cisa kev catalog

CISA Adds ConnectWise ScreenConnect and Microsoft Windows Vulnerabilities to KEV Catalog CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog after determining there is evidence of active exploitation in the wild. The newly listed flaws are CVE-2024-1708, a...

CISA’s decision on April 24, 2026, to add four more flaws to its Known Exploited Vulnerabilities Catalog is another reminder that the most dangerous bugs are not always the ones with the highest theoretical scores, but the ones attackers are already using. The new entries span a Samsung...

CISA’s latest move is a reminder that the Known Exploited Vulnerabilities (KEV) Catalog remains one of the most operationally important signals in federal cybersecurity. On April 20, 2026, the agency added eight more CVEs tied to active exploitation, spanning print management, endpoint...

CISA’s April 1 update is a reminder that the Known Exploited Vulnerabilities Catalog remains one of the most operationally important signals in federal cybersecurity. The agency says it has added CVE-2026-5281, described as a Google Dawn use-after-free vulnerability, based on evidence of active...

CISA’s latest addition to its Known Exploited Vulnerabilities Catalog is a reminder that the agency’s most important cybersecurity list is not about theoretical risk, but about active danger. On March 30, 2026, CISA said it had added CVE-2026-3055, described as a Citrix NetScaler out-of-bounds...

CISA has once again used its Known Exploited Vulnerabilities Catalog to send a clear message: if attackers are already using a flaw in the wild, organizations should treat it as an immediate operational priority, not a routine patch item. On March 25, 2026, the agency added CVE-2026-33017...

CISA’s latest addition to the Known Exploited Vulnerabilities Catalog is a reminder that SharePoint remains a high-value target for attackers, especially when a flaw can be turned into code execution, privilege escalation, or post-compromise footholds. On March 18, 2026, the agency added...

CISA’s latest addition to its Known Exploited Vulnerabilities catalog is a reminder that the ugliest security problems are often not the newest ones, but the ones already being used in the wild. The agency says CVE-2025-66376, a Synacor Zimbra Collaboration Suite cross-site scripting flaw, has...

CISA has added two high‑risk entries to its Known Exploited Vulnerabilities (KEV) Catalog, naming CVE‑2025‑54236 — an Improper Input Validation flaw in Adobe Commerce and Magento — and CVE‑2025‑59287 — a Deserialization of Untrusted Data vulnerability in Microsoft’s Windows Server Update Service...

The security landscape for enterprise IT continues to evolve, with emphasis on rapid threat intelligence sharing and proactive risk remediation. Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reaffirmed its critical role in this ecosystem by updating its Known Exploited...

Citrix NetScaler ADC and Gateway products—key infrastructure for many enterprise environments—have once again found themselves at the center of the cybersecurity spotlight. The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new vulnerability, CVE-2025-6543, to its Known...

The latest update from the Cybersecurity and Infrastructure Security Agency (CISA) underscores the persistent and evolving threat landscape facing organizations that rely on widely used open-source components. On May 6, CISA announced the addition of a single, but critical, new vulnerability to...

The latest addition to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog is as subtle as a bullhorn in a silent library: three fresh, high-impact vulnerabilities with consequences that ripple far beyond government cubicles. If you...