All CosmicBytez Labs articles tagged #CISA KEV, across news, security advisories, how-to guides, and projects.
Oracle WebLogic Server contains an unspecified vulnerability allowing unauthenticated attackers network access via T3 and IIOP protocols, potentially exposing all server data. CISA added this to its KEV catalog on June 1, 2026.
CISA adds CVE-2026-8398 to KEV — a high-severity embedded malicious-code flaw in Daemon Tools Lite impacting confidentiality, integrity, and availability.
CISA adds CVE-2026-48027 to KEV after a malicious Nx Console VS Code extension was found harvesting credentials from disk and memory via obfuscation.
CISA adds CVE-2025-34291 to the Known Exploited Vulnerabilities catalog — an overly permissive CORS configuration combined with a SameSite=None refresh...
A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager allows an unauthenticated remote attacker to bypass...
A Linux Kernel vulnerability involving incorrect resource transfer between spheres has been added to CISA's Known Exploited Vulnerabilities catalog,...
WebPros cPanel, WHM, and WP2 (WordPress Squared) contain a critical authentication bypass in the login flow, allowing unauthenticated remote attackers to...
CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — CVE-2024-1708 affecting ConnectWise ScreenConnect...
ConnectWise ScreenConnect contains a path traversal vulnerability (CVE-2024-1708) that allows attackers to execute remote code or directly access...
A command injection flaw in end-of-life D-Link DIR-823X routers allows authenticated remote attackers to execute arbitrary OS commands. CISA has added...
A critical pre-authorization remote code execution vulnerability in Marimo, the open-source reactive Python notebook, allows unauthenticated attackers to...
Kentico Xperience contains a path traversal vulnerability allowing an authenticated user's Staging Sync Server to upload arbitrary data to relative path...
Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...
Cisco Catalyst SD-WAN Manager contains a privileged API misuse vulnerability that allows an attacker to upload a malicious file to the local file system...
CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ's Jolokia management API, is being actively exploited in the wild. CISA has added...
CISA has added a high-severity Apache ActiveMQ vulnerability to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the...
A Qualys analysis of over one billion CISA Known Exploited Vulnerabilities remediation records shows that most critical flaws are being actively exploited...
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the Android File Transfer module allowing unauthenticated remote code...
TrueConf Client fails to verify the integrity of downloaded update payloads, allowing an attacker who can influence the update delivery path to substitute...
The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...
A critical unauthenticated RCE vulnerability in F5 BIG-IP APM is being actively exploited in the wild. Malicious traffic targeting access policy virtual...
The European Commission confirms a 350 GB AWS breach; the DarkSword iOS exploit chain goes public on GitHub threatening hundreds of millions of iPhones;...
CISA orders federal agencies to patch five actively exploited vulnerabilities by April 3, including three Apple flaws linked to the DarkSword iOS exploit...
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability allowing a malicious app to cause unexpected changes in...
A critical code injection vulnerability in Laravel Livewire v3 allows unauthenticated remote attackers to execute arbitrary commands. Over 130,000...
A critical code injection vulnerability in Craft CMS allows unauthenticated remote attackers to execute arbitrary code on affected servers. Added to...
CISA added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog on March 16, warning that the medium-severity path disclosure flaw is being...
CISA has added CVE-2025-47813, a medium-severity information disclosure flaw in Wing FTP Server, to its KEV catalog after confirming active exploitation...
CISA added CVE-2025-68613 — a CVSS 9.9 remote code execution flaw in n8n's workflow expression evaluator — to its Known Exploited Vulnerabilities catalog...
CISA mandated all federal civilian agencies patch CVE-2025-68613, a CVSS 9.9 remote code execution flaw in the n8n workflow automation platform, after...
CISA adds CVE-2025-68613 to the Known Exploited Vulnerabilities catalog — a CVSS 9.9 flaw in n8n's workflow expression evaluation system that enables...
An actively exploited protection mechanism failure in the Windows MSHTML (Trident) engine allows attackers to bypass browser security zones and shell...
An actively exploited zero-day in Microsoft Word allows attackers to bypass OLE protections and execute malicious Office documents silently, without...
A high-severity OS command injection vulnerability in Soliton Systems FileZen secure file transfer appliances is being actively exploited. Authenticated...
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access is under active exploitation,...
A critical pre-authentication OS command injection vulnerability in BeyondTrust Remote Support and Privileged Remote Access with CVSS 9.9 is being...
An actively exploited zero-day in Cisco Unified Communications allows unauthenticated remote code execution with root privileges via crafted HTTP...
Critical deserialization vulnerability in SolarWinds Web Help Desk enables unauthenticated remote code execution. CISA confirms active exploitation.