#CISA KEV
15 stories taggedCISA KEV.

CISA Flags SharePoint Deserialization Bug CVE-2026-45659 as Actively Exploited
The RCE flaw joins KEV with a three-week federal patch deadline. Attribution details remain thin.

Active Exploitation Hits PTC Windchill as Attackers Drop Web Shells on PLM Systems
A critical deserialization flaw in software used by Boeing, Lockheed Martin, and BMW is drawing threat actors toward some of the most sensitive intellectual property in global manufacturing.

PTC Windchill RCE Lands on CISA's KEV After Web Shells Show Up in the Wild
A pre-auth code execution bug in PTC's PLM stack is being actively exploited. If you run Windchill or FlexPLM, the patch clock started a while ago.

CISA Flags Active Exploitation of Lantronix EDS5000 Code Injection Bug
CVE-2025-67038 carries a 9.8 CVSS. Federal agencies have until June 26, 2026 to patch — but if it's already being hit in the wild, that runway looks generous.

CISA Flags Joomla Content Editor Bug as Actively Exploited; CVSS 10.0
CVE-2026-48907 in Widget Factory's JCE extension hands attackers arbitrary file actions on unpatched Joomla sites. Federal agencies get the standard three weeks.

CISA Adds LiteSpeed cPanel Plugin Bug to KEV After In-the-Wild Exploitation
CVE-2026-54420 (CVSS 8.5) lets attackers escalate to root on hosts running the LiteSpeed cPanel plugin. Federal agencies have until June 18, 2026 to patch.

LiteLLM Command Injection Hits CISA KEV as Attackers Chain to RCE
CVE-2026-42271 lets any authenticated user run shell commands on the LiteLLM proxy. CISA says it's already being exploited.

CISA Flags SolarWinds Serv-U DoS Bug as Actively Exploited
CVE-2026-28318 crashes the file transfer service. Federal agencies get the usual three-week patch window.

CISA Flags Magento Cache Extension Bug as Actively Exploited
CVE-2026-45247, an unsafe deserialization flaw in Mirasvit Cache Warmer, lands in KEV after in-the-wild abuse against Magento storefronts.

CISA Adds Two-Year-Old Oracle WebLogic Flaw to KEV, Gives Feds Four Days to Patch
CVE-2024-21182 sat quietly at CVSS 7.3 for two years before threat actors noticed the unpatched stragglers. Now federal agencies have until Thursday.

CISA Flags Oracle WebLogic Bug CVE-2024-21182 as Actively Exploited
A two-year-old T3/IIOP flaw in WebLogic Server is back in the spotlight after CISA added it to the KEV catalog. Federal agencies have three weeks to patch.

CVE-2026-0257: Palo Alto GlobalProtect Authentication Bypass Hit in the Wild Within Days of Disclosure
A credential-less VPN session forgery flaw in PAN-OS moved from 'medium severity, no known exploitation' to CISA's KEV catalog in sixteen days. Federal agencies had 72 hours to patch.

Microsoft Rushes Fixes for Two Actively Exploited Defender Zero-Days as CISA Adds Both to KEV
A disgruntled researcher's GitHub exploits may be behind attacks on the Malware Protection Engine and Antimalware Platform — but Microsoft isn't saying so.

Unpatched Flaws Now Outpace Stolen Credentials as the Leading Breach Entry Point
Verizon's 2025 DBIR puts vulnerability exploitation at 31% of breach root causes. Median patch time has climbed to 43 days, and only 26% of CISA KEVs were fully remediated — a gap attackers are sprinting through.

CISA Flags Exploited Drupal SQL Injection Flaw. Drupal Won't Say Who Got Hit.
CVE-2026-9082 is in the Known Exploited Vulnerabilities catalog. The advisory mentions active exploitation. It does not mention victims, telemetry, or how anyone found out.