CISA KEV
-
CISA adds exploited Langflow and Trend Micro flaws to vulnerability catalog
CISA added exploited flaws in Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities catalog on Thursday, citing active attacks. Federal civilian agencies must patch the issues by June 4, 2026.
-
Microsoft says two Defender flaws are under active exploitation
Microsoft said two Defender vulnerabilities, including one that could lead to SYSTEM privileges, are under active exploitation. CISA has added both flaws to its known exploited list and set a June 3 deadline for federal agencies.
-
CISA adds actively exploited Linux root flaw to known vulnerabilities list
CISA added a Linux kernel privilege escalation flaw known as Copy Fail to its exploited vulnerabilities catalog after signs of active abuse. The issue can let a local user gain root access, and patches are already available.
-
CISA adds six exploited flaws to Known Exploited Vulnerabilities catalog
CISA added six vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, including flaws in Fortinet, Adobe and Microsoft products. Federal agencies face April 27, 2026 deadlines for most fixes.
-
CISA adds two critical Hikvision and Rockwell vulnerabilities to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency added two critical CVE-2017-7921 and CVE-2021-22681 vulnerabilities affecting Hikvision and Rockwell products to its Known Exploited Vulnerabilities catalog, both rated CVSS 9.8.
-
CISA adds four vulnerabilities to KEV catalog and sets federal patch deadline
CISA added four vulnerabilities to its Known Exploited Vulnerabilities catalog on January 22, 2026, citing active exploitation. Federal agencies must apply fixes by February 12, 2026 under BOD 22-01 to secure networks.
-
CISA Adds Gogs Path Traversal CVE-2025-8110 to Known Exploited Vulnerabilities Catalog
CISA added CVE-2025-8110, a high severity Gogs path traversal that can enable code execution, to its Known Exploited Vulnerabilities catalog on January 12 2026. About 1,600 exposed instances exist with several hundred compromised.
-
CISA adds critical ASUS Live Update flaw to known exploited vulnerabilities catalog
CISA added a critical ASUS Live Update vulnerability, CVE-2025-59374 (CVSS 9.3), to its Known Exploited Vulnerabilities catalog citing active exploitation; the flaw stems from a past supply chain compromise and vendors say affected builds were limited to devices meeting specific targeting conditions.
-
CISA orders immediate patching after active exploitation of critical GeoServer XXE flaw
CISA has ordered federal agencies to patch a critical unauthenticated XML External Entity flaw in GeoServer (CVE-2025-58360) that is being actively exploited; researchers warn the bug can disclose files and enable SSRF, and public scans show thousands of exposed instances.
-
CISA adds OpenPLC ScadaBR XSS flaw to Known Exploited Vulnerabilities list amid active attacks
CISA added CVE-2021-26829, a cross-site scripting flaw in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation tied to a hacktivist operation; Forescout and VulnCheck reported related intrusions and a sustained OAST-driven exploit campaign.
