Tag

#CISA KEV

15 stories taggedCISA KEV.

Vulnerabilities

CISA Flags SharePoint Deserialization Bug CVE-2026-45659 as Actively Exploited

The RCE flaw joins KEV with a three-week federal patch deadline. Attribution details remain thin.

2 min
Vulnerabilities

Active Exploitation Hits PTC Windchill as Attackers Drop Web Shells on PLM Systems

A critical deserialization flaw in software used by Boeing, Lockheed Martin, and BMW is drawing threat actors toward some of the most sensitive intellectual property in global manufacturing.

2 min
Vulnerabilities

PTC Windchill RCE Lands on CISA's KEV After Web Shells Show Up in the Wild

A pre-auth code execution bug in PTC's PLM stack is being actively exploited. If you run Windchill or FlexPLM, the patch clock started a while ago.

2 min
Vulnerabilities

CISA Flags Active Exploitation of Lantronix EDS5000 Code Injection Bug

CVE-2025-67038 carries a 9.8 CVSS. Federal agencies have until June 26, 2026 to patch — but if it's already being hit in the wild, that runway looks generous.

2 min
Vulnerabilities

CISA Flags Joomla Content Editor Bug as Actively Exploited; CVSS 10.0

CVE-2026-48907 in Widget Factory's JCE extension hands attackers arbitrary file actions on unpatched Joomla sites. Federal agencies get the standard three weeks.

2 min
Vulnerabilities

CISA Adds LiteSpeed cPanel Plugin Bug to KEV After In-the-Wild Exploitation

CVE-2026-54420 (CVSS 8.5) lets attackers escalate to root on hosts running the LiteSpeed cPanel plugin. Federal agencies have until June 18, 2026 to patch.

3 min
AI Security

LiteLLM Command Injection Hits CISA KEV as Attackers Chain to RCE

CVE-2026-42271 lets any authenticated user run shell commands on the LiteLLM proxy. CISA says it's already being exploited.

2 min
Vulnerabilities

CISA Flags SolarWinds Serv-U DoS Bug as Actively Exploited

CVE-2026-28318 crashes the file transfer service. Federal agencies get the usual three-week patch window.

2 min
Vulnerabilities

CISA Flags Magento Cache Extension Bug as Actively Exploited

CVE-2026-45247, an unsafe deserialization flaw in Mirasvit Cache Warmer, lands in KEV after in-the-wild abuse against Magento storefronts.

2 min
Vulnerabilities

CISA Adds Two-Year-Old Oracle WebLogic Flaw to KEV, Gives Feds Four Days to Patch

CVE-2024-21182 sat quietly at CVSS 7.3 for two years before threat actors noticed the unpatched stragglers. Now federal agencies have until Thursday.

2 min
Vulnerabilities

CISA Flags Oracle WebLogic Bug CVE-2024-21182 as Actively Exploited

A two-year-old T3/IIOP flaw in WebLogic Server is back in the spotlight after CISA added it to the KEV catalog. Federal agencies have three weeks to patch.

2 min
Vulnerabilities

CVE-2026-0257: Palo Alto GlobalProtect Authentication Bypass Hit in the Wild Within Days of Disclosure

A credential-less VPN session forgery flaw in PAN-OS moved from 'medium severity, no known exploitation' to CISA's KEV catalog in sixteen days. Federal agencies had 72 hours to patch.

2 min
Vulnerabilities

Microsoft Rushes Fixes for Two Actively Exploited Defender Zero-Days as CISA Adds Both to KEV

A disgruntled researcher's GitHub exploits may be behind attacks on the Malware Protection Engine and Antimalware Platform — but Microsoft isn't saying so.

2 min
Vulnerabilities

Unpatched Flaws Now Outpace Stolen Credentials as the Leading Breach Entry Point

Verizon's 2025 DBIR puts vulnerability exploitation at 31% of breach root causes. Median patch time has climbed to 43 days, and only 26% of CISA KEVs were fully remediated — a gap attackers are sprinting through.

4 min
Vulnerabilities

CISA Flags Exploited Drupal SQL Injection Flaw. Drupal Won't Say Who Got Hit.

CVE-2026-9082 is in the Known Exploited Vulnerabilities catalog. The advisory mentions active exploitation. It does not mention victims, telemetry, or how anyone found out.

2 min
© 2026 Threat Vectr