You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cisa kev
About this tag
The CISA KEV tag covers discussions on WindowsForum.com about vulnerabilities added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities Catalog. Recent threads detail actively exploited flaws in products such as Adobe ColdFusion, Microsoft SharePoint, Splunk Enterprise, Cisco Unified Communications Manager, and various web applications and network appliances. The content emphasizes that KEV entries signal urgent remediation deadlines for federal agencies and practical fire alarms for all organizations, often highlighting risks in enterprise-adjacent software rather than Windows itself. Common themes include patch management urgency, active exploitation evidence, and the operational impact on Windows Server environments, Active Directory, and SOC workflows.
CISA has added two actively exploited file-upload flaws—CVE-2026-48939 in iCagenda and CVE-2026-56291 in Balbooa Forms—to its Known Exploited Vulnerabilities Catalog, putting exposed deployments on an urgent remediation and investigation track. The immediate targets are web applications rather...
CISA added CVE-2026-48282, a critical Adobe ColdFusion path traversal vulnerability, to its Known Exploited Vulnerabilities catalog on July 7, 2026, after determining that attackers are actively exploiting the flaw in the wild. The move turns what might have looked like another high-severity...
CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog on July 7, 2026, covering JoomShaper SP Page Builder, Langflow, and Joomlack Page Builder after receiving evidence that attackers are already using the flaws in the wild. The update is small in...
On July 1, 2026, CISA added CVE-2026-45659, a Microsoft SharePoint Server deserialization vulnerability with evidence of active exploitation, to its Known Exploited Vulnerabilities Catalog, putting federal agencies and private operators of exposed SharePoint systems on a faster remediation...
On June 29, 2026, CISA added CVE-2026-48558, a SimpleHelp authentication bypass flaw affecting OIDC-enabled remote support deployments, to its Known Exploited Vulnerabilities Catalog after determining that attackers are actively exploiting the bug in the wild against exposed systems. The...
CISA on June 25, 2026, added CVE-2026-12569 in PTC Windchill and FlexPLM and CVE-2026-20230 in Cisco Unified Communications Manager to its Known Exploited Vulnerabilities Catalog after determining that both flaws are being exploited in the wild. The move is more than another line item in a...
On June 23, 2026, CISA added four actively exploited vulnerabilities affecting Lantronix EDS5000 secure device servers and Ubiquiti UniFi OS devices to its Known Exploited Vulnerabilities Catalog, signaling that federal agencies and private operators should treat remediation as an immediate...
CISA added CVE-2026-20253, a critical Splunk Enterprise missing-authentication vulnerability, to its Known Exploited Vulnerabilities Catalog on June 18, 2026, after finding evidence that attackers are actively exploiting the flaw against vulnerable systems. The notice is short, but the...
On June 16, 2026, CISA added CVE-2026-48907, an actively exploited improper access control flaw in the Widget Factory Joomla Content Editor, to its Known Exploited Vulnerabilities Catalog, warning federal agencies and private defenders to prioritize remediation where exposed systems are at risk...
On June 15, 2026, CISA added CVE-2026-20262 in Cisco Catalyst SD-WAN Manager and CVE-2026-54420 in the LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities Catalog after confirming evidence of active exploitation in the wild. The move is not just another routine catalog update. It is...
CISA added CVE-2026-35273, a critical Oracle PeopleSoft Enterprise PeopleTools flaw, to its Known Exploited Vulnerabilities catalog on June 12, 2026, after determining that attackers are actively exploiting the missing-authentication vulnerability in the wild. The move turns what might have...
CISA on June 11, 2026 added CVE-2026-10520, a critical Ivanti Sentry OS command injection flaw enabling unauthenticated root-level remote code execution, to its Known Exploited Vulnerabilities catalog after evidence showed the bug is being actively exploited against exposed systems. The move...
CISA added CVE-2026-7473 in Arista EOS, CVE-2026-11645 in Google Chromium V8, and CVE-2026-20245 in Cisco Catalyst SD-WAN Manager to its Known Exploited Vulnerabilities Catalog on June 9, 2026, after determining that all three are being actively exploited in the wild. The agency’s move is not...
On June 8, 2026, CISA added CVE-2026-42271 in BerriAI LiteLLM and CVE-2026-50751 in Check Point Security Gateway to its Known Exploited Vulnerabilities catalog after determining that both flaws are being actively exploited in the wild, with federal remediation obligations now attached. The...
CISA added CVE-2026-28318, an actively exploited SolarWinds Serv-U uncontrolled resource consumption flaw, to its Known Exploited Vulnerabilities catalog on June 5, 2026, warning federal agencies and private defenders that exposed file-transfer infrastructure now belongs at the front of the...
CISA added CVE-2026-45247, a critical Mirasvit Full Page Cache Warmer vulnerability affecting Magento 2 and Adobe Commerce storefronts, to its Known Exploited Vulnerabilities catalog on June 3, 2026, after evidence emerged that attackers were exploiting it in the wild. The move turns what might...
On June 2, 2026, CISA added CVE-2022-0492, a Linux kernel cgroups privilege-escalation flaw, and CVE-2025-48595, an Android Framework integer-overflow flaw, to its Known Exploited Vulnerabilities Catalog after determining both are being exploited in the wild. That terse federal alert is more...
CISA added CVE-2024-21182, an Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities Catalog on June 1, 2026, after determining that attackers were actively exploiting the flaw against systems running affected Oracle Fusion Middleware WebLogic versions in the wild and...
On May 29, 2026, CISA added CVE-2026-0257, a Palo Alto Networks PAN-OS GlobalProtect authentication bypass vulnerability under active exploitation, to its Known Exploited Vulnerabilities catalog, requiring U.S. federal civilian agencies to remediate it by the catalog deadline. The alert is...
CISA added CVE-2026-8398, CVE-2026-45321, and CVE-2026-48027 to its Known Exploited Vulnerabilities Catalog on May 27, 2026, after confirming active exploitation affecting DAEMON Tools Lite, TanStack packages, and the Nx Console developer extension. The move is more than another federal patching...