CyberNetsecIO16h ago

πŸ“° CISA KEV Alert: Actively Exploited Flaws in Langflow AI Framework and Trivy Scanner

πŸ“’ CISA KEV UPDATE: Two flaws now under active exploitation! A critical RCE in Langflow AI framework (CVE-2026-33017) and a supply-chain attack via Trivy scanner (CVE-2026-33634). Patch now! ⚠️ #KEV #CyberSecurity #RCE

πŸ”— https://cyber.netsecops.io/articles/cisa-adds-exploited-trivy-and-langflow-flaws-to-kev-catalog/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

CISA KEV Alert: Actively Exploited Flaws in Langflow AI Framework and Trivy Scanner

CISA adds two actively exploited vulnerabilities to its KEV catalog: a critical RCE in the Langflow AI framework (CVE-2026-33017) and a malicious code injection in the Trivy scanner (CVE-2026-33634).

CyberNetSec.io
TechNadu23h ago

CISA adds CVE-2026-33634 (Trivy) to KEV - active exploitation confirmed.

If it’s in KEV, it’s already a threat.

Source: https://www.cisa.gov/news-events/alerts/2026/03/26/cisa-adds-one-known-exploited-vulnerability-catalog

πŸ’¬ Is KEV your top patch priority?
πŸ”” Follow TechNadu

#InfoSec #KEV #CyberSecurity

Tod Beardsley4d ago

So are we going to get #ICE goons to help out with #CISA too?

I’m sure they’d be just as great at the #KEV

CyberNetsecIO4d ago

πŸ“° CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS

πŸ“’ CISA KEV UPDATE: Actively exploited flaws in Apple visionOS (CVE-2026-28217), Laravel (CVE-2024-4671), & Craft CMS (CVE-2026-25487) added to catalog. Federal agencies must patch by April 12. All orgs urged to patch NOW! ⚠️ #KEV #CISA

πŸ”— https://cyber.netsecops.io/articles/cisa-adds-apple-laravel-craft-cms-flaws-to-kev-catalog/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS

CISA adds three actively exploited vulnerabilities (CVE-2026-28217, CVE-2024-4671, CVE-2026-25487) affecting Apple, Laravel, and Craft CMS to its KEV catalog. Learn more and patch now.

CyberNetSec.io
Alexandre DulaunoyMar 20

gcve-eu-kev updated β€” a CISA KEV and ENISA CNW/EUVD to GCVE BCP-07 converter.

It now also includes a generic RSS/Atom exporter for any GCVE KEV BCP-07 feed.

@gcve

#cybersecurity #gcve #kev #cve #vulnerability #vulnerabilitymanagement

πŸ”— https://github.com/gcve-eu/gcve-eu-kev
πŸ”— https://gcve.eu/bcp/gcve-bcp-07/

GitHub - gcve-eu/gcve-eu-kev: CISA/ENISA KEV to GCVE BCP-07 Converter.

CISA/ENISA KEV to GCVE BCP-07 Converter. Contribute to gcve-eu/gcve-eu-kev development by creating an account on GitHub.

GitHub
Dad Wood  πŸ‡ͺπŸ‡ΊMar 20
Freitagabend. Eisstadionzeit. #DEL2 #EVL #KEV #Playoffs #Hockey
thecybermindMar 11

CISA flips the switch: Ivanti EPM (CVE-2026-1603) is under active exploit. A low-complexity XSS allows total authentication bypass with zero user interaction. If your EPM is internet-facing, the "Master Key" is compromised. Get the Strategic Arsenal now. #CyberSecurity #Ivanti #KEV

https://thecybermind.co/2026/03/11/deconstructing-ivanti-epm-authentication-bypass/?utm_source=mastodon&utm_medium=jetpack_social

Deconstructing Ivanti EPM Authentication Bypass: Shocking Fallout 2026

See how we deal with deconstructing Ivanti EPM Authentication Bypass Fallout 2026. Read about the horrific Breach and Fallout here with TheCyberMindβ„’

The Cyber Mind
TechNaduMar 10

CISA added 3 exploited vulnerabilities to the KEV catalog:
β€’ Omnissa Workspace ONE – SSRF
β€’ SolarWinds Web Help Desk – Deserialization flaw
β€’ Ivanti Endpoint Manager – Auth bypass
KEV flaws remain top attack vectors.

Source: https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog

Follow TechNadu for infosec updates.

#Infosec #KEV #CyberSecurity

Patrick CoyleMar 6
CISA Adds Hikvision Vulnerability KEV Catalog -3-5-26 – Improper authentication vulnerability reported in 2017 – https://tinyurl.com/3wk8bypy #KEV
CISA Adds Hikvision Vulnerability KEV Catalog -3-5-26

Yesterday CISA announced that it had added an improper authentication vulnerability in multiple Hikvision IP cameras to the CISA Known Explo...

Patrick CoyleMar 6
CISA Adds Rockwell Vulnerability to KEV Catalog – 3-5-26 – Insufficiently protected credentials vulnerability from 2021 – https://tinyurl.com/2jydv2r4 #CISA #KEV
CISA Adds Rockwell Vulnerability to KEV Catalog – 3-5-26

Today, CISA announced that it had added an insufficiently protected credentials vulnerability in multiple Rockwell Automation products to C...