CISA KEV Tracker

@cisakevtracker
1,058 Followers
0 Following
425 Posts
🦅Posts new records seen from the CISA.gov Known Exploited Vulnerabilities (KEV) Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
🦅Run by @cityhallin
CISA KEV Tracker1d ago
CVE ID: CVE-2026-3502
Vendor: TrueConf
Product: Client
Date Added: 2026-04-02
Notes: https://trueconf.com/blog/update/trueconf-8-5 ; https://trueconf.com/downloads/windows.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3502
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3502
TrueConf 8.5 for desktops OS: new interface, AI, and advanced messenger — Video Conferencing Blog

Note: we've released TrueConf 8.5.3. Feel free to download the latest update.

Video Conferencing Blog
CISA KEV Tracker2d ago
CVE ID: CVE-2026-5281
Vendor: Google
Product: Dawn
Date Added: 2026-04-01
Notes: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-5281
Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.177/178 for Windows/Mac  and  146.0.7680.177 for Linux, which will roll out over the comin...

Chrome Releases
CISA KEV Tracker4d ago
CVE ID: CVE-2026-3055
Vendor: Citrix
Product: NetScaler
Date Added: 2026-03-30
Notes: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 ; https://nvd.nist.gov/vuln/detail/CVE-2026-3055
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3055
Loading...

CISA KEV TrackerMar 27
CVE ID: CVE-2025-53521
Vendor: F5
Product: BIG-IP
Date Added: 2026-03-27
Notes: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: https://my.f5.com/manage/s/article/K000156741 ; https://my.f5.com/manage/s/article/K000160486 ; https://my.f5.com/manage/s/article/K11438344 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53521
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-53521
myF5

CISA KEV TrackerMar 26
CVE ID: CVE-2026-33634
Vendor: Aquasecurity
Product: Trivy
Date Added: 2026-03-26
Notes: This vulnerability involves a supply‑chain compromise in a product that may be used across multiple products and environments. Additional vendor‑provided guidance must be followed to ensure full remediation. For more information, please see: https://github.com/advisories/GHSA-69fq-xp46-6x23 ; https://nvd.nist.gov/vuln/detail/CVE-2026-33634
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-33634
CVE-2026-33634 - GitHub Advisory Database

Trivy ecosystem supply chain was briefly compromised

GitHub
CISA KEV TrackerMar 25
CVE ID: CVE-2026-33017
Vendor: Langflow
Product: Langflow
Date Added: 2026-03-25
Notes: https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx ; https://nvd.nist.gov/vuln/detail/CVE-2026-33017
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-33017
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows without requiring authentication. When the optional `data` parameter is supplied, the endpoint...

GitHub
CISA KEV TrackerMar 20
CVE ID: CVE-2025-31277
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-20
Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-31277
About the security content of iOS 18.6 and iPadOS 18.6 - Apple Support

This document describes the security content of iOS 18.6 and iPadOS 18.6.

Apple Support
CISA KEV TrackerMar 20
CVE ID: CVE-2025-43520
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-20
Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-43520
About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support

This document describes the security content of iOS 26.1 and iPadOS 26.1.

Apple Support
CISA KEV TrackerMar 20
CVE ID: CVE-2025-43510
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-20
Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-43510
About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support

This document describes the security content of iOS 26.1 and iPadOS 26.1.

Apple Support
CISA KEV TrackerMar 20
CVE ID: CVE-2025-54068
Vendor: Laravel
Product: Livewire
Date Added: 2026-03-20
Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-54068
Livewire remote command execution during property update hydration

### Impact In Livewire v3 (≤ 3.6.3), a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property...

GitHub