cisa advisory

CISA today added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog — a move that forces federal agencies to prioritize fixes and should put every security team on high alert. The four CVEs are: CVE-2024-43468 (Microsoft Configuration Manager — unauthenticated SQL...

A newly published CISA advisory warns that Airleader Master — a widely deployed compressed-air control and monitoring platform — contains a critical file‑upload vulnerability that can be exploited to achieve remote code execution on affected installations. The advisory assigns the flaw...

CISA has published an industrial control systems advisory warning that RISS SRL’s MOMA Seismic Station firmware up to and including v2.4.2520 (CVE‑2026‑1632) exposes its web management interface without requiring authentication — a design failing that permits unauthenticated remote actors to...

A high-severity advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that multiple models in the KiloView Encoder Series contain a missing authentication for a critical function vulnerability (tracked as CVE‑2026‑1453 in the advisory) that — if successfully...

EVMAPA’s charging‑station software was publicly flagged in a coordinated CISA advisory that assigns three CVE identifiers — CVE‑2025‑54816, CVE‑2025‑53968 and CVE‑2025‑55705 — and classifies the cluster as a high‑to‑critical risk to EV charging infrastructure because successful exploitation can...

CISA confirmed on January 12, 2026 that it has added a high‑severity Gogs path‑traversal vulnerability, tracked as CVE‑2025‑8110, to its Known Exploited Vulnerabilities (KEV) Catalog — a move that triggers urgent remediation requirements for federal agencies under Binding Operational Directive...