Advertisement
CVE-2026-33017: Langflow Code Injection - Patch Immediately
CISA adds actively exploited Langflow Code Injection Vulnerability (CVE-2026-33017) to KEV catalog. Critical patch urged for all organizations.
Quest KACE SMA CVE-2025-32975 Exploited — Critical Patch Guidance
Threat actors are exploiting a critical CVSS 10.0 vulnerability, CVE-2025-32975, in Quest KACE Systems Management Appliances exposed to the internet.
CVE-2026-20963: Microsoft SharePoint Deserialization Exploit — Patch Now
CISA adds CVE-2026-20963, a Microsoft SharePoint deserialization vulnerability, to its KEV catalog due to active exploitation. Immediate patching is critical for all
CISA KEV Update: Five Actively Exploited CVEs in Apple, Hikvision, Rockwell
CISA adds five actively exploited vulnerabilities, including Apple iOS/iPadOS use-after-free and Hikvision improper authentication, to its KEV Catalog. Patch these
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited for Admin Access
CVE-2026-20127 is a critical CVSS 10.0 flaw in Cisco SD-WAN controllers exploited since 2023, allowing unauthenticated remote administrative access.
CISA Adds Two Cisco SD-WAN Exploits to KEV Catalog
CISA adds CVE-2022-20775 (Path Traversal) and CVE-2026-20127 (Auth Bypass) affecting Cisco SD-WAN to its Known Exploited Vulnerabilities Catalog.
CISA Alert: CVE-2026-25108 Soliton FileZen OS Command Injection Exploited
CISA adds CVE-2026-25108, a Soliton Systems FileZen OS Command Injection vulnerability, to KEV Catalog due to active exploitation. Immediate remediation advised.