Government ❯ Cybersecurity Policy ❯ CISA

Vulnerability Management

Binding Operational Directive 22-01 Known Exploited Vulnerabilities Binding Operational Directive Federal Directives Federal Agencies Compliance Federal Agencies

CISA Adds Wing FTP Server Flaw to KEV, Orders Federal Fix by March 30

The listing elevates urgency due to public exploit code plus prior abuse of a related RCE.

CISA Puts Actively Exploited n8n RCE on KEV, Orders Federal Patching by March 25

Ivanti EPMM Zero-Day RCE Flaws Exploited as CISA Orders Rapid Mitigation

CISA Puts Actively Exploited Gogs RCE on KEV, Orders Federal Fix by Feb. 2

CISA Adds Oracle Identity Manager RCE to KEV, Citing Active Exploitation and Setting Dec. 12 Deadline

CISA Orders 7-Day Fix for New FortiWeb Zero-Day Exploited in the Wild

CISA Adds VMware Aria Operations/Tools Flaw to KEV, Sets Nov. 20 Patch Deadline for Feds

CISA Adds Two Actively Exploited DELMIA Apriso Flaws to KEV

CISA Adds Actively Exploited Adobe AEM Forms Flaw to KEV Catalog

CISA Adds Exploited Git and Citrix Flaws to KEV, Orders Fixes by Sept. 15