All CosmicBytez Labs articles tagged #CISA KEV, across news, security advisories, how-to guides, and projects.
A vulnerability in KNX Association KNX Protocol Connection Authorization Option 1 allows an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device. CISA added this flaw to the Known Exploited Vulnerabilities catalog on July 15, 2026.
SonicWall has issued an urgent advisory warning that two vulnerabilities in its SMA 1000 series secure remote access appliances are being actively exploited in chained zero-day attacks. CVE-2026-15409 (SSRF, CVSS 10.0) and CVE-2026-15410 (OS command injection) are combined to achieve full remote compromise. Patches are available; CISA has set a July 17 federal deadline.
Microsoft's July 2026 Patch Tuesday fixes CVE-2026-56155, an actively exploited privilege escalation flaw in Active Directory Federation Services. Attackers exploit overly permissive ACLs on the DKM container to forge SAML tokens and compromise hybrid identity infrastructure. CISA added it to KEV with a July 28 federal deadline.
CISA has added two Joomla extension vulnerabilities to its KEV catalog after attackers began exploiting arbitrary file upload flaws in iCagenda and Balbooa Forms to achieve remote code execution on vulnerable websites.
Cisco IOS 12.4 contains multiple CSRF vulnerabilities that allow remote attackers to execute arbitrary commands. The flaw has been added to the CISA Known Exploited Vulnerabilities catalog, signaling active exploitation.
A critical unrestricted file upload vulnerability in the iCagenda Joomla event calendar plugin allows unauthenticated attackers to upload arbitrary PHP...
CVE-2025-27915, a stored XSS vulnerability in Zimbra's Classic Web Client, was exploited as a zero-day before public disclosure. Attackers used malicious...
A critical unauthenticated file upload vulnerability in Balbooa Forms for Joomla allows attackers to upload executable files and achieve full remote code...
A critical unrestricted file upload vulnerability in JoomShaper's SP Page Builder allows unauthenticated attackers to upload arbitrary PHP files and...
A CVSS 10.0 unauthenticated arbitrary file upload vulnerability in the Joomlack Page Builder CK Joomla extension allows any remote attacker to upload a...
CISA has added a high-severity Microsoft SharePoint Server remote code execution vulnerability to its Known Exploited Vulnerabilities catalog following...
A critical unauthenticated RCE vulnerability in PTC Windchill and FlexPLM (CVSS 9.3) has been added to CISA's Known Exploited Vulnerabilities catalog,...
A critical OS command injection flaw in the Lantronix EDS5000 serial device server allows unauthenticated attackers to inject arbitrary commands via the...
A maximum-severity improper access control flaw in Widget Factory's Joomla Content Editor allows unauthenticated attackers to upload and execute arbitrary...
Cisco Catalyst SD-WAN Manager contains a directory path traversal vulnerability allowing an authenticated remote attacker to create or overwrite any file...
A critical out-of-bounds read and write vulnerability in the Chromium V8 engine allows remote attackers to execute arbitrary code inside a sandbox via a...
SolarWinds Serv-U contains an unauthenticated DoS vulnerability allowing specially crafted POST requests with Content-Encoding: deflate to crash the service…
A Linux kernel vulnerability in the cgroups v1 release_agent feature allows local attackers to escalate privileges and escape containers. Added to CISA KEV…
Oracle WebLogic Server contains an unspecified vulnerability allowing unauthenticated attackers network access via T3 and IIOP protocols, potentially exposing…
CISA adds CVE-2026-8398 to KEV — a high-severity embedded malicious-code flaw in Daemon Tools Lite impacting confidentiality, integrity, and availability.
CISA adds CVE-2026-48027 to KEV after a malicious Nx Console VS Code extension was found harvesting credentials from disk and memory via obfuscation.
CISA adds CVE-2025-34291 to the Known Exploited Vulnerabilities catalog — an overly permissive CORS configuration combined with a SameSite=None refresh...
A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager allows an unauthenticated remote attacker to bypass...
A Linux Kernel vulnerability involving incorrect resource transfer between spheres has been added to CISA's Known Exploited Vulnerabilities catalog,...
WebPros cPanel, WHM, and WP2 (WordPress Squared) contain a critical authentication bypass in the login flow, allowing unauthenticated remote attackers to...
CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — CVE-2024-1708 affecting ConnectWise ScreenConnect...
ConnectWise ScreenConnect contains a path traversal vulnerability (CVE-2024-1708) that allows attackers to execute remote code or directly access...
A command injection flaw in end-of-life D-Link DIR-823X routers allows authenticated remote attackers to execute arbitrary OS commands. CISA has added...
A critical pre-authorization remote code execution vulnerability in Marimo, the open-source reactive Python notebook, allows unauthenticated attackers to...
Kentico Xperience contains a path traversal vulnerability allowing an authenticated user's Staging Sync Server to upload arbitrary data to relative path...
Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...
Cisco Catalyst SD-WAN Manager contains a privileged API misuse vulnerability that allows an attacker to upload a malicious file to the local file system...
CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ's Jolokia management API, is being actively exploited in the wild. CISA has added...
CISA has added a high-severity Apache ActiveMQ vulnerability to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the...
A Qualys analysis of over one billion CISA Known Exploited Vulnerabilities remediation records shows that most critical flaws are being actively exploited...
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the Android File Transfer module allowing unauthenticated remote code...
TrueConf Client fails to verify the integrity of downloaded update payloads, allowing an attacker who can influence the update delivery path to substitute...
The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...
A critical unauthenticated RCE vulnerability in F5 BIG-IP APM is being actively exploited in the wild. Malicious traffic targeting access policy virtual...
The European Commission confirms a 350 GB AWS breach; the DarkSword iOS exploit chain goes public on GitHub threatening hundreds of millions of iPhones;...
CISA orders federal agencies to patch five actively exploited vulnerabilities by April 3, including three Apple flaws linked to the DarkSword iOS exploit...
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability allowing a malicious app to cause unexpected changes in...
A critical code injection vulnerability in Laravel Livewire v3 allows unauthenticated remote attackers to execute arbitrary commands. Over 130,000...
A critical code injection vulnerability in Craft CMS allows unauthenticated remote attackers to execute arbitrary code on affected servers. Added to...
CISA added CVE-2025-47813 to its Known Exploited Vulnerabilities catalog on March 16, warning that the medium-severity path disclosure flaw is being...
CISA has added CVE-2025-47813, a medium-severity information disclosure flaw in Wing FTP Server, to its KEV catalog after confirming active exploitation...
CISA added CVE-2025-68613 — a CVSS 9.9 remote code execution flaw in n8n's workflow expression evaluator — to its Known Exploited Vulnerabilities catalog...
CISA mandated all federal civilian agencies patch CVE-2025-68613, a CVSS 9.9 remote code execution flaw in the n8n workflow automation platform, after...
CISA adds CVE-2025-68613 to the Known Exploited Vulnerabilities catalog — a CVSS 9.9 flaw in n8n's workflow expression evaluation system that enables...
An actively exploited protection mechanism failure in the Windows MSHTML (Trident) engine allows attackers to bypass browser security zones and shell...
An actively exploited zero-day in Microsoft Word allows attackers to bypass OLE protections and execute malicious Office documents silently, without...
A high-severity OS command injection vulnerability in Soliton Systems FileZen secure file transfer appliances is being actively exploited. Authenticated...
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access is under active exploitation,...
A critical pre-authentication OS command injection vulnerability in BeyondTrust Remote Support and Privileged Remote Access with CVSS 9.9 is being...
An actively exploited zero-day in Cisco Unified Communications allows unauthenticated remote code execution with root privileges via crafted HTTP...
Critical deserialization vulnerability in SolarWinds Web Help Desk enables unauthenticated remote code execution. CISA confirms active exploitation.