CISA Known Exploited Vulnerabilities
The CISA Known Exploited Vulnerabilities (KEV) catalog is the authoritative list of CVEs confirmed to be exploited in the wild. Under Binding Operational Directive 22-01, US federal civilian agencies must remediate each entry by its due date, which makes KEV additions the strongest patch-now signal in vulnerability management. CSIRTS.com flags every advisory that references a KEV-listed CVE as exploited.
CSIRTS.com ingests CISA Known Exploited Vulnerabilities every 3 hours, normalizes each advisory into a common schema and cross-references every CVE against the CISA KEV catalog and public exploit datasets. Publishes catalog additions with required remediation dates. Also available via RSS, JSON API and the MCP server.
Latest from CISA Known Exploited Vulnerabilities
CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability
CVE-2026-55255: Langflow Authorization Bypass Through User-Controlled Key Vulnerability
CVE-2026-48908: JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-48282: Adobe ColdFusion Path Traversal Vulnerability
CVE-2026-45659: Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
CVE-2026-48558: SimpleHelp Authentication Bypass Vulnerability
CVE-2026-12569: PTC Windchill and FlexPLM Improper Input Validation Vulnerability
CVE-2026-20230: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-67038: Lantronix EDS5000 Code Injection Vulnerability
CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability
CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability
CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability
CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability
CVE-2026-48907: Widget Factory Joomla Content Editor Improper Access Control Vulnerability
CVE-2026-20262: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
CVE-2026-54420: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
CVE-2026-35273: Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
CVE-2026-10520: Ivanti Sentry OS Command Injection Vulnerability
CVE-2026-11645: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
CVE-2026-7473: Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
CVE-2026-20245: Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
CVE-2026-50751: Check Point Security Gateway Improper Authentication Vulnerability
CVE-2026-42271: BerriAI LiteLLM Command Injection Vulnerability
Browse all 1,637 advisories from CISA Known Exploited Vulnerabilities →