CISA Adds 4 CVEs to KEV: Joomla, ColdFusion Under Active Attack
CISA adds four actively exploited vulnerabilities to KEV catalog including two max-severity Joomla plugin flaws and Adobe ColdFusion CVE-2026-48282. Federal deadline is July 10.
50 articles tagged with "Cisa Kev"
CISA adds four actively exploited vulnerabilities to KEV catalog including two max-severity Joomla plugin flaws and Adobe ColdFusion CVE-2026-48282. Federal deadline is July 10.
CISA confirms ransomware groups are exploiting CVE-2026-33825, a Microsoft Defender privilege escalation flaw leaked in April. Patch urgently if you haven't already.
CVE-2026-45659 lets authenticated attackers with basic Site Member permissions execute arbitrary code on SharePoint servers. CISA added it to KEV after confirming active exploitation.
CVE-2026-20182 allows unauthenticated attackers to inject rogue peers into Cisco SD-WAN fabrics. Active exploitation since May; no workaround available—patch immediately.
CVE-2026-48558 lets attackers bypass OIDC auth and register as technicians. CISA added it to KEV June 29 after TaskWeaver and Djinn Stealer deployments.
CVE-2026-12569 (CVSS 9.3) in PTC Windchill PLM software is being exploited to deploy web shells. First PTC product ever added to CISA KEV catalog.
CVE-2026-20253 in Splunk Enterprise lets unauthenticated attackers execute code via an unprotected PostgreSQL sidecar. Over 1,400 instances exposed. Patch or disable the service now.
CISA confirms active exploitation of CVE-2025-67038 (CVSS 9.8) in Lantronix EDS5000 serial-to-IP devices. The command injection flaw grants root access. Federal deadline is June 26.
CVE-2026-50751 allows unauthenticated VPN access via IKEv1 certificate validation flaw. CISA gave federal agencies three days to patch after linking attacks to ransomware affiliate.
CVE-2026-48907 in Joomla Content Editor allows unauthenticated attackers to upload and execute PHP code. CISA added it to the KEV catalog after active exploitation deploying web shells.
CVE-2026-54420 exploits symlink mishandling to escalate privileges on shared hosting servers. CISA mandates federal patching within 48 hours as attackers target multi-tenant environments.
CVE-2026-20262 joins CVE-2026-20245 on CISA's exploited vulnerabilities list. Attackers deploy malicious .war files via path traversal to gain root access on Catalyst SD-WAN Manager.
CISA orders federal agencies to patch CVSS 10.0 Ivanti Sentry flaw within 3 days—the first application of BOD 26-04. Exploitation is automated and widespread.
CVE-2026-7473 lets attackers bypass tunnel security controls on Arista network devices. CISA added it to KEV—but Arista says patching would 'break existing configurations.'
CVE-2026-42271 in LiteLLM chains with Starlette bypass for unauthenticated remote code execution. CISA adds to KEV catalog after active exploitation confirmed.
CVE-2026-28318 lets unauthenticated attackers crash SolarWinds Serv-U servers via malformed POST requests. CISA sets June 19 federal deadline after confirming active exploitation.
CVE-2026-45247 in Mirasvit Full Page Cache Warmer allows unauthenticated RCE via PHP deserialization. CISA confirms active exploitation targeting e-commerce sites.
CVE-2024-21182 under active exploitation against Oracle Fusion deployments. CVSS 7.5 unauthenticated takeover—federal deadline is June 4, 2026.
Microsoft Exchange Server zero-day CVE-2026-42897 enables session hijacking via malicious emails. Active exploitation confirmed with no permanent fix available.
CVE-2026-0257 lets attackers forge VPN cookies to access internal networks without credentials. CISA adds to KEV after Rapid7 confirms exploitation since May 17. Federal deadline June 19.
Daemon Tools, TanStack, and Nx Console all compromised via supply chain attacks. CVSS scores up to 9.5. CISA mandates federal remediation by June 10.
CVE-2026-20182 lets unauthenticated attackers gain admin access to Cisco Catalyst SD-WAN controllers. CISA adds to KEV with federal deadline. Here's what you need to know.
Critical CVE-2026-48172 in LiteSpeed cPanel plugin enables root privilege escalation. CVSS 10.0, actively exploited, CISA KEV deadline May 29. Patch immediately.
CVE-2026-34926 lets attackers inject malicious code into Apex One servers and deploy it to all connected endpoint agents. CISA confirms active exploitation with June 4 federal deadline.
CISA adds CVE-2025-34291 to KEV after Iranian APT MuddyWater weaponizes the CORS/CSRF chain for account takeover and RCE. CVSS 9.4 flaw requires only a malicious link click.
CVE-2026-9082 exploitation began within hours of patch release. Imperva tracked 15,000+ attacks against PostgreSQL-backed Drupal sites across 65 countries in the first two days.
CVE-2026-20182 allows unauthenticated attackers to gain admin access to Cisco Catalyst SD-WAN controllers. CISA added it to the KEV catalog after confirmed exploitation.
CVE-2026-42208, a CVSS 9.3 pre-auth SQL injection in the LiteLLM LLM gateway, was weaponized within 36 hours of disclosure. CISA added it to KEV with a May 11 federal deadline.
CVE-2026-6973 lets attackers achieve RCE on Ivanti Endpoint Manager Mobile with admin credentials. CISA added it to KEV with a two-day patch deadline for federal agencies.
CISA added eight vulnerabilities to its KEV catalog including three Cisco Catalyst SD-WAN Manager flaws. Federal agencies face an April 23 deadline for the Cisco patches.
CVE-2026-34197 lets attackers execute arbitrary code via ActiveMQ's Jolokia API. CISA mandates federal patching by April 30 as exploitation peaks.
NIST will only enrich CVEs in CISA KEV, federal software, or critical infrastructure. Pre-March 2026 backlog moved to 'Not Scheduled.' Here's what security teams need to know.
CVE-2026-39987 in Marimo Python notebooks allows unauthenticated RCE via terminal WebSocket. Attackers weaponized it within hours. Patch to 0.23.0 now.
CVE-2026-3055 now actively exploited. CISA adds the CVSS 9.3 memory leak to KEV catalog, giving federal agencies until April 2 to patch SAML IdP configurations.
CISA added CVE-2025-53521 to its KEV catalog after F5 reclassified the BIG-IP APM vulnerability from DoS to remote code execution. CVSS 9.8—federal deadline is March 30.
Five vulnerabilities under active exploitation added to CISA's KEV catalog. Federal agencies must patch by April 3, 2026. Includes three Apple kernel flaws and Laravel RCE.
CISA confirms active exploitation of VMware Aria Operations CVE-2026-22719, a command injection flaw enabling unauthenticated RCE. Patch by March 24.
CISA added Microsoft SharePoint CVE-2026-20963 to the KEV catalog after confirming active exploitation. Federal agencies must patch by March 21.
CISA renews warnings about CVE-2025-47812, a CVSS 10.0 vulnerability in Wing FTP Server that grants attackers root/SYSTEM access. Over 8,000 servers remain exposed.
Google patches two actively exploited Chrome zero-days affecting Skia graphics and V8 JavaScript engine. CISA adds both to KEV catalog with March 27 deadline.
CVE-2025-68613 allows authenticated attackers to execute arbitrary code on n8n workflow servers. CISA gives federal agencies until March 25 to patch.
CVE-2026-1603 allows unauthenticated attackers to steal credential vaults from Ivanti Endpoint Manager. CISA added it to KEV catalog after exploitation detected.
Federal agencies must patch CVE-2017-7921 and CVE-2021-22681 by March 26. Hikvision cameras face active exploitation; Rockwell PLCs at risk.
CISA flags FileZen command injection flaw (CVE-2026-25108, CVSS 8.7) as actively exploited. Federal agencies must patch by March 17, 2026.
CVE-2025-22225 sandbox escape now confirmed as a ransomware attack vector. Exploitation toolkit predates Broadcom's patch by a full year.
CVE-2026-24423 lets unauthenticated attackers execute OS commands on SmarterMail servers. CISA confirms active ransomware exploitation and sets a February 26 patch deadline.
CVE-2025-8110 allows authenticated attackers to achieve RCE on self-hosted Git servers via path traversal. Over 700 instances already compromised.
CVE-2026-23760 enables unauthenticated admin takeover in SmarterMail. Exploitation began two days after patch release.