Advertisement
CISA KEV Update: Active Exploitation of CVE-2022-0492 and CVE-2025-48595
CISA adds Linux Kernel and Android Framework vulnerabilities to its Known Exploited Vulnerabilities catalog. Prioritize patching CVE-2022-0492 and CVE-2025-48595.
Drupal 7.x SQL Injection CVE-2014-3704 — Active Exploitation Alert
CISA adds Drupalgeddon SQL injection (CVE-2014-3704) to KEV catalog, mandating federal agencies to patch critical legacy systems against active exploits.
CISA KEV Update: New Microsoft Defender and Legacy Flaws Exploited
CISA adds seven vulnerabilities, including CVE-2026-41091 and CVE-2026-45498, to the Known Exploited Vulnerabilities catalog. Patch now to prevent compromise.
Cisco Catalyst SD-WAN Authentication Bypass: CVE-2026-20182 Exploit
CISA adds CVE-2026-20182 to its KEV catalog after reports of active exploitation against Cisco Catalyst SD-WAN Controllers. Critical patch required.
Ivanti EPMM CVE-2023-35078 Zero-Day: Urgent CISA Patch Directive
CISA orders federal agencies to patch Ivanti EPMM CVE-2023-35078 within four days following active zero-day exploitation against government networks.
CVE-2026-6973: Ivanti EPMM Exploited in the Wild — Patch Guidance
CISA adds CVE-2026-6973, an improper input validation vulnerability in Ivanti Endpoint Manager Mobile, to the KEV catalog following active exploitation.
CVE-2024-1086: Copy Fail Linux Privilege Escalation Under Exploitation
CISA adds CVE-2024-1086 (Copy Fail) to its KEV catalog after Microsoft observes exploitation of this Linux Netfilter privilege escalation vulnerability.
Windows Kernel LPE CVE-2024-21338: Lazarus Group Exploits Zero-Day
CISA adds CVE-2024-21338 to KEV catalog after Lazarus Group exploited the Windows Kernel vulnerability to deploy rootkits and bypass security controls.
CVE-2024-38107: Microsoft Defender BlueHammer Flaw Exploited - Patch Now
CISA orders federal agencies to patch the BlueHammer zero-day, a critical Microsoft Defender privilege escalation flaw currently under active exploitation.
CISA KEV Update: Eight New Vulnerabilities in Cisco, TeamCity, and Zimbra
CISA adds eight vulnerabilities to the KEV Catalog, including flaws in Cisco SD-WAN and JetBrains TeamCity, requiring immediate federal agency remediation.
CISA Adds 8 Flaws to KEV: Cisco and PaperCut Exploited in the Wild
CISA adds 8 vulnerabilities to its KEV catalog, including PaperCut and Cisco SD-WAN Manager flaws, with federal patching deadlines set for May 2026.
Apache ActiveMQ CVE-2026-34197: CISA KEV Update & Mitigation
CISA adds high-severity CVE-2026-34197 in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog. Learn how to secure your message broker infrastructure.