PROBABLYPWNED
Home/Tag/Cisa Kev

Cisa Kev

50 articles tagged with "Cisa Kev"

Cisco SD-WAN Zero-Day Exploited Since May—CVSS 10.0
Vulnerabilities3 min read

Cisco SD-WAN Zero-Day Exploited Since May—CVSS 10.0

CVE-2026-20182 allows unauthenticated attackers to inject rogue peers into Cisco SD-WAN fabrics. Active exploitation since May; no workaround available—patch immediately.

Marcus ChenJul 1, 2026
CISA Orders Patch for CVSS 10 Joomla JCE Flaw by June 19
Vulnerabilities4 min read

CISA Orders Patch for CVSS 10 Joomla JCE Flaw by June 19

CVE-2026-48907 in Joomla Content Editor allows unauthenticated attackers to upload and execute PHP code. CISA added it to the KEV catalog after active exploitation deploying web shells.

Marcus ChenJun 18, 2026
LiteSpeed cPanel Flaw Gives FTP Users Root Access
Vulnerabilities3 min read

LiteSpeed cPanel Flaw Gives FTP Users Root Access

CVE-2026-54420 exploits symlink mishandling to escalate privileges on shared hosting servers. CISA mandates federal patching within 48 hours as attackers target multi-tenant environments.

Marcus ChenJun 17, 2026
Second Cisco SD-WAN Zero-Day Hits CISA KEV in Two Weeks
Vulnerabilities3 min read

Second Cisco SD-WAN Zero-Day Hits CISA KEV in Two Weeks

CVE-2026-20262 joins CVE-2026-20245 on CISA's exploited vulnerabilities list. Attackers deploy malicious .war files via path traversal to gain root access on Catalyst SD-WAN Manager.

Marcus ChenJun 17, 2026
Arista Refuses to Patch Exploited Flaw Added to CISA KEV
Vulnerabilities3 min read

Arista Refuses to Patch Exploited Flaw Added to CISA KEV

CVE-2026-7473 lets attackers bypass tunnel security controls on Arista network devices. CISA added it to KEV—but Arista says patching would 'break existing configurations.'

Vulnerability DeskJun 11, 2026
Trend Micro Apex One Zero-Day Added to CISA KEV
Vulnerabilities3 min read

Trend Micro Apex One Zero-Day Added to CISA KEV

CVE-2026-34926 lets attackers inject malicious code into Apex One servers and deploy it to all connected endpoint agents. CISA confirms active exploitation with June 4 federal deadline.

Vulnerability DeskMay 24, 2026
MuddyWater Exploits Langflow Flaw for Initial Access
Vulnerabilities3 min read

MuddyWater Exploits Langflow Flaw for Initial Access

CISA adds CVE-2025-34291 to KEV after Iranian APT MuddyWater weaponizes the CORS/CSRF chain for account takeover and RCE. CVSS 9.4 flaw requires only a malicious link click.

Vulnerability DeskMay 24, 2026
NIST Drops NVD Enrichment for Most CVEs After 263% Surge
Tools4 min read

NIST Drops NVD Enrichment for Most CVEs After 263% Surge

NIST will only enrich CVEs in CISA KEV, federal software, or critical infrastructure. Pre-March 2026 backlog moved to 'Not Scheduled.' Here's what security teams need to know.

ProbablyPwned Editorial TeamApr 18, 2026
CISA Adds Apple, Craft CMS, Laravel Bugs to KEV Catalog
Vulnerabilities4 min read

CISA Adds Apple, Craft CMS, Laravel Bugs to KEV Catalog

Five vulnerabilities under active exploitation added to CISA's KEV catalog. Federal agencies must patch by April 3, 2026. Includes three Apple kernel flaws and Laravel RCE.

Vulnerability DeskMar 21, 2026
SmarterMail Flaw Exploited in Ransomware Attacks
Vulnerabilities3 min read

SmarterMail Flaw Exploited in Ransomware Attacks

CVE-2026-24423 lets unauthenticated attackers execute OS commands on SmarterMail servers. CISA confirms active ransomware exploitation and sets a February 26 patch deadline.

Vulnerability DeskFeb 6, 2026