Australia, U.K., UK, FBI issue joint advisory on most exploited vulnerabilities in 2020 and 2021. Top 30 vulnerabilities span a wide range of software, including remote work, virtual private networks, and cloud-based technologies. Microsoft, Pulse Secure, Fortinet, Accellion, Citrix, F5 Big IP, Atlassian, and Drupal are among the most routinely exploited flaws in 2020. Microsoft Office memory corruption vulnerability is the most commonly exploited vulnerability in 2020 at 9.8 (CVSS score: 7.8)
Source: https://thehackernews.com/2021/07/top-30-critical-security.html