kev catalog

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog — an archival Microsoft PowerPoint code-injection flaw (CVE-2009-0556) and a newly disclosed, critical HPE OneView code-injection/remote-code-execution vulnerability (CVE-2025-37164) — citing evidence of...

CISA says it has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog — a MongoDB flaw tracked as CVE‑2025‑14847 — but independent public records show the underlying bug, vendor fixes, and active‑exploitation reports are better documented than the specific KEV entry...

CISA’s latest KEV catalog update — which adds three high-profile, actively exploited vulnerabilities impacting Cisco, SonicWall, and ASUS products — is another hard reminder that modern vulnerability management is no longer optional. Federal agencies already face binding deadlines under BOD...

CISA’s addition of a Fortinet authentication‑bypass bug to the Known Exploited Vulnerabilities (KEV) Catalog spotlights a high‑risk class of flaws: improper verification of cryptographic signatures in SAML responses. The vulnerability, tracked as CVE‑2025‑59718, affects multiple Fortinet...

Google’s Chromium project patched a high‑risk graphics vulnerability — tracked as CVE‑2025‑14174 — that allowed an out‑of‑bounds memory access in the ANGLE graphics translation layer and was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, creating an urgent, operational...

CISA has added two high‑risk entries to its Known Exploited Vulnerabilities (KEV) Catalog — a hard‑coded cryptography weakness in Gladinet CentreStack and Triofox (CVE‑2025‑14611) and a severe WebKit memory‑corruption/use‑after‑free bug exploited against Apple products (CVE‑2025‑43529) — and...

CISA has added a high‑risk Sierra Wireless AirLink vulnerability, CVE‑2018‑4063, to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation — a move that forces federal agencies to accelerate remediation under BOD 22‑01 and should prompt immediate action by any...

CISA announced this week that it has added two additional vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2022-37055, a buffer overflow affecting certain D‑Link router models, and CVE-2025-66644, an OS command‑injection flaw in Array Networks ArrayOS AG gateways. Both...

CISA has quietly added CVE-2021-26829 — a stored Cross‑Site Scripting (XSS) vulnerability in OpenPLC’s ScadaBR HMI — to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate operational urgency for federal agencies and a practical priority marker for organizations that operate...

CISA’s placement of a Chromium V8 bug—tracked as CVE-2025-13223—into the Known Exploited Vulnerabilities (KEV) Catalog elevates an already urgent browser security issue into a federal remediation priority and forces IT teams to treat every Chromium-based runtime in their environment as a...

Fortinet has published an advisory for a critical relative path traversal vulnerability in FortiWeb that is being actively exploited in the wild, and U.S. federal guidance (CISA) has moved the issue into its Known Exploited Vulnerabilities (KEV) catalog—making immediate remediation essential for...

CISA’s update to the Known Exploited Vulnerabilities (KEV) Catalog once again throws a spotlight on Fortinet’s FortiWeb appliances — but the record is more complicated than a single line item. Federal agencies and enterprise defenders were warned to act quickly after CISA confirmed active...

CISA’s decision to add three fresh entries to its Known Exploited Vulnerabilities (KEV) Catalog marks another urgent reminder that attackers are continuing to weaponize both edge devices and enterprise software against unpatched targets — and that federal agencies and private organizations alike...

CISA has placed a critical Samsung mobile vulnerability — CVE-2025-21042 — into its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation, and has set an accelerated remediation clock for federal agencies while strongly urging all organizations to patch or...

CISA has added two high-risk flaws — a critical XWiki remote code execution and a VMware local privilege escalation — to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation and urging immediate remediation under Binding Operational Directive (BOD) 22-01...

Microsoft pushed an out‑of‑band emergency update on October 23, 2025 to fix a critical remote code execution vulnerability in Windows Server Update Services (WSUS), tracked as CVE‑2025‑59287, and administrators must treat WSUS hosts as a top‑tier remediation priority until every affected server...

Microsoft, CISA and multiple security vendors are now urging immediate action after a high‑severity Windows SMB client vulnerability—CVE-2025-33073—was added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog and is reported to be...

CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog — a move that instantly elevates them into the highest operational priority for federal agencies and a de‑facto urgent patching signal for enterprises. The five entries highlighted in the recent update are...

Microsoft has removed the legacy Agere soft‑modem driver (ltmdm64.sys) from supported Windows images after identifying an elevation‑of‑privilege vulnerability tracked as CVE‑2025‑24990, and that removal was shipped in the October 2025 cumulative updates; any fax or analog modem hardware that...

CISA has added a long-known Grafana directory traversal flaw — CVE-2021-43798 — to its Known Exploited Vulnerabilities (KEV) Catalog, signaling fresh evidence of active exploitation and placing renewed urgency on organizations that still run unpatched Grafana 8.x instances to act immediately...