	40.6
2026-06-03	NEW	CVE-2026-20230	Cisco	Cisco Unified Communications Manager	8.6v3.1	Low	None	—	31.2
2026-05-27	NEW	CVE-2026-48027	nrwl	nx-console	9.3v4.0	Low	None	YES	40.6
2026-05-26	NEW	CVE-2026-45247	Mirasvit	Full Page Cache Warmer for Magento 2	9.3v4.0	Low	None	YES	40.6
2026-05-22	NEW	CVE-2026-34908	Ubiquiti Inc	EFG	10.0v3.1	Low	None	YES	40.6
2026-05-22	NEW	CVE-2026-34909	Ubiquiti Inc	EFG	10.0v3.1	Low	None	YES	40.6
2026-05-22	NEW	CVE-2026-34910	Ubiquiti Inc	EFG	10.0v3.1	Low	None	YES	40.6
2026-05-21	NEW	CVE-2026-48172	LiteSpeed Technologies	cPanel Plugin	10.0v4.0	Low	None	YES	40.6
2026-05-20	NEW	CVE-2026-9082	Drupal	Drupal core	6.5v3.1	Low	None	YES	40.6
2026-05-15	NEW	CVE-2026-8398	AVB Disc Soft	DAEMON Tools Lite	9.3v4.0	Low	None	YES	40.6
2026-05-14	NEW	CVE-2026-42897	Microsoft	Microsoft Exchange Server 2016 Cumulative Update 23	8.1v3.1	Low	None	—	31.2
2026-05-14	NEW	CVE-2026-20182	Cisco	Cisco Catalyst SD-WAN Controller	10.0v3.1	Low	None	YES	40.6
2026-05-13	NEW	CVE-2026-0257	Palo Alto Networks	Cloud NGFW	7.8v4.0	Low	None	—	31.2
2026-05-12	NEW	CVE-2026-45321	@tanstack	arktype-adapter	9.6v3.1	Low	None	—	31.2
2026-05-08	NEW	CVE-2026-42208	BerriAI	litellm	9.3v4.0	Low	None	YES	40.6
2026-05-08	NEW	CVE-2026-42271	BerriAI	litellm	8.7v4.0	Low	Low	—	26.4
2026-05-07	NEW	CVE-2026-6973	Ivanti	Endpoint Manager Mobile	7.2v3.1	Low	High	—	24.0
2026-05-06	NEW	CVE-2026-0300	Palo Alto Networks	Cloud NGFW	9.3v4.0	Low	None	YES	40.6
2026-04-29	NEW	CVE-2026-41940	WebPros	cPanel	9.3v4.0	Low	None	YES	40.6
2026-04-14	NEW	CVE-2026-32201	Microsoft	Microsoft SharePoint Enterprise Server 2016	6.5v3.1	Low	None	YES	40.6
2026-04-14	NEW	CVE-2026-32202	Microsoft	Windows 10 Version 1607	4.3v3.1	Low	None	—	31.2
2026-04-09	NEW	CVE-2026-39987	marimo-team	marimo	9.3v4.0	Low	None	YES	40.6
2026-04-07	NEW	CVE-2026-34197	Apache Software Foundation	Apache ActiveMQ	8.8v3.1	Low	Low	—	26.4
2026-04-04	NEW	CVE-2026-35616	Fortinet	FortiClientEMS	9.1v3.1	Low	None	YES	40.6
2026-04-01	NEW	CVE-2026-5281	Google	Chrome	8.8v3.1	Low	None	—	31.2
2026-03-23	NEW	CVE-2026-3055	Citrix	NetScaler ADC	9.3v4.0	Low	None	YES	40.6
2026-03-23	NEW	CVE-2026-33634	BerriAI	litellm	9.4v4.0	Low	Low	—	26.4
2026-03-20	NEW	CVE-2026-33017	langflow-ai	langflow	9.3v4.0	Low	None	YES	40.6
2026-03-12	NEW	CVE-2026-3909	Google	Chrome	8.8v3.1	Low	None	—	31.2
2026-03-12	NEW	CVE-2026-3910	Google	Chrome	8.8v3.1	Low	None	—	31.2
2026-03-04	NEW	CVE-2026-20131	Cisco	Cisco Secure Firewall Management Center (FMC)	10.0v3.1	Low	None	YES	40.6
2026-02-25	NEW	CVE-2026-20122	Cisco	Cisco Catalyst SD-WAN Manager	5.4v3.1	Low	Low	—	26.4
2026-02-25	NEW	CVE-2026-20127	Cisco	Cisco Catalyst SD-WAN Manager	10.0v3.1	Low	None	YES	40.6
2026-02-25	NEW	CVE-2026-20133	Cisco	Cisco Catalyst SD-WAN Manager	6.5v3.1	Low	Low	—	26.4
2026-02-25	NEW	CVE-2026-22719	VMware	Telco Cloud Infrastructure	8.1v3.1	High	None	—	26.0
2026-02-17	NEW	CVE-2026-22769	Dell	RecoverPoint for Virtual Machines	10.0v3.1	Low	None	YES	40.6
2026-02-13	NEW	CVE-2026-2441	Google	Chrome	8.8v3.1	Low	None	—	31.2
2026-02-13	NEW	CVE-2026-25108	Soliton Systems K.K.	FileZen	8.7v4.0	Low	Low	—	26.4
2026-02-10	NEW	CVE-2026-21510	Microsoft	Windows 10 Version 1607	8.8v3.1	Low	None	—	31.2
2026-02-10	NEW	CVE-2026-21513	Microsoft	Windows 10 Version 1607	8.8v3.1	Low	None	—	31.2
2026-02-10	NEW	CVE-2026-1603	Ivanti	Endpoint Manager	8.6v3.1	Low	None	YES	40.6
2026-02-06	NEW	CVE-2026-21643	Fortinet	FortiClientEMS	9.1v3.1	Low	None	YES	40.6
2026-02-06	NEW	CVE-2026-1731	BeyondTrust	Remote Support(RS) & Privileged Remote Access(PRA)	9.9v4.0	Low	None	YES	40.6
2026-02-03	NEW	CVE-2025-15556	notepad-plus-plus	notepad-plus-plus	7.7v4.0	High	None	—	26.0
2026-01-29	NEW	CVE-2026-1281	Ivanti	Endpoint Manager Mobile	9.8v3.1	Low	None	YES	40.6
2026-01-29	NEW	CVE-2026-1340	Ivanti	Endpoint Manager Mobile	9.8v3.1	Low	None	YES	40.6
2026-01-28	NEW	CVE-2025-40536	SolarWinds	Web Help Desk	8.1v3.1	High	None	—	26.0
2026-01-28	NEW	CVE-2025-40551	SolarWinds	Web Help Desk	9.8v3.1	Low	None	YES	40.6
2026-01-27	NEW	CVE-2026-24858	Fortinet	FortiAnalyzer	9.4v3.1	Low	None	YES	40.6
2026-01-23	NEW	CVE-2026-24423	SmarterTools	SmarterMail	9.3v4.0	Low	None	YES	40.6
2026-01-22	NEW	CVE-2026-23760	SmarterTools	SmarterMail	9.3v4.0	Low	None	YES	40.6
2026-01-21	NEW	CVE-2026-20045	Cisco	Cisco Unified Communications Manager	8.2v3.1	Low	None	YES	40.6
2026-01-21	NEW	CVE-2026-24061	GNU	inetutils	9.8v3.1	Low	None	YES	40.6
2026-01-13	NEW	CVE-2026-20963	Microsoft	Microsoft SharePoint Enterprise Server 2016	9.8v3.1	Low	None	YES	40.6
2026-01-05	NEW	CVE-2025-66376	Zimbra	Collaboration	7.2v3.1	Low	None	—	31.2
2025-12-29	NEW	CVE-2025-52691	SmarterTools	SmarterMail	10.0v3.1	Low	None	YES	40.6
2025-12-19	NEW	CVE-2025-14733	WatchGuard	Fireware OS	9.3v4.0	Low	None	YES	40.6
2025-12-19	NEW	CVE-2025-14847	MongoDB Inc.	MongoDB Server	8.7v4.0	Low	None	YES	40.6
2025-12-19	NEW	CVE-2025-68613	n8n-io	n8n	10.0v3.1	Low	Low	—	26.4
2025-12-18	NEW	CVE-2025-40602	SonicWall	SMA1000	6.6v3.1	High	High	—	20.0
2025-12-18	NEW	CVE-2025-68461	Roundcube	Webmail	7.2v3.1	Low	None	YES	40.6
2025-12-17	NEW	CVE-2025-20393	Cisco	Cisco Secure Email	10.0v3.1	Low	None	YES	40.6
2025-12-17	NEW	CVE-2025-43529	Apple	iOS and iPadOS	8.8v3.1	Low	None	—	31.2
2025-12-17	NEW	CVE-2025-59374	ASUS	live update	9.3v4.0	Low	None	YES	40.6
2025-12-16	NEW	CVE-2025-37164	Hewlett Packard Enterprise (HPE)	HPE OneView	10.0v3.1	Low	None	YES	40.6
2025-12-12	NEW	CVE-2025-14174	Google	Chrome	8.8v3.1	Low	None	—	31.2
2025-12-12	NEW	CVE-2025-14611	Gladinet	CentreStack and TrioFox	7.1v4.0	High	None	—	26.0
2025-12-10	NEW	CVE-2025-8110	gogs	gogs	8.7v4.0	Low	Low	—	26.4
2025-12-09	NEW	CVE-2025-59718	Fortinet	FortiOS	9.1v3.1	Low	None	YES	40.6
2025-12-05	NEW	CVE-2025-34291	Langflow	Langflow	9.4v4.0	Low	None	—	31.2
2025-12-05	NEW	CVE-2025-66644	Array Networks	ArrayOS AG	7.2v3.1	Low	High	—	24.0
2025-12-03	NEW	CVE-2025-55182	Meta	react-server-dom-parcel	10.0v3.1	Low	None	YES	40.6
2025-11-25	NEW	CVE-2025-58360	geoserver	geoserver	8.2v3.1	Low	None	YES	40.6
2025-11-18	NEW	CVE-2025-58034	Fortinet	FortiWeb	6.7v3.1	Low	High	—	24.0
2025-11-17	NEW	CVE-2025-13223	Google	Chrome	8.8v3.1	Low	None	—	31.2
2025-11-14	NEW	CVE-2025-64446	Fortinet	FortiWeb	9.4v3.1	Low	None	YES	40.6
2025-11-10	NEW	CVE-2025-12480	TrioFox	TrioFox	9.1v3.1	Low	None	YES	40.6
2025-11-07	NEW	CVE-2025-64328	FreePBX	filestore	8.6v4.0	Low	High	—	24.0
2025-11-05	NEW	CVE-2023-43000	Apple	iOS and iPadOS	8.8v3.1	Low	None	—	31.2
2025-10-21	NEW	CVE-2025-61757	Oracle	Identity Manager	9.8v3.1	Low	None	YES	40.6
2025-10-20	NEW	CVE-2025-61932	MOTEX Inc.	Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))	9.3v4.0	Low	None	YES	40.6
2025-10-15	NEW	CVE-2025-53521	F5	BIG-IP	9.3v4.0	Low	None	YES	40.6
2025-10-14	NEW	CVE-2025-59287	Microsoft	Windows Server 2012	9.8v3.1	Low	None	YES	40.6
2025-10-12	NEW	CVE-2025-61884	Oracle	Oracle Configurator	7.5v3.1	Low	None	YES	40.6
2025-10-09	NEW	CVE-2025-11371	Gladinet	CentreStack and TrioFox	7.5v3.1	Low	None	YES	40.6
2025-10-05	NEW	CVE-2025-61882	Oracle	Oracle Concurrent Processing	9.8v3.1	Low	None	YES	40.6
2025-09-25	NEW	CVE-2025-20333	Cisco	Cisco Secure Firewall Adaptive Security Appliance (ASA) Software	9.9v3.1	Low	Low	—	26.4
2025-09-25	NEW	CVE-2025-20362	Cisco	Cisco Secure Firewall Adaptive Security Appliance (ASA) Software	6.5v3.1	Low	None	YES	40.6
2025-09-24	NEW	CVE-2025-10585	Google	Chrome	8.8v3.1	Low	None	—	31.2
2025-09-24	NEW	CVE-2025-20352	Cisco	Cisco IOS XE Catalyst SD-WAN	7.7v3.1	Low	Low	—	26.4

Monthly Risk Score TrendJun 2023 – Jun 2026

Rolling 36-month cumulative score — CVEs older than 3 years expire · hover for breakdown

Ivanti

Cisco

Microsoft

Fortinet

Palo Alto Networks

Adobe

Apache Software Foundation

Oracle

SolarWinds

Citrix

Apple

Juniper Networks

SonicWall

Progress Software Corporation

Atlassian