CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Actively Exploited Vulnerabilities

Every advisory below covers a vulnerability with exploitation observed in the wild, cross-referenced against the CISA Known Exploited Vulnerabilities (KEV) catalog and refreshed every 3 hours. If your patch queue is long, start here: KEV listing means real attacks are happening now, and US federal agencies are required to remediate these under BOD 22-01.

1,706 exploited-vulnerability advisories · page 2 / 35

Dirty Frag and other issues in Amazon Linux kernels

Bulletin ID: 2026-027-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/07 19:45 PM PDT Description: Amazon is aware of a class of issues in the Linux kernel related to the original issue (CVE-2026-31431). The issues commonly referred to as "Di

unknownexploitedCVE-2026-31431aws2026-06-05

CVE-2025-66478: RCE in React Server Components

Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST Description: AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight protocol in React versions 19.0, 19.1, and 19.2, as

unknownexploitedCVE-2025-66478CVE-2025-55182aws2026-06-05

CVE-2026-31431

Bulletin ID: 2026-026-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/05/06 17:30 PM PDT Description: Amazon is aware of an issue in the Linux kernel (CVE-2026-31431) that could potentially allow an authenticated local user to escalate privilege

unknownexploitedCVE-2026-31431aws2026-06-05

Linux Kernel Vulnerability copy.fail - CVE-2026-31431

CVSSv3 Score: 7.8 CVE-2026-31431In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-pla

unknownexploitedCVE-2026-31431fortinet2026-05-13

CVE-2024-57728: SimpleHelp Path Traversal Vulnerability

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server us

criticalexploitedCVE-2024-57728cisa-kev2026-04-24
← NewerOlder →