10 articles tagged with "Cisa Kev"
CVE-2026-1603 allows unauthenticated attackers to steal credential vaults from Ivanti Endpoint Manager. CISA added it to KEV catalog after exploitation detected.
Federal agencies must patch CVE-2017-7921 and CVE-2021-22681 by March 26. Hikvision cameras face active exploitation; Rockwell PLCs at risk.
CISA adds CVE-2026-22719 to Known Exploited Vulnerabilities catalog after confirming active exploitation of VMware Aria Operations command injection flaw.
CISA flags FileZen command injection flaw (CVE-2026-25108, CVSS 8.7) as actively exploited. Federal agencies must patch by March 17, 2026.
CVE-2025-22225 sandbox escape now confirmed as a ransomware attack vector. Exploitation toolkit predates Broadcom's patch by a full year.
CVE-2026-24423 lets unauthenticated attackers execute OS commands on SmarterMail servers. CISA confirms active ransomware exploitation and sets a February 26 patch deadline.
CVE-2025-8110 allows authenticated attackers to achieve RCE on self-hosted Git servers via path traversal. Over 700 instances already compromised.
CVE-2026-23760 enables unauthenticated admin takeover in SmarterMail. Exploitation began two days after patch release.
From Fortinet to SonicWall, authentication bypass vulnerabilities share common traits. Understanding these patterns helps security teams prioritize patching.
Federal agencies have until January 19 to patch CVE-2025-14847. Security researchers release open-source detection tool as attackers harvest credentials from exposed servers.