kev catalog

Google’s Chromium project patched a high‑risk graphics vulnerability — tracked as CVE‑2025‑14174 — that allowed an out‑of‑bounds memory access in the ANGLE graphics translation layer and was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, creating an urgent, operational...

CISA has added two high‑risk entries to its Known Exploited Vulnerabilities (KEV) Catalog — a hard‑coded cryptography weakness in Gladinet CentreStack and Triofox (CVE‑2025‑14611) and a severe WebKit memory‑corruption/use‑after‑free bug exploited against Apple products (CVE‑2025‑43529) — and...

CISA has added a high‑risk Sierra Wireless AirLink vulnerability, CVE‑2018‑4063, to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation — a move that forces federal agencies to accelerate remediation under BOD 22‑01 and should prompt immediate action by any...

CISA announced this week that it has added two additional vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2022-37055, a buffer overflow affecting certain D‑Link router models, and CVE-2025-66644, an OS command‑injection flaw in Array Networks ArrayOS AG gateways. Both...

CISA has quietly added CVE-2021-26829 — a stored Cross‑Site Scripting (XSS) vulnerability in OpenPLC’s ScadaBR HMI — to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate operational urgency for federal agencies and a practical priority marker for organizations that operate...

CISA’s placement of a Chromium V8 bug—tracked as CVE-2025-13223—into the Known Exploited Vulnerabilities (KEV) Catalog elevates an already urgent browser security issue into a federal remediation priority and forces IT teams to treat every Chromium-based runtime in their environment as a...

Fortinet has published an advisory for a critical relative path traversal vulnerability in FortiWeb that is being actively exploited in the wild, and U.S. federal guidance (CISA) has moved the issue into its Known Exploited Vulnerabilities (KEV) catalog—making immediate remediation essential for...

CISA’s update to the Known Exploited Vulnerabilities (KEV) Catalog once again throws a spotlight on Fortinet’s FortiWeb appliances — but the record is more complicated than a single line item. Federal agencies and enterprise defenders were warned to act quickly after CISA confirmed active...

CISA’s decision to add three fresh entries to its Known Exploited Vulnerabilities (KEV) Catalog marks another urgent reminder that attackers are continuing to weaponize both edge devices and enterprise software against unpatched targets — and that federal agencies and private organizations alike...

CISA has placed a critical Samsung mobile vulnerability — CVE-2025-21042 — into its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation, and has set an accelerated remediation clock for federal agencies while strongly urging all organizations to patch or...

CISA has added two high-risk flaws — a critical XWiki remote code execution and a VMware local privilege escalation — to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation and urging immediate remediation under Binding Operational Directive (BOD) 22-01...

Microsoft pushed an out‑of‑band emergency update on October 23, 2025 to fix a critical remote code execution vulnerability in Windows Server Update Services (WSUS), tracked as CVE‑2025‑59287, and administrators must treat WSUS hosts as a top‑tier remediation priority until every affected server...

Microsoft, CISA and multiple security vendors are now urging immediate action after a high‑severity Windows SMB client vulnerability—CVE-2025-33073—was added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog and is reported to be...

CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog — a move that instantly elevates them into the highest operational priority for federal agencies and a de‑facto urgent patching signal for enterprises. The five entries highlighted in the recent update are...

Microsoft has removed the legacy Agere soft‑modem driver (ltmdm64.sys) from supported Windows images after identifying an elevation‑of‑privilege vulnerability tracked as CVE‑2025‑24990, and that removal was shipped in the October 2025 cumulative updates; any fax or analog modem hardware that...

CISA has added a long-known Grafana directory traversal flaw — CVE-2021-43798 — to its Known Exploited Vulnerabilities (KEV) Catalog, signaling fresh evidence of active exploitation and placing renewed urgency on organizations that still run unpatched Grafana 8.x instances to act immediately...

CISA has added CVE-2025-27915 — a stored cross-site scripting (XSS) bug in the Classic Web Client of Synacor’s Zimbra Collaboration Suite (ZCS) — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and urging immediate remediation by federal agencies and...

CISA’s Known Exploited Vulnerabilities (KEV) Catalog grew again this week when the agency added seven vulnerabilities to the list — a mix of decade‑old, well‑documented browser and Windows flaws, a high‑impact Linux kernel bug, and a freshly disclosed Oracle E‑Business Suite remote code...

CISA’s Known Exploited Vulnerabilities (KEV) Catalog has grown again — this time with five additions that span decades-old, high‑impact bugs through actively exploited 2025 zero‑days — and the practical consequence is unchanged: these CVEs move from “interesting” to urgent for defenders...

CISA has quietly but urgently updated its Known Exploited Vulnerabilities (KEV) Catalog to include five freshly observed, actively exploited flaws — spanning a PHP-based database tool, enterprise managed file transfer, major network operating systems, an email security appliance, and the...