Top 50 Critical Vulnerabilities

Top 50 Critical Vulnerabilities with Exploit/Exploitation Context (2022–2026)

CVEs in the Known Exploited Vulnerabilities catalog (KEV) are those observed exploits in real attacks on organizations.

1–10: Actively Exploited / Known Exploits

1. CVE-2025-55182 — React/Next.js RCE (10.0) — actively exploited.

2. CVE-2025-64446 — Fortinet FortiWeb auth bypass & admin creation (9.8) — in the wild.

3. CVE-2025-53770 — MS SharePoint ToolShell RCE (9.8) — known active exploit.

4. CVE-2025-61882 — Oracle EBS BI Publisher RCE (9.8) — exploited.

5. CVE-2025-20333 — Cisco ASA/FTD buffer overflow RCE (9.9) — CISA KEV.

6. CVE-2025-5777 — Citrix NetScaler memory flaw (CitrixBleed 2) — active.

7. CVE-2025-32463 — Sudo privilege escalation — KEV.

8. CVE-2025-3248 — Langflow AI Platform unauth RCE (9.8) — KEV.

9. CVE-2025-48633 — Android critical info disclosure (zero-day) — limited exploit.

10. CVE-2025-48572 — Android elevation of privilege — exploited.

---

11–20: Other Critical Exploited CVEs (KEV / Known Exploit)

11. CVE-2025-50165 — Microsoft Graphics Component RCE (9.8).

12. CVE-2025-53767 — Azure OpenAI data access RCE (10.0).

13. CVE-2025-53792 — Microsoft remote code execution.

14. CVE-2025-53766 — Microsoft critical web-based exploit.

15. CVE-2025-48631 — Android DoS / RCE (critical).

16. CVE-2025-43529 — Apple WebKit RCE (zero-day targeted).

17. CVE-2025-14174 — Apple WebKit memory corruption RCE.

18. CVE-2025-14847 — MongoDB “MongoBleed” PoC exploit.

19. CVE-2026-20805 — Microsoft Windows information disclosure — on top 100 list.

20. CVE-2025-68613 — n8n libraries improper control — with public exploits.

---

21–30: Exploitable Vulnerabilities with Public Proof-of-Concept

21. CVE-2025-38352 — Linux kernel race condition (exploit PoC).

22. CVE-2025-43529 — WebKitGTK use-after-free — Apple and others.

23. CVE-2025-37164 — HPE OneView code injection with public exploit.

24. CVE-2025-59718 — FortiOS crypto verification bypass.

25. CVE-2025-7775 — Citrix NetScaler ADC buffer overflow.

26. CVE-2025-14174 — WebKit Chromium mem corruption (public PoC).

27. CVE-2025-37164 — Code injection in other major tools.

28. CVE-2025-31161 — CrushFTP missing auth — public exploit seen.

29. CVE-2025-2825 — CrushFTP auth bypass variant exploited.

30. CVE-2025-10035 — GoAnywhere MFT deserialization abuse (ransomware).

---

31–40: Other Known Exploited / Weaponized Vulnerabilities

31. CVE-2019-19781 — Citrix ADC/Gateway RCE (still exploited historically).

32. CVE-2019-6693 — FortiOS hardcoded credentials (ransomware use).

33. CVE-2025-24472 — Fortinet FortiOS/Proxy auth bypass.

34. CVE-2024-55591 — Fortinet FortiOS and FortiProxy auth bypass.

35. CVE-2025-5777 — Citrix ADC unsafe memory read.

36. CVE-2025-32463 — Sudo escalation.

37. CVE-2021-44228 (Log4Shell) — ubiquitous Java RCE still exploited in environments.

38. CVE-2024-34102 — Adobe Commerce XXE RCE (CISA KEV).

39. CVE-2025-32709 — Windows zero-day RCE sample with PoC.

40. CVE-2025-32702 — Windows proof-of-concept exploit.

---

41–50: Historical / High-Impact Exploited Vulnerabilities You Should Still Track

41. CVE-2017-0144 (EternalBlue) — Windows SMB RCE used by WannaCry.

42. CVE-2017-8759 — .NET remote code execution used by malware.

43. CVE-2018-4878 — Adobe Flash RCE exploited by DOGCALL malware.

44. CVE-2023-3519 — Citrix ADC RCE (real infrastructure compromise).

45. CVE-2023-3466 / 67 — Citrix ADC appliances exploited together.

46. CVE-2023-4966 — Citrix CitrixBleed buffer overflow attack.

47. CVE-2023-20198 — Cisco IOS XE privilege escalation exploits.

48. CVE-2024-50302 — Android zero-day exploited (historical).

49. CVE-2024-43093 — Android zero-day exploited.

50. CVE-2024-12084 — Rsync critical RCE with public proof-of-concept.