All CosmicBytez Labs articles tagged #KEV, across news, security advisories, how-to guides, and projects.
CISA added two critical Fortinet FortiSandbox OS command injection vulnerabilities to its KEV catalog and gave federal agencies just three days to patch, as active exploitation continues against the security appliance platform.
CISA has added two maximum-severity flaws in iCagenda and Balbooa Forms Joomla extensions to its KEV catalog following confirmed zero-day exploitation in the wild. Administrators should patch or mitigate immediately.
CISA added CVE-2026-55255, a CVSS 9.9 IDOR authorization bypass in Langflow, to its Known Exploited Vulnerabilities catalog on July 7, ordering U.S....
CISA has added a Cisco Unified Communications Manager Server vulnerability to its Known Exploited Vulnerabilities catalog and ordered federal agencies to...
CISA has added CVE-2026-12569, a critical remote code execution vulnerability in PTC Windchill PDMlink and FlexPLM, to its Known Exploited Vulnerabilities...
DragonForce hides C2 inside Microsoft Teams relay traffic; a SearchLeak attack weaponizes M365 Copilot for one-click data exfiltration; iRhythm confirms...
CISA has added CVE-2026-54420, an actively exploited vulnerability in the LiteSpeed cPanel user-end plugin, to its Known Exploited Vulnerabilities catalog...
CISA ordered federal agencies to patch a critical Check Point Remote Access VPN flaw within 3 days after Qilin ransomware affiliates were confirmed...
CISA added a high-severity SolarWinds Serv-U flaw to its KEV catalog after confirming attackers are actively exploiting it to crash file transfer servers.
CISA has added a critical remote code execution vulnerability in the Mirasvit Cache Warmer Magento extension to its Known Exploited Vulnerabilities catalog…
CISA's emergency directive gives federal agencies four days to patch the actively exploited LiteSpeed cPanel plugin flaw being weaponized in the wild.
CISA has added CVE-2026-9082, a SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities catalog following confirmed in-the-wild...
CISA has added a high-severity Ivanti Endpoint Manager Mobile vulnerability to the Known Exploited Vulnerabilities catalog and issued an emergency...
The U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2026-31431, a Linux kernel privilege escalation flaw enabling root access, to its...
CISA has added four actively exploited vulnerabilities affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers to its Known...
CISA has added CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in the Langflow AI framework, to its Known Exploited...
CISA has added CVE-2025-53521, a critical vulnerability in F5 BIG-IP Access Policy Manager, to its Known Exploited Vulnerabilities catalog after...
CISA added actively exploited Zimbra Collaboration Suite and Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerabilities catalog on March...
CISA has added two Roundcube Webmail vulnerabilities to the Known Exploited Vulnerabilities catalog — CVE-2025-49113 (CVSS 9.9, deserialization RCE) and...
CISA has updated the Known Exploited Vulnerabilities catalog with four actively exploited flaws including Microsoft Office and SmarterMail vulnerabilities.