Advertisement
CVE-2026-31431: Linux Kernel Resource Transfer Vulnerability Actively Exploited
CISA adds CVE-2026-31431, a Linux Kernel incorrect resource transfer vulnerability, to its KEV catalog due to active exploitation. Prioritize remediation.
CISA KEV Catalog Adds Exploited Samsung and SimpleHelp Vulnerabilities
CISA adds four exploited flaws in SimpleHelp, Samsung MagicINFO 9, and D-Link routers to its KEV catalog, mandating remediation by May 2026.
CVE-2026-33825: Microsoft Defender Access Control Exploit Analysis
CISA adds CVE-2026-33825 to the KEV catalog following active exploitation of Microsoft Defender's access control mechanisms. Learn how to secure your systems.
CVE-2024-38094: 1,300+ SharePoint Servers At Risk of RCE
Over 1,300 Microsoft SharePoint servers remain unpatched against CVE-2024-38094, a critical RCE vulnerability actively exploited by threat actors.
CVE-2023-46604: Apache ActiveMQ RCE Exploited in the Wild
CISA warns of active exploitation for CVE-2023-46604, a critical RCE flaw in Apache ActiveMQ used by ransomware groups. Update to version 5.18.3 or later.
CVE-2022-21882: CISA Warns of Windows Task Host Exploit in the Wild
CISA adds CVE-2022-21882 to the KEV catalog. Learn how to mitigate this Windows Task Host privilege escalation vulnerability affecting Win32k.sys.
CISA KEV Catalog Update: Microsoft Office RCE and SharePoint Exploited
CISA adds CVE-2009-0238 (Microsoft Office RCE) and CVE-2026-32201 (SharePoint Server input validation) to its Known Exploited Vulnerabilities Catalog. All organizations
CISA KEV Remediation Exposes Human-Scale Security Limits
Analysis of 1 billion CISA KEV records by Qualys exposes critical vulnerabilities are often exploited before organizations can patch them, highlighting limits of
CVE-2026-1340: Ivanti EPMM Code Injection — Patch Now
CISA adds CVE-2026-1340, a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its KEV Catalog due to active exploitation. Immediate
CVE-2026-5281: Google Dawn RCE via Use-After-Free — Mitigation Guide
CISA adds CVE-2026-5281 to the Known Exploited Vulnerabilities Catalog following evidence of active exploitation in Google Dawn's WebGPU implementation.
CVE-2023-3519: Patching Active RCE in Citrix NetScaler ADC
CISA mandates federal agencies patch CVE-2023-3519, an unauthenticated RCE flaw in Citrix NetScaler ADC and Gateway actively exploited in the wild.
CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read Under Active Exploitation
CISA adds CVE-2026-3055, an actively exploited Citrix NetScaler Out-of-Bounds Read vulnerability, to its KEV Catalog, urging immediate remediation.