Government ❯ Cybersecurity ❯ CISA

Vulnerability Management

Known Exploited Vulnerabilities Federal Agencies Federal Directives Public Safety CVE-2025-58360 Federal Agency Compliance Incident Response Binding Operational Directive 22-01 Known Exploited Vulnerabilities Catalog

CISA Adds ActiveMQ Remote Code Execution Flaw to KEV, Sets April 30 Patch Deadline

The bug lets a crafted Jolokia call pull a remote Spring XML that executes commands on the broker.

Google Rushes Chrome 146 Update to Fix WebGPU Zero-Day Exploited in the Wild

CISA Adds Actively Exploited Langflow RCE to KEV, Sets April 8 Deadline

CISA Flags SharePoint, Zimbra Flaws as Actively Exploited, Sets Rapid Federal Patching Deadlines

CISA Puts Actively Exploited n8n RCE on KEV, Orders Federal Patching by March 25

CISA Flags SmarterMail RCE as Ransomware Target, Sets Feb. 26 Patch Deadline

CISA Forces Three-Day Patch for Actively Exploited SolarWinds Web Help Desk Flaw

Ivanti EPMM Zero-Day RCE Flaws Exploited as CISA Orders Rapid Mitigation

CISA Adds HPE OneView, Microsoft Office Flaws to Exploited Vulnerabilities List

Apple, Google Rush Patches as CISA Flags WebKit Zero‑Day Exploits

React2Shell Attacks Intensify as React Issues Second Round of Emergency Patches

CISA Adds Actively Exploited GeoServer XXE to KEV, Orders Federal Patching

CISA Adds Gladinet and CWP Flaws to KEV, Setting Nov. 25 Federal Remediation Deadline

CISA Adds VMware Aria Operations/Tools Flaw to KEV, Sets Nov. 20 Patch Deadline for Feds

CISA Adds Motex Lanscope RCE Flaw to KEV, Citing Active Exploitation

CISA Adds Actively Exploited Adobe AEM Forms Flaw to KEV Catalog

CISA Adds Actively Exploited DELMIA Apriso Flaw to KEV With Oct. 2 Fix Deadline

CISA Adds Actively Exploited TP-Link and WhatsApp Flaws to KEV, Sets September Deadlines

CISA Adds Three D-Link Router Flaws to Known Exploited Vulnerabilities Catalog

Microsoft Urges Immediate Patching of Critical Windows Vulnerabilities