The CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021. Your IT department or MSP should have addressed these already.
| CVE | Vulnerability Name | Vendor and Product | Type |
| CVE-2021-44228 | Log4Shell | Apache Log4j | Remote code execution (RCE) |
| CVE-2021-40539 | Zoho ManageEngine AD SelfService Plus | RCE | |
| CVE-2021-34523 | ProxyShell | Microsoft Exchange Server | Elevation of privilege |
| CVE-2021-34473 | ProxyShell | Microsoft Exchange Server | RCE |
| CVE-2021-31207 | ProxyShell | Microsoft Exchange Server | Security feature bypass |
| CVE-2021-27065 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26858 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26857 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26855 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26084
|
Atlassian Confluence Server and Data Center | Arbitrary code execution | |
| CVE-2021-21972 | VMware vSphere Client | RCE | |
| CVE-2020-1472 | ZeroLogon | Microsoft Netlogon Remote Protocol (MS-NRPC) | Elevation of privilege |
| CVE-2020-0688 | Microsoft Exchange Server | RCE | |
| CVE-2019-11510 | Pulse Secure Pulse Connect Secure | Arbitrary file reading | |
| CVE-2018-13379 | Fortinet FortiOS and FortiProxy | Path traversal |