CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Actively Exploited Vulnerabilities

Every advisory below covers a vulnerability with exploitation observed in the wild, cross-referenced against the CISA Known Exploited Vulnerabilities (KEV) catalog and refreshed every 3 hours. If your patch queue is long, start here: KEV listing means real attacks are happening now, and US federal agencies are required to remediate these under BOD 22-01.

1,706 exploited-vulnerability advisories · page 3 / 35

CVE-2024-57728: SimpleHelp Path Traversal Vulnerability

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server us

criticalexploitedCVE-2024-57728cisa-kev2026-04-24

CVE-2026-5281: Google Dawn Use-After-Free Vulnerability

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Goog

criticalexploitedCVE-2026-5281cisa-kev2026-04-01

CVE-2026-20131: Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitr

criticalexploitedCVE-2026-20131cisa-kev2026-03-19
← NewerOlder →