Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
56 articles

#CISA KEV

All CosmicBytez Labs articles tagged #CISA KEV, across news, security advisories, how-to guides, and projects.

  • SecurityJul 15, 2026

    CVE-2023-4346: KNX Protocol Connection Authorization Option 1 Account Lockout Vulnerability

    A vulnerability in KNX Association KNX Protocol Connection Authorization Option 1 allows an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device. CISA added this flaw to the Known Exploited Vulnerabilities catalog on July 15, 2026.

  • NewsJul 14, 2026

    SonicWall Warns of SMA1000 Flaws Exploited in Zero-Day Attacks, Patch Now

    SonicWall has issued an urgent advisory warning that two vulnerabilities in its SMA 1000 series secure remote access appliances are being actively exploited in chained zero-day attacks. CVE-2026-15409 (SSRF, CVSS 10.0) and CVE-2026-15410 (OS command injection) are combined to achieve full remote compromise. Patches are available; CISA has set a July 17 federal deadline.

  • SecurityJul 14, 2026

    CVE-2026-56155: Microsoft AD FS Access Control Flaw Enables Golden SAML Attacks

    Microsoft's July 2026 Patch Tuesday fixes CVE-2026-56155, an actively exploited privilege escalation flaw in Active Directory Federation Services. Attackers exploit overly permissive ACLs on the DKM container to forge SAML tokens and compromise hybrid identity infrastructure. CISA added it to KEV with a July 28 federal deadline.

  • NewsJul 13, 2026

    CISA Warns of Actively Exploited RCE Flaws in Joomla Extensions

    CISA has added two Joomla extension vulnerabilities to its KEV catalog after attackers began exploiting arbitrary file upload flaws in iCagenda and Balbooa Forms to achieve remote code execution on vulnerable websites.

  • SecurityJul 13, 2026

    CVE-2008-4128: Cisco IOS Cross-Site Request Forgery Vulnerability

    Cisco IOS 12.4 contains multiple CSRF vulnerabilities that allow remote attackers to execute arbitrary commands. The flaw has been added to the CISA Known Exploited Vulnerabilities catalog, signaling active exploitation.

  • SecurityJul 11, 2026

    CVE-2026-48939: iCagenda Unrestricted File Upload Allows PHP Code Execution

    A critical unrestricted file upload vulnerability in the iCagenda Joomla event calendar plugin allows unauthenticated attackers to upload arbitrary PHP...

  • NewsJul 10, 2026

    Zimbra Urges Customers to Patch Critical Web Client XSS Flaw Exploited in the Wild

    CVE-2025-27915, a stored XSS vulnerability in Zimbra's Classic Web Client, was exploited as a zero-day before public disclosure. Attackers used malicious...

  • SecurityJul 10, 2026

    CVE-2026-56291: Balbooa Forms Unrestricted File Upload Enables Full RCE

    A critical unauthenticated file upload vulnerability in Balbooa Forms for Joomla allows attackers to upload executable files and achieve full remote code...

  • SecurityJul 8, 2026

    CVE-2026-48908: JoomShaper SP Page Builder Unrestricted File Upload RCE

    A critical unrestricted file upload vulnerability in JoomShaper's SP Page Builder allows unauthenticated attackers to upload arbitrary PHP files and...

  • SecurityJul 7, 2026

    CVE-2026-56290: Joomlack Page Builder Unauthenticated File Upload RCE — CISA KEV

    A CVSS 10.0 unauthenticated arbitrary file upload vulnerability in the Joomlack Page Builder CK Joomla extension allows any remote attacker to upload a...

  • NewsJul 2, 2026

    SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

    CISA has added a high-severity Microsoft SharePoint Server remote code execution vulnerability to its Known Exploited Vulnerabilities catalog following...

  • SecurityJun 25, 2026

    CVE-2026-12569: PTC Windchill and FlexPLM Remote Code Execution Vulnerability

    A critical unauthenticated RCE vulnerability in PTC Windchill and FlexPLM (CVSS 9.3) has been added to CISA's Known Exploited Vulnerabilities catalog,...

  • SecurityJun 23, 2026

    CVE-2025-67038: Lantronix EDS5000 OS Command Injection Vulnerability

    A critical OS command injection flaw in the Lantronix EDS5000 serial device server allows unauthenticated attackers to inject arbitrary commands via the...

  • SecurityJun 17, 2026

    CVE-2026-48907: Joomla Content Editor Unauthenticated PHP Upload Flaw

    A maximum-severity improper access control flaw in Widget Factory's Joomla Content Editor allows unauthenticated attackers to upload and execute arbitrary...

  • SecurityJun 15, 2026

    CVE-2026-20262: Cisco Catalyst SD-WAN Manager Path Traversal Vulnerability

    Cisco Catalyst SD-WAN Manager contains a directory path traversal vulnerability allowing an authenticated remote attacker to create or overwrite any file...

  • SecurityJun 9, 2026

    CVE-2026-11645: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

    A critical out-of-bounds read and write vulnerability in the Chromium V8 engine allows remote attackers to execute arbitrary code inside a sandbox via a...

  • SecurityJun 5, 2026

    CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption (DoS)

    SolarWinds Serv-U contains an unauthenticated DoS vulnerability allowing specially crafted POST requests with Content-Encoding: deflate to crash the service…

  • SecurityJun 3, 2026

    CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability

    A Linux kernel vulnerability in the cgroups v1 release_agent feature allows local attackers to escalate privileges and escape containers. Added to CISA KEV…

  • SecurityJun 1, 2026

    CVE-2024-21182: Oracle WebLogic Server Unspecified Vulnerability

    Oracle WebLogic Server contains an unspecified vulnerability allowing unauthenticated attackers network access via T3 and IIOP protocols, potentially exposing…

  • SecurityMay 28, 2026

    CVE-2026-8398: Daemon Tools Lite Embedded Malicious Code Vulnerability

    CISA adds CVE-2026-8398 to KEV — a high-severity embedded malicious-code flaw in Daemon Tools Lite impacting confidentiality, integrity, and availability.

  • SecurityMay 27, 2026

    CVE-2026-48027: Nx Console Embedded Malicious Code — CISA KEV

    CISA adds CVE-2026-48027 to KEV after a malicious Nx Console VS Code extension was found harvesting credentials from disk and memory via obfuscation.

  • SecurityMay 22, 2026

    CVE-2025-34291: Langflow Origin Validation Error

    CISA adds CVE-2025-34291 to the Known Exploited Vulnerabilities catalog — an overly permissive CORS configuration combined with a SameSite=None refresh...

  • SecurityMay 14, 2026

    CVE-2026-20182: Cisco Catalyst SD-WAN Controller

    A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager allows an unauthenticated remote attacker to bypass...

  • SecurityMay 1, 2026

    CVE-2026-31431: Linux Kernel Privilege Escalation via Incorrect Resource Transfer

    A Linux Kernel vulnerability involving incorrect resource transfer between spheres has been added to CISA's Known Exploited Vulnerabilities catalog,...

  • SecurityApr 30, 2026

    CVE-2026-41940: WebPros cPanel & WHM and WP2 Missing

    WebPros cPanel, WHM, and WP2 (WordPress Squared) contain a critical authentication bypass in the login flow, allowing unauthenticated remote attackers to...

  • NewsApr 29, 2026

    CISA Adds Actively Exploited ConnectWise and Windows Flaws

    CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — CVE-2024-1708 affecting ConnectWise ScreenConnect...

  • SecurityApr 29, 2026

    CVE-2024-1708: ConnectWise ScreenConnect Path Traversal

    ConnectWise ScreenConnect contains a path traversal vulnerability (CVE-2024-1708) that allows attackers to execute remote code or directly access...

  • SecurityApr 25, 2026

    CVE-2025-29635: D-Link DIR-823X Command Injection

    A command injection flaw in end-of-life D-Link DIR-823X routers allows authenticated remote attackers to execute arbitrary OS commands. CISA has added...

  • SecurityApr 23, 2026

    CVE-2026-39987: Marimo Pre-Auth Remote Code Execution

    A critical pre-authorization remote code execution vulnerability in Marimo, the open-source reactive Python notebook, allows unauthenticated attackers to...

  • SecurityApr 21, 2026

    CVE-2025-2749: Kentico Xperience Path Traversal

    Kentico Xperience contains a path traversal vulnerability allowing an authenticated user's Staging Sync Server to upload arbitrary data to relative path...

  • NewsletterApr 21, 2026

    Apr 21 Digest: Vercel AI Tool Breach, DPRK $290M, ActiveMQ

    Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...

  • SecurityApr 20, 2026

    CVE-2026-20122: Cisco Catalyst SD-WAN Manager Incorrect Use

    Cisco Catalyst SD-WAN Manager contains a privileged API misuse vulnerability that allows an attacker to upload a malicious file to the local file system...

  • NewsApr 18, 2026

    Recent Apache ActiveMQ Vulnerability Exploited in the Wild

    CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ's Jolokia management API, is being actively exploited in the wild. CISA has added...

  • NewsApr 17, 2026

    CISA Flags Apache ActiveMQ Flaw as Actively Exploited in Attacks

    CISA has added a high-severity Apache ActiveMQ vulnerability to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the...

  • NewsApr 10, 2026

    1 Billion CISA KEV Records Reveal Human-Scale Security Has

    A Qualys analysis of over one billion CISA Known Exploited Vulnerabilities remediation records shows that most critical flaws are being actively exploited...

  • SecurityApr 8, 2026

    CVE-2026-1340: Ivanti EPMM Code Injection Vulnerability

    Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the Android File Transfer module allowing unauthenticated remote code...

  • SecurityApr 2, 2026

    CVE-2026-3502: TrueConf Client Update Integrity Bypass

    TrueConf Client fails to verify the integrity of downloaded update payloads, allowing an attacker who can influence the update delivery path to substitute...

  • NewsletterMar 31, 2026

    Mar 31 Digest: Axios npm RAT, Claude Code Source Leaked

    The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...

  • SecurityMar 27, 2026

    CVE-2025-53521: F5 BIG-IP APM Remote Code Execution — CISA

    A critical unauthenticated RCE vulnerability in F5 BIG-IP APM is being actively exploited in the wild. Malicious traffic targeting access policy virtual...

  • NewsletterMar 27, 2026

    Mar 27 Digest: EU Commission AWS Breach, DarkSword iOS

    The European Commission confirms a 350 GB AWS breach; the DarkSword iOS exploit chain goes public on GitHub threatening hundreds of millions of iPhones;...

  • NewsMar 22, 2026

    CISA Adds Apple DarkSword iOS Exploits, Craft CMS, and Laravel Livewire Flaws to KEV Catalog

    CISA orders federal agencies to patch five actively exploited vulnerabilities by April 3, including three Apple flaws linked to the DarkSword iOS exploit...

  • SecurityMar 21, 2026

    CVE-2025-43510: Apple Multiple Products Improper Locking

    Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability allowing a malicious app to cause unexpected changes in...

  • SecurityMar 21, 2026

    CVE-2025-54068: Laravel Livewire Code Injection

    A critical code injection vulnerability in Laravel Livewire v3 allows unauthenticated remote attackers to execute arbitrary commands. Over 130,000...

  • SecurityMar 20, 2026

    CVE-2025-32432: Craft CMS Code Injection Vulnerability

    A critical code injection vulnerability in Craft CMS allows unauthenticated remote attackers to execute arbitrary code on affected servers. Added to...

  • NewsMar 16, 2026

    CISA Adds Wing FTP Server Flaw to KEV as RCE Chain Exploits

    CISA added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog on March 16, warning that the medium-severity path disclosure flaw is being...

  • SecurityMar 16, 2026

    CVE-2025-47813: Wing FTP Server Path Disclosure Enables RCE

    CISA has added CVE-2025-47813, a medium-severity information disclosure flaw in Wing FTP Server, to its KEV catalog after confirming active exploitation...

  • NewsMar 12, 2026

    CISA Flags Actively Exploited n8n RCE Bug as 24,700

    CISA added CVE-2025-68613 — a CVSS 9.9 remote code execution flaw in n8n's workflow expression evaluator — to its Known Exploited Vulnerabilities catalog...

  • NewsMar 12, 2026

    CISA Orders Federal Agencies to Patch n8n RCE Flaw

    CISA mandated all federal civilian agencies patch CVE-2025-68613, a CVSS 9.9 remote code execution flaw in the n8n workflow automation platform, after...

  • SecurityMar 12, 2026

    CVE-2025-68613: n8n Remote Code Execution via Improper

    CISA adds CVE-2025-68613 to the Known Exploited Vulnerabilities catalog — a CVSS 9.9 flaw in n8n's workflow expression evaluation system that enables...

  • SecurityFeb 25, 2026

    Microsoft MSHTML Framework Security Feature Bypass

    An actively exploited protection mechanism failure in the Windows MSHTML (Trident) engine allows attackers to bypass browser security zones and shell...

  • SecurityFeb 25, 2026

    Microsoft Office Word OLE Security Feature Bypass

    An actively exploited zero-day in Microsoft Word allows attackers to bypass OLE protections and execute malicious Office documents silently, without...

  • SecurityFeb 25, 2026

    Soliton FileZen OS Command Injection Under Active

    A high-severity OS command injection vulnerability in Soliton Systems FileZen secure file transfer appliances is being actively exploited. Authenticated...

  • SecurityFeb 20, 2026

    BeyondTrust Remote Support and PRA Critical RCE Under

    A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access is under active exploitation,...

  • SecurityFeb 17, 2026

    BeyondTrust Remote Support Pre-Authentication RCE Under

    A critical pre-authentication OS command injection vulnerability in BeyondTrust Remote Support and Privileged Remote Access with CVSS 9.9 is being...

  • SecurityFeb 17, 2026

    Cisco Unified Communications Zero-Day Exploited for Root RCE

    An actively exploited zero-day in Cisco Unified Communications allows unauthenticated remote code execution with root privileges via crafted HTTP...

  • SecurityFeb 5, 2026

    SolarWinds Web Help Desk RCE Vulnerability Added to CISA KEV

    Critical deserialization vulnerability in SolarWinds Web Help Desk enables unauthenticated remote code execution. CISA confirms active exploitation.