Advertisement
CVE-2022-25247: PTC Windchill RCE Exploited in the Wild
CISA warns of active exploitation of CVE-2022-25247, an RCE flaw in PTC Windchill PLM software. Learn how to detect and mitigate this critical threat.

SolarWinds Serv-U DoS Vulnerability CVE-2026-28318 Added to CISA KEV
CISA adds CVE-2026-28318 to its KEV catalog following active exploitation of a high-severity DoS vulnerability in SolarWinds Serv-U file server software.
CVE-2026-45247: Mirasvit Full Page Cache Warmer Exploited — Patch Now
CISA adds CVE-2026-45247, a deserialization vulnerability in Mirasvit Full Page Cache Warmer for Magento, to the KEV catalog after reports of active exploitation.
CISA KEV Update: Active Exploitation of CVE-2022-0492 and CVE-2025-48595
CISA adds Linux Kernel and Android Framework vulnerabilities to its Known Exploited Vulnerabilities catalog. Prioritize patching CVE-2022-0492 and CVE-2025-48595.
Drupal 7.x SQL Injection CVE-2014-3704 — Active Exploitation Alert
CISA adds Drupalgeddon SQL injection (CVE-2014-3704) to KEV catalog, mandating federal agencies to patch critical legacy systems against active exploits.
CISA KEV Update: New Microsoft Defender and Legacy Flaws Exploited
CISA adds seven vulnerabilities, including CVE-2026-41091 and CVE-2026-45498, to the Known Exploited Vulnerabilities catalog. Patch now to prevent compromise.

Cisco Catalyst SD-WAN Authentication Bypass: CVE-2026-20182 Exploit
CISA adds CVE-2026-20182 to its KEV catalog after reports of active exploitation against Cisco Catalyst SD-WAN Controllers. Critical patch required.
Ivanti EPMM CVE-2023-35078 Zero-Day: Urgent CISA Patch Directive
CISA orders federal agencies to patch Ivanti EPMM CVE-2023-35078 within four days following active zero-day exploitation against government networks.
CVE-2026-6973: Ivanti EPMM Exploited in the Wild — Patch Guidance
CISA adds CVE-2026-6973, an improper input validation vulnerability in Ivanti Endpoint Manager Mobile, to the KEV catalog following active exploitation.
CVE-2024-1086: Copy Fail Linux Privilege Escalation Under Exploitation
CISA adds CVE-2024-1086 (Copy Fail) to its KEV catalog after Microsoft observes exploitation of this Linux Netfilter privilege escalation vulnerability.
Windows Kernel LPE CVE-2024-21338: Lazarus Group Exploits Zero-Day
CISA adds CVE-2024-21338 to KEV catalog after Lazarus Group exploited the Windows Kernel vulnerability to deploy rootkits and bypass security controls.
CVE-2024-38107: Microsoft Defender BlueHammer Flaw Exploited - Patch Now
CISA orders federal agencies to patch the BlueHammer zero-day, a critical Microsoft Defender privilege escalation flaw currently under active exploitation.