Cisa Kev
The latest Cisa Kev coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2026-42897: Critical Exchange OWA XSS Vulnerability Added to CISA KEV Catalog — Patch Now
CISA has escalated the urgency around a cross-site scripting (XSS) flaw in Microsoft Exchange Server’s Outlook Web Access (OWA) by adding CVE-2026-42897 to its Known Exploited Vulnerabilities (KEV)...
Cisco SD-WAN 0-Day Exploited: Patch Critical CVE-2026-20182 Now
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical authentication bypass flaw in Cisco’s Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV)...
CISA Adds Critical LiteLLM SQL Injection Flaw (CVE-2026-42208) to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency on May 8, 2026, added a critical SQL injection vulnerability in BerriAI’s LiteLLM AI proxy to its Known Exploited Vulnerabilities Catalog....
CISA Flags PAN-OS Root RCE Flaw CVE-2026-0300 in User-ID Portal as Actively Exploited
Palo Alto Networks firewall administrators face an urgent patching deadline after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability in PAN-OS, tracked as...
CISA Adds Actively Exploited Linux "Copy Fail" Kernel Bug to KEV Catalog
{ "title": "CISA KEV: Linux “Copy Fail” CVE-2026-31431 Turns Kernel Bug Into Patch Deadline", "content": "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added...
CISA Flags Critical cPanel & WHM Authentication Bypass (CVE-2026-41940) as Actively Exploited – Patches Urged
Federal cybersecurity authorities have added a severe missing-authentication vulnerability in WebPros’ widely used cPanel & WHM hosting control panel to the Known Exploited Vulnerabilities...
CISA Warns of Active Exploitation in Critical Marimo RCE Vulnerability
CISA’s April 23, 2026 update to its Known Exploited Vulnerabilities Catalog is a reminder that the most dangerous security problems are often the ones attackers have already operationalized. This...
CISA Adds Critical Apache ActiveMQ Vulnerability to KEV Catalog: CVE-2026-34197 Actively Exploited
The Cybersecurity and Infrastructure Security Agency added CVE-2026-34197 to its Known Exploited Vulnerabilities Catalog on April 16, 2026, signaling active exploitation of this Apache ActiveMQ...
CISA Adds 7 Actively Exploited Vulnerabilities to KEV Catalog: Microsoft Exchange, Adobe, Fortinet Flaws Targeted
The Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog on April 13, 2026, adding seven critical vulnerabilities that are currently being...
CVE-2026-1340 in Ivanti EPMM Under Active Attack: Patch Critical Flaw Now
The Cybersecurity and Infrastructure Security Agency has added CVE-2026-1340 affecting Ivanti Endpoint Manager Mobile to its Known Exploited Vulnerabilities catalog. This designation confirms active...
CVE-2026-35616 patched now as CISA confirms active FortiClient EMS attacks
CISA has added Fortinet FortiClient EMS vulnerability CVE-2026-35616 to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The agency's binding operational...
CISA Adds TrueConf Client Vulnerability CVE-2026-3502 to KEV Catalog: Patch Immediately
The Cybersecurity and Infrastructure Security Agency has added CVE-2026-3502 to its Known Exploited Vulnerabilities catalog, marking another critical software vulnerability that requires immediate...