{"id":42033,"date":"2021-07-29T13:30:00","date_gmt":"2021-07-29T13:30:00","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32512\/Feds-List-The-Top-30-Most-Exploited-Vulnerabilities.html"},"modified":"2021-07-29T13:30:00","modified_gmt":"2021-07-29T13:30:00","slug":"feds-list-the-top-30-most-exploited-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/","title":{"rendered":"Feds List The Top 30 Most Exploited Vulnerabilities"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/01\/computer-security-800x534.jpg\" alt=\"Feds list the top 30 most exploited vulnerabilities. Many are years old\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"41 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/gadgets\/2021\/07\/feds-list-the-top-30-most-exploited-vulnerabilities-many-are-years-old\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">55<\/span> <span class=\"visually-hidden\"> with 41 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 715:single\/related:a61a72877c0b6fa43c99d7a4bf1dd5ad --><!-- empty --><\/p>\n<p>Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits.<\/p>\n<p>In a <a href=\"https:\/\/us-cert.cisa.gov\/sites\/default\/files\/publications\/AA21-209A_Joint%20CSA_Top%20Routinely%20Exploited%20Vulnerabilities.pdf\">joint advisory<\/a> published Wednesday, the US FBI and CISA (Cybersecurity and Infrastructure Security Agency), the Australian Cyber Security Center, and the UK&#8217;s National Cyber Security Center listed the top 30 or so most exploited vulnerabilities. The vulnerabilities reside in a host of devices or software marketed by the likes of Citrix, Pulse Secure, Microsoft, and Fortinet.<\/p>\n<p>\u201cCyber actors continue to exploit publicly known\u2014and often dated\u2014software vulnerabilities against broad target sets, including public and private sector organizations worldwide,\u201d the advisory stated. \u201cHowever, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system.\u201d<\/p>\n<h2>What, me patch?<\/h2>\n<p>Four of the most targeted vulnerabilities last year resided in VPNs, cloud-based services, and other devices that allow people to remotely access employer networks. Despite the explosion in the number of work-from-home employees driven by the COVID-19 pandemic, many VPN gateway devices remained unpatched during 2020.<\/p>\n<p>Discovery dates of the top four vulnerabilities ranged from 2018 to 2020, an indication of how common it is for many organizations using the affected devices to withhold applying security patches. The security flaws include <a href=\"https:\/\/arstechnica.com\/tech-policy\/2020\/09\/china-sponsored-hackers-charged-for-a-decade-of-alleged-hacks-on-game-makers\/\">CVE-2019-19781<\/a>, a remote code-execution bug in Citrix&#8217;s application delivery controller (which customers use to perform load balancing of inbound application traffic); <a href=\"https:\/\/arstechnica.com\/tech-policy\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/\">CVE 2019-11510<\/a>, which allows attackers to remotely read sensitive files stored by the Pulse Secure Pulse Connect Secure VPN; <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/04\/feds-say-hackers-are-likely-exploiting-critical-fortinet-vpn-vulnerabilities\/\">CVE 2018-13379<\/a>, a path-traversal weakness in VPNs made by Fortinet; and <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/07\/hackers-actively-exploit-high-severity-networking-vulnerabilities\/\">CVE 2020-5902<\/a>, a code-execution vulnerability in the BIG-IP advanced delivery controller made by F5.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>The top 12 flaws are:<\/p>\n<table border=\"1\">\n<colgroup width=\"250\"><\/colgroup>\n<colgroup width=\"431\"><\/colgroup>\n<colgroup width=\"232\"><\/colgroup>\n<tbody>\n<tr>\n<td align=\"center\" bgcolor=\"#EEEEEE\" height=\"20\"><strong>Vendor<\/strong><\/td>\n<td align=\"center\" bgcolor=\"#EEEEEE\"><strong>CVE<\/strong><\/td>\n<td align=\"center\" bgcolor=\"#EEEEEE\"><strong>Type<\/strong><\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Citrix<\/td>\n<td align=\"left\">CVE-2019-19781<\/td>\n<td align=\"left\">arbitrary code execution<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Pulse<\/td>\n<td align=\"left\">CVE 2019-11510<\/td>\n<td align=\"left\">arbitrary file reading<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Fortinet<\/td>\n<td align=\"left\">CVE 2018-13379<\/td>\n<td align=\"left\">path traversal<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">F5- Big IP<\/td>\n<td align=\"left\">CVE 2020-5902<\/td>\n<td align=\"left\">remote code execution (RCE)<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">MobileIron<\/td>\n<td align=\"left\">CVE 2020-15505<\/td>\n<td align=\"left\">RCE<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Microsoft<\/td>\n<td align=\"left\">CVE-2017-11882<\/td>\n<td align=\"left\">RCE<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Atlassian<\/td>\n<td align=\"left\">CVE-2019-11580<\/td>\n<td align=\"left\">RCE<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Drupal<\/td>\n<td align=\"left\">CVE-2018-7600<\/td>\n<td align=\"left\">RCE<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Telerik<\/td>\n<td align=\"left\">CVE 2019-18935<\/td>\n<td align=\"left\">RCE<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Microsoft<\/td>\n<td align=\"left\">CVE-2019-0604<\/td>\n<td align=\"left\">RCE<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Microsoft<\/td>\n<td align=\"left\">CVE-2020-0787<\/td>\n<td align=\"left\">elevation of privilege<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"20\">Netlogon<\/td>\n<td align=\"left\">CVE-2020-1472<\/td>\n<td align=\"left\">elevation of privilege<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Breaching the gate<\/h2>\n<p>The vulnerabilities\u2014all of which have received patches from vendors\u2014have provided the opening vector from an untold number of serious intrusions. For instance, according to an advisory the US government issued in April, hackers working for the Russian government <a href=\"https:\/\/arstechnica.com\/tech-policy\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/\">routinely exploited<\/a> CVE-2018-13379, CVE-2019-11510, and CVE-2019-19781.<\/p>\n<p>That same month, word emerged that a different set of hackers was also <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/04\/feds-say-hackers-are-likely-exploiting-critical-fortinet-vpn-vulnerabilities\/\">exploiting CVE-2018-13379<\/a>. In one case, the hackers allowed ransomware operators to <a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/04\/ransomware-shuts-down-production-at-two-manufacturing-plants\/\">seize control<\/a> of two production facilities belonging to a European manufacturer.<\/p>\n<p>Wednesday\u2019s advisory went on to say:<\/p>\n<blockquote>\n<p>CISA, ACSC, the NCSC, and FBI assess that public and private organizations worldwide remain vulnerable to compromise from the exploitation of these CVEs. Malicious cyber actors will most likely continue to use older known vulnerabilities, such as CVE-2017-11882 affecting Microsoft Office, as long as they remain effective and systems remain unpatched. Adversaries\u2019 use of known vulnerabilities complicates attribution, reduces costs, and minimizes risk because they are not investing in developing a zero-day exploit for their exclusive use, which they risk losing if it becomes known.<\/p>\n<\/blockquote>\n<p>The officials also listed 13 vulnerabilities discovered this year that are also being exploited in large numbers. The vulnerabilities are:<\/p>\n<ul>\n<li>Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE2021-27065<\/li>\n<li>Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900<\/li>\n<li>Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104<\/li>\n<li>VMware: CVE-2021-21985<\/li>\n<\/ul>\n<p>The advisory provides technical details for each vulnerability, mitigation guidance, and indicators of compromise to help organizations determine if they\u2019re vulnerable or have been hacked. The advisory also provides guidance for locking down systems.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32512\/Feds-List-The-Top-30-Most-Exploited-Vulnerabilities.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42034,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[5434],"class_list":["post-42033","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Feds List The Top 30 Most Exploited Vulnerabilities 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Feds List The Top 30 Most Exploited Vulnerabilities 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-29T13:30:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Feds List The Top 30 Most Exploited Vulnerabilities\",\"datePublished\":\"2021-07-29T13:30:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/\"},\"wordCount\":649,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg\",\"keywords\":[\"headline,hacker,government,flaw\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/\",\"name\":\"Feds List The Top 30 Most Exploited Vulnerabilities 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg\",\"datePublished\":\"2021-07-29T13:30:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/feds-list-the-top-30-most-exploited-vulnerabilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Feds List The Top 30 Most Exploited Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Feds List The Top 30 Most Exploited Vulnerabilities 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Feds List The Top 30 Most Exploited Vulnerabilities 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-07-29T13:30:00+00:00","og_image":[{"width":800,"height":534,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Feds List The Top 30 Most Exploited Vulnerabilities","datePublished":"2021-07-29T13:30:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/"},"wordCount":649,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg","keywords":["headline,hacker,government,flaw"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/","url":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/","name":"Feds List The Top 30 Most Exploited Vulnerabilities 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg","datePublished":"2021-07-29T13:30:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/feds-list-the-top-30-most-exploited-vulnerabilities.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/feds-list-the-top-30-most-exploited-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentflaw\/"},{"@type":"ListItem","position":3,"name":"Feds List The Top 30 Most Exploited Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42033"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42033\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42034"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}