Vulnerabilities
CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution.
Hi, what are you looking for?
SecurityWeek
All posts tagged "CISA KEV"
Vulnerabilities
The flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers.
Vulnerabilities
The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges.
Government
The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries.
Vulnerabilities
An improper authentication bug allows attackers to escalate their privileges and escape containers.
Vulnerabilities
The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers.
Vulnerabilities
Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges.
Vulnerabilities
CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before.
Vulnerabilities
To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched.
Vulnerabilities
Experts say this is the second-largest Microsoft Patch Tuesday ever based on CVE count.
Vulnerabilities
The security defects allow attackers to escalate privileges and execute arbitrary code remotely.
Malware & Threats
Insufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser.
Vulnerabilities
The SharePoint remote code execution vulnerability CVE-2026-20963, which Microsoft patched in January, has been exploited in the wild.
Vulnerabilities
Tracked as CVE-2025-47813, the flaw leads to the disclosure of the full local installation path of the application.
Vulnerabilities
CISA has added the high-severity authentication bypass vulnerability to its KEV list, along with SolarWinds and Workspace One bugs.
Vulnerabilities
The nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1.
ICS/OT
The vulnerability was disclosed and mitigated in 2021 but its in-the-wild exploitation has only now come to light.
Nation-State
The vulnerability in TeamT5 ThreatSonar Anti-Ransomware was recently added to CISA’s KEV catalog.
Email Security
Patched in December 2025, the exploited flaw leads to XSS attacks via the animate tags in SVG documents.
Vulnerabilities
The vulnerability added to CISA’s KEV catalog affects ThreatSonar Anti-Ransomware and it was patched in 2024.
Artificial Intelligence
Come vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said.
Artificial Intelligence
Data Protection
Mobile & Wireless
Data Breaches
Artificial Intelligence
Named EmberAI, the new capability is built on Dragos’ massive operational technology cybersecurity dataset.
Artificial Intelligence
CISO Conversations