Top/Articles/CISA KEV Dashboard in Japanese β€” Browse the Actively Exploited Catalog
cisa-kev-dashboard-ja-cover-en

CISA KEV Dashboard in Japanese β€” Browse the Actively Exploited Catalog

Browse CISA's Known Exploited Vulnerabilities catalog (1,603 entries) in a Japanese-localized dashboard: full-text search, vendor filtering, Japan-market vendor filter, and ransomware-related extraction. Free, browser-only, no signup. Each CVE deep-links to NVD and our incident articles.

LabPublished May 27, 2026Last updated June 24, 2026
Table of contents
Key takeaways

Browse CISA's Known Exploited Vulnerabilities catalog (1,603 entries) in a Japanese-localized dashboard: full-text search, vendor filtering, Japan-market vendor filter, and ransomware-related extraction. Free, browser-only, no signup. Each CVE deep-links to NVD and our incident articles.

A Japanese-localized dashboard for CISA's Known Exploited Vulnerabilities catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) maintains the KEV (Known Exploited Vulnerabilities) catalog β€” a daily-updated list of vulnerabilities that have been observed being exploited in the wild. As of today, 1,603 entries. The recent LiteSpeed cPanel flaw and the Chrome WebGPU zero-day both landed in this list within days of disclosure.

CISA's official page is an English table, sorted by date added, hard to filter by vendor or product, and gives no visibility into which entries hit Japanese-market vendors. This dashboard provides a Japanese UI with full-text search, vendor filtering, ransomware-related extraction, and a dedicated filter for Japan-market vendors. Browser-only, no signup, no install.

First try the dashboard below, then read on for "what KEV actually is," "why a Japanese version was needed," "how it works under the hood," and "what this tool cannot show."

CISA KEV Dashboard (Japanese-localized)

Loading…
50 per page

Data source: cisagov/kev-data (CISA's official GitHub mirror, US federal government work). Browser fetches around once a day; ETag matches skip the redownload.

Quick glossary β€” what CVE, KEV, NVD, CWE, and BOD 22-01 actually mean

If you came here without prior context on the terms CVE, KEV, NVD, CWE, or BOD 22-01, here is the one-level-down explanation. CSIRT, SOC, and SRE folks who use KEV at work can skip this section.

TermIn one sentenceA level deeper
CISAThe US federal
cybersecurity agency
Cybersecurity and Infrastructure Security Agency.
Sits under the Department of Homeland Security.
Defends federal networks and
shares threat data with the private sector.
KEVCatalog of vulnerabilities
seen in real attacks
Known Exploited Vulnerabilities.
Not "potentially dangerous"
but "actually observed being exploited",
curated by CISA.
CVEThe global
"vulnerability tracking number"
Common Vulnerabilities and Exposures.
Format: CVE-2026-8832.
Coordinated by MITRE in the US.
NVDThe US government
vulnerability database
National Vulnerability Database.
Augments each CVE with a CVSS severity score
and the list of affected product configurations.
CWECategorization of
vulnerability "types"
Common Weakness Enumeration.
e.g. CWE-79 (XSS),
CWE-89 (SQL injection).
Useful when sorting by root cause.
dueDateRemediation deadline
for US federal agencies
A per-entry deadline set by CISA.
Legally binding for US federal civilian agencies.
No direct force on Japanese companies,
but it is "the day the global defenders move".
BOD 22-01The binding directive
that created KEV
Binding Operational Directive 22-01.
Orders US federal civilian agencies to
"remediate exploited vulnerabilities by the deadline".
KEV is operated under this directive.
Ransomware-relatedObserved in
ransomware campaigns
Tracked by CISA via the
knownRansomwareCampaignUse flag.
As of today, 323 out of 1,603 entries.
0-dayExploited before
a patch existed
A common starting point for KEV entries.
Our Chrome zero-day and Laravel Livewire
articles both followed the
"0-day β†’ KEV within days" pattern.

In short, KEV is "a roster of vulnerabilities CISA confirmed are being exploited by aggregating worldwide attack telemetry." US federal agencies must remediate within the deadline; everyone else uses it as an indicator of "where the global defender community is focusing its budget right now."

Why a Japanese-localized dashboard?

CISA's official page is an English table sorted by date added. Day-to-day work needs additional slicing:

  • β–Έ "Show me only my vendors." Reading all 1,603 entries isn't realistic.
  • β–Έ "Extract just the ransomware ones." Reporting to executives goes much faster with "this was used in actual ransom campaigns" as the framing.
  • β–Έ "Highlight Japan-market products." A US-centric list buries Cybozu, Fujitsu, and other Japan-only vendors.
  • β–Έ "Split out the overdue ones." Vulnerabilities still listed past their CISA remediation deadline have been exposed for an unusually long time.

Each of these otherwise requires manual eyeballing of the English page, which steadily drains CSIRT, SOC, and SRE time. A Japanese UI with these filters in one screen handles it.

A note on existing tooling: vulncheck and commercial vulnerability managers already wrap KEV. They are paid, gated by accounts, and need internal approval. This dashboard fits the "paste-and-glance" / "individual lookup" rung below that.

How it works β€” fetching CISA's official mirror straight from the browser

There is no backend. HTML and JavaScript fetch the entire KEV JSON from CISA's official GitHub mirror and do all filtering, sorting, and pagination in the browser.

StepWhat happensLibrary used
(1) FetchPull the full KEV JSON (~1.5 MB)
from the GitHub mirror, store ETag
in localStorage
fetch API
(2) Persistent cacheSave the 1,603 rows to IndexedDB;
never refetch until the ETag changes
IndexedDB
(3) FilteringFull-text / vendor / due date / ransomware /
Japan-relevance filters combine in
client-side JS
vanilla JS
(4) Japan dictionaryMatch against a hand-maintained dictionary
of Japan-only and Japan-market vendors
Hard-coded JS set

Two implementation points worth surfacing. First, CORS. CISA's cisa.gov/sites/.../known_exploited_vulnerabilities.json does not return Access-Control-Allow-Origin, which blocks browser fetches. The same data is published by CISA themselves at github.com/cisagov, served by GitHub with access-control-allow-origin: *, so this dashboard fetches from there. Data integrity is verified by comparing catalogVersion and dateReleased against the canonical CISA source.

Second, the 1.5 MB first-load cost. We accept that for the initial fetch, then cache in IndexedDB. The ETag goes into localStorage, and the next visit sends an If-None-Match header. A 304 means we trust the cache. KEV adds a handful of entries per day, so re-downloads are rare.

The "Japan-only" and "Japan market" classifications live in a hand-coded JS dictionary. Because KEV is sourced from US-observed attacks, Japan-only vendors like Cybozu and Fujitsu rarely appear, while Japan-popular foreign vendors (Microsoft, Apple, Cisco, Adobe, Google) appear in large numbers. Both filters are exposed so the user picks the slice they need.

Filter behavior in detail

Text search

Substring match across CVE ID, vendor, product, vulnerability name, short description, and notes fields. Case insensitive. Multiple keywords separated by spaces become AND search (e.g. Cisco router).

Vendor filter

The dropdown is auto-populated from vendorProject values that actually appear in the catalog (about 120 vendors today). The top vendors are Microsoft (377), Apple (93), Cisco (90), Adobe (79), Google (71), Oracle (42).

Japan-only / Japan market vendors

Two layers:

  • β–Έ Japan-only: Cybozu / Fujitsu / NEC / Nintendo / Panasonic / Sony / Canon / Trend Micro / Ricoh / Hitachi / Toshiba / Brother / Sharp / Epson / Buffalo / I-O DATA / ELECOM / JustSystems / Yamaha / SoftBank / Rakuten / IIJ / Bandai Namco / Konica Minolta (exact match, 25 vendors)
  • β–Έ Japan market presence: Microsoft / Apple / Cisco / Google / Adobe / Oracle / VMware / Fortinet / F5 / Citrix / Atlassian / Apache / Linux / Synology / QNAP / Ivanti / Palo Alto Networks / SonicWall / TP-Link / D-Link / Zoho / PostgreSQL / WordPress (exact match, 23 vendors)

The dictionary is hand-maintained in the page source. Drop a comment if a vendor you care about is missing.

Ransomware-related / Past due

The ransomware filter shows entries CISA flagged knownRansomwareCampaignUse: "Known". The past-due filter selects entries where dueDate is earlier than today β€” strictly meaningful for US federal agencies, but useful elsewhere as a "the world's defenders should have moved by now" marker.

What this dashboard cannot show

Worth listing the blind spots so the tool is not over-trusted:

  • ? Undisclosed or unobserved vulnerabilities. KEV entries land after exploitation has been confirmed. The zero-day window itself is unprotected.
  • ? Registration lag. CISA typically takes days to weeks from intelligence gathering to publication. "Not in KEV" is not "safe."
  • ? Low coverage for Japan-only vendors. KEV is sourced from US-observed attacks; Japan-only products like Cybozu and Fujitsu are under-represented. Pair this with JPCERT/CC and IPA advisories.
  • ? Impact details require NVD. KEV is about the "it was exploited" fact; CVSS scores and affected version ranges live on NVD. Each row deep-links to NVD.
  • ? Matching against your own assets is a separate job. Whether a flagged CVE actually exists in your environment requires asset-inventory reconciliation. This tool only makes catalog browsing efficient.

Linking past incident articles to KEV entries

Several of our recent CVE incident articles have a KEV entry. Some were "already in KEV at publication," others "added to KEV shortly after our write-up."

WhenIncidentCVEArticle
2026-06UniFi OS unauthenticated root takeover
(chained RCE, KEV-listed)
CVE-2026-34908 /
34909 / 34910
UniFi
2026-06Chrome V8 zero-day
(exploited, 5th of 2026)
CVE-2026-11645Chrome
2026-06Cisco SD-WAN Manager
privilege escalation (exploited)
CVE-2026-20245Cisco
2026-06Arista EOS tunnel
mis-decapsulation (exploited)
CVE-2026-7473NVD (no standalone article)
2026-06Check Point VPN auth bypass
(Qilin ransomware, exploited)
CVE-2026-50751Check Point
2026-06SolarWinds Serv-U unauth DoSCVE-2026-28318SolarWinds
2026-06LiteLLM exploited (KEV = SQLi)CVE-2026-42208LiteLLM
2026-05LiteSpeed cPanel pluginCVE-2026-48172LiteSpeed
2026-05Drupal unauthenticated takeoverCVE-2026-9082Drupal
2026-04Chrome WebGPU zero-dayCVE-2026-5281Chrome
2026-04Laravel Livewire nation-state abusesee articleLaravel
2025-12F5 BIG-IP past-deadlineCVE-2025-53521F5

For the dependency-side of supply chain attacks, pair this with our OSS Supply Chain Scanner: your project's dependency vulnerabilities (offensive side) plus the world's actively-exploited catalog (defensive side) in one mental view.

Roadmap and requests

Current scope ends at the present screen. Next pass under consideration:

  • β–Έ RSS output of the current filter set (subscribable in CSIRT/SOC feed readers)
  • β–Έ Browser Push notifications when a new KEV entry is added
  • β–Έ Dynamic "currently in KEV" badge injected into our existing 28 CVE incident articles
  • β–Έ Semi-automated maintenance of the Japan-only vendor dictionary, cross-referencing JPCERT/CC, IPA, and JVN feeds

Missing something useful for your workflow? Drop a comment or use the contact form.

Sources and licensing

The KEV catalog is US federal government work, not subject to US copyright, but operated by CISA. This dashboard is an independent client, not a CISA or US government service.

avatar-m-1

Makoto Horikawa

Backend Engineer / AWS / Django

Related articles

praisonai-cve-cover-en
News

AI agent framework PraisonAI hit by 5 flaws, one a max-severity 10.0 RCE (CVE-2026-61447): update now

July 11, 2026
cve-digest-2026-07-11-cover-en
News

July 11, 2026 Security Vulnerability Roundup: Seven WordPress Plugins Enable Admin Takeover β€” Does It Affect You?

July 11, 2026
miniorange-login-cve-cover-en
News

Two miniOrange WordPress login plugins allow admin takeover (CVE-2026-12761 & 57807)

July 11, 2026
mcp-server-kubernetes-cve-cover-en
News

AI-to-Kubernetes tool mcp-server-kubernetes flaw leaks admin credentials (CVE-2026-61459)

July 11, 2026
joomla-extensions-cve-cover-en
News

Two Joomla extensions under active attack: Balbooa Forms & iCagenda RCE

July 11, 2026
9router-cve-cover-en
News

9Router flaws leak stored API keys and tokens (CVE-2026-55500 and more)

July 11, 2026
intellij-idea-cve-cover-en
News

IntelliJ IDEA RCE flaw CVE-2026-59792: opening a crafted project runs code

July 11, 2026
superforms-cve-cover-en
News

WordPress Form Plugin 'Super Forms' Site-Takeover Flaw CVE-2026-14894 β€” Exploitable With No Login, Update Now

July 10, 2026
hermes-webui-cve-cover-en
News

Popular AI Agent UI 'Hermes WebUI' Server-Takeover Flaw CVE-2026-58123 β€” No Password Needed, Plus API-Key Theft; Update Now

July 10, 2026
userswp-cve-cover-en
News

WordPress Member Plugin 'UsersWP' Site-Takeover Flaw CVE-2026-13492 β€” 20,000 Sites Should Update to v1.2.66 Now

July 10, 2026
metabase-cve-cover-en
News

Analytics Tool 'Metabase' Server-Takeover Flaw CVE-2026-59827 Lets Ordinary Users Seize the Server β€” Update Now

July 10, 2026
cline-cve-cover-en
News

Popular AI Coding Tool Cline Hijackable by Any Website (CVE-2026-59723): Command Execution and API Key Theft β€” Update to 3.0.30

July 9, 2026
repomix-ssrf-cve-cover-en
News

Critical SSRF in Repomix (CVE-2026-59702): The Popular AI Code-Packing Tool's Server Could Leak Cloud Keys β€” Update to 1.14.1

July 9, 2026
fortinet-fortisandbox-cve-cover-en
News

Fortinet FortiSandbox Has Four No-Login Takeover Flaws (CVE-2026-39808 and More): Some Exploited β€” Update Now

July 8, 2026
citrix-netscaler-cve-cover-en
News

Citrix NetScaler Leaks Data Before Login (CVE-2026-8451): 'CitrixBleed' Is Back and Under Active Attack

July 8, 2026
oracle-ebs-cve-cover-en
News

Oracle E-Business Suite Can Be Hijacked Without a Password (CVE-2026-46817): Actively Exploited, Patch Now

July 8, 2026
cve-digest-2026-07-07-cover-en
News

July 7, 2026 Security Vulnerability Roundup: Dell, Red Hat, Kubernetes Infra and More β€” Does It Affect You?

July 8, 2026
cve-digest-2026-07-08-cover-en
News

July 8, 2026 Security Vulnerability Roundup: Plesk, ArcGIS, Self-Hosted AI Tools and More β€” Does It Affect You?

July 8, 2026
joomla-page-builder-cve-cover-en
News

Two Popular Joomla Page Builders Can Be Hijacked Without a Login (CVE-2026-48908, CVE-2026-56290): Update Now

July 8, 2026
gitea-cve-cover-en
News

Self-hosted Git "Gitea" hit by admin-takeover flaw: CVE-2026-20896 and 8 more, update to 1.26.4

July 4, 2026
sharepoint-cve-cover-en
News

SharePoint Server Takeover Flaw CVE-2026-45659 Now Exploited (CISA KEV): Patch On-Prem Now

July 2, 2026
control-web-panel-cve-cover-en
News

Unauthenticated Takeover Flaw in Control Web Panel (CVE-2026-57517): 150,000+ Instances Exposed β€” Update to 0.9.8.1225

July 2, 2026
bmc-control-m-cve-cover-en
News

Critical Flaw in BMC Control-M (CVE-2026-10539): Server Takeover With No Password β€” Update to 9.0.21.300

July 1, 2026
ultravnc-cve-cover-en
News

UltraVNC: 3 Critical Flaws (CVE-2026-7840) β€” Repeater Takeover With No Password, Update to 1.8.2.4

July 1, 2026
ibm-db2-cve-cover-en
News

Pre-Auth RCE in IBM Db2 (CVE-2026-10109): Patch the Core Database Now

July 1, 2026
conductor-cve-cover-en
News

Unauthenticated RCE in Netflix/Orkes Conductor (CVE-2026-58138): Patch to 3.30.2 Now

July 1, 2026
adobe-coldfusion-cve-cover-en
News

Adobe ColdFusion Flaw Now Exploited in Attacks β€” CVE-2026-48282, Seven 10.0s, Patch Now

July 1, 2026
simplehelp-cve-cover-en
News

Critical Auth-Bypass in SimpleHelp (CVE-2026-48558, CVSS 10): Attackers Can Take Over Every Managed PC β€” Now in CISA KEV, Update to 5.5.16

June 30, 2026
kestra-cve-cover-en
News

Critical Kestra flaws (CVE-2026-53576/49869): unauthenticated root RCE

June 27, 2026
mise-cve-cover-en
News

Critical mise flaws CVE-2026-33646/55441: cd into a repo, code runs

June 27, 2026
revive-adserver-cve-cover-en
News

Code-execution flaw in ad server Revive Adserver (CVE-2026-50741): update to 6.0.8

June 26, 2026
ptc-windchill-cve-cover-en
News

Max-Severity Flaw in Manufacturers' Design-Data Software PTC Windchill: Patch Now (CVE-2026-12569)

June 26, 2026
cisco-unified-cm-cve-cover-en
News

Cisco Phone System Flaw CVE-2026-20230 Now Exploited: Patch to Stop a Root Takeover

June 26, 2026
dynabook-toshiba-driver-cve-cover-en
News

Toshiba/Dynabook PCs Have an Unpatchable Driver Flaw (CVE-2026-56129): Remove the Driver

June 25, 2026
quest-netvault-cve-cover-en
News

10 Flaws in Quest NetVault Backup Allow Auth Bypass and Server Takeover: CVE-2026-9787 and More, Update to 14.0.2

June 25, 2026
appsmith-cve-cover-en
News

Reverse-Proxy Takeover Flaw in Low-Code Platform Appsmith (CVE-2026-55454) β€” Update to v2.1

June 25, 2026
cacti-cve-cover-en
News

Unauthenticated Database-Theft Flaw in Network Monitor Cacti (CVE-2026-39893) β€” Update to v1.2.31

June 25, 2026
rocketchat-cve-cover-en
News

Three Unauthenticated Takeover Flaws in Team Chat Rocket.Chat (CVE-2026-45688 and More) β€” Update Now

June 25, 2026
gogs-cve-cover-en
News

Six Flaws in Self-Hosted Git Service Gogs, Unauthenticated Takeover (CVE-2026-52813 and More) β€” Update to v0.14.3

June 25, 2026
mastodon-cve-cover-en
News

SSRF Flaw in Mastodon Lets the Server Be Abused to Reach Cloud Secrets (CVE-2026-47389) β€” Update Now

June 25, 2026
jellyfin-cve-cover-en
News

Two File-Write Flaws in Self-Hosted Media Server Jellyfin (CVE-2026-48793 and More) β€” Update to v10.11.10

June 25, 2026
ghost-cve-cover-en
News

Cache-Poisoning Takeover Flaw in Publishing Platform Ghost (CVE-2026-53943) β€” Update to v6.37.0

June 25, 2026
rclone-cve-cover-en
News

Unauthenticated Remote Takeover Flaw in Cloud Sync Tool Rclone (CVE-2026-49980) β€” Update to v1.74.3

June 25, 2026
warp-cve-cover-en
News

Four Flaws in AI Agent Terminal Warp (CVE-2026-48704 and More) β€” Update to the Latest Build

June 25, 2026
feast-cve-cover-en
News

Unauthenticated Flaws Pile Up in ML Feature Store Feast: Server Takeover and Arbitrary File Write (CVE-2026-56121 & CVE-2026-23537) β€” Update to v0.63.0

June 25, 2026
capgo-cve-cover-en
News

Many Flaws in Capacitor Live-Update Service Capgo (CVE-2026-56237 and More) β€” Update to v12.128.2 Now

June 24, 2026
ultimate-member-cve-cover-en
News

Admin Takeover Flaw in WordPress 'Ultimate Member' (CVE-2026-7761) β€” Update to v2.12.0 Now

June 24, 2026
geovision-gvio-box-cve-cover-en
News

8 Takeover Flaws in GeoVision GV-I/O Box 4E (CVE-2026-12485 and more) β€” Update to v2.12 Now

June 24, 2026
style-dictionary-cve-2026-54639-prototype-pollution-cover-en
News

Style Dictionary flaw CVE-2026-54639: a crafted token can poison your build β€” update to 5.4.4

June 24, 2026
langflow-cve-2026-10561-cover-en
News

Langflow Hit by 8 More Flaws (CVE-2026-10134 et al.): Unauthenticated Takeover β€” Update Now

June 23, 2026
siyuan-cve-2026-56395-56397-bazaar-xss-rce-cover-en-update
News

Four new takeover flaws in the SiYuan note app (CVE-2026-50551 et al.): update to 3.7.0

June 22, 2026
crawl4ai-cve-2026-56265-docker-jwt-hardcoded-key-auth-bypass-cover-en-0707
News

Unauthenticated takeover in AI crawler Crawl4AI (CVE-2026-57572, CVSS 10.0): update to 0.9.0

June 22, 2026
prefect-cve-2026-5366-git-argument-injection-rce-cover-en
News

Server takeover flaw in Prefect (CVE-2026-5366): update to the latest

June 21, 2026
flowise-cve-2024-58351-overrideconfig-rce-cover-en
News

Four new critical flaws in AI builder Flowise β€” CVE-2025-71338 is a perfect-10.0 RCE with no patch

June 21, 2026
signalrgb-kernel-driver-cve-2026-8049-8050-byovd-privesc-cover-en-rewrite
News

Is SignalRGB Safe? Update to 1.3.7 to Fix Its Kernel Driver Flaws (CVE-2026-8049/8050)

June 18, 2026
picklescan-cve-2026-3490-detection-bypass-8-flaws-cover-en
News

Picklescan Can Be Bypassed: 8 Flaws Let Malicious AI Models Pass as Safe (CVE-2026-3490), Update to v1.0.4

June 18, 2026
joomla-jce-cve-2026-48907-unauth-rce-cover-en-rewrite
News

Joomla Sites Using the JCE Editor Can Be Taken Over: Update to 2.9.99.6 Now (CVE-2026-48907)

June 17, 2026
the-events-calendar-cve-2026-49772-unauth-sql-injection-cover-en
News

The Events Calendar CVE-2026-49772: Unauth SQL Injection, Patch Now

June 16, 2026
zyxel-gs1900-cve-2026-7273-buffer-overflow-rce-cover-en
News

Zyxel GS1900 Switch Takeover Flaw CVE-2026-7273: Patch 10 Models Now

June 16, 2026
i18next-cve-2026-48713-48714-prototype-pollution-cover-en
News

Two Unauthenticated Flaws in the i18n Library i18next: CVE-2026-48713 / 48714

June 16, 2026
wordpress-plugins-june-2026-critical-vulnerabilities-roundup-cover-en
News

Takeover Flaws Across Many WordPress Plugins: June 2026 Disclosure, Update Each One Now

June 16, 2026
spring-ai-cve-2026-47835-vector-store-query-injection-cover-en
News

Query-Injection Flaw in Spring AI Vector Stores: CVE-2026-47835, Update to 1.0.9 / 1.1.8 Now

June 16, 2026
cisco-sd-wan-manager-cve-2026-20262-arbitrary-file-write-cover-en
News

Exploited Flaw in Cisco Catalyst SD-WAN Manager: CVE-2026-20262, Update to a Fixed Release Now

June 16, 2026
fortra-boks-cve-2026-9862-autoregisterd-command-injection-cover-en
News

Takeover Flaw in the PAM Tool Fortra BoKS: CVE-2026-9862, Update to s-9.0.0.5 / s-8.1.0.23 Now

June 16, 2026
woo-pdf-invoice-builder-cve-2026-52704-unauth-rce-cover-en
News

Max-Severity Takeover Flaw in a WooCommerce Invoice Plugin: CVE-2026-52704, Update to 2.0.9 Now

June 16, 2026
foxit-ai-cve-2026-12057-pdf-javascript-rce-cover-en
News

Takeover Flaw in Foxit's AI PDF Tool: CVE-2026-12057, a Crafted PDF Can Lead to Remote Code Execution

June 15, 2026
major-hacker-ransomware-groups-directory-cover-en
Roundup

Hacker and Ransomware Groups Explained: Qilin, Anonymous, and Attacks on Japan

June 15, 2026
litespeed-cpanel-cve-2026-54420-symlink-root-second-cover-en
News

LiteSpeed cPanel Plugin: 2nd Takeover Flaw CVE-2026-54420, Fix v2.4.8

June 14, 2026
naxclow-cheap-wifi-camera-doorbell-takeover-cve-2026-28742-cover-en
News

Cheap Wi-Fi Cameras and Doorbells Can Be Hijacked, No Fix Coming: CVE-2026-28742

June 13, 2026
gitlab-security-release-cve-2026-6552-account-takeover-cover-en
News

GitLab Patches 14 More Flaws: Self-Managed Servers Should Update to 19.1.1 (CVE-2026-10086)

June 11, 2026
oracle-peoplesoft-cve-2026-35273-unauth-rce-emergency-cover-en-rw
News

Oracle PeopleSoft CVE-2026-35273 Now Actively Exploited (CISA KEV): Patch the 9.8 Flaw Now

June 11, 2026
splunk-cve-2026-20253-unauth-file-write-jsonpickle-rce-cover-en
News

Two Flaws in Splunk: Files Destroyed Without a Login, CVE-2026-20253 and CVE-2026-20251, Update Now

June 11, 2026
cisco-sd-wan-manager-cve-2026-20245-root-privesc-cover-en
News

Exploited Flaw in Cisco SD-WAN Manager (CVE-2026-20245) Can Seize Root

June 10, 2026
chrome-zero-day-cve-2026-11645-v8-cover-en
News

Exploited Chrome Zero-Day CVE-2026-11645, the 5th of 2026 β€” Update Chrome Now

June 10, 2026
ivanti-sentry-cve-2026-10520-10523-unauth-rce-cover-en
News

Ivanti Sentry CVE-2026-10520 Exploited (KEV): Patch the 10.0 RCE Now

June 10, 2026
apache-http2-bomb-cve-2026-49975-ai-discovered-dos-cover-en-rewrite
News

Apache HTTP Server 2.4.68: 13 Vulnerabilities Fixed β€” HTTP/2 Bomb (CVE-2026-49975), CVE-2026-44119, CVE-2026-44185

June 9, 2026
check-point-vpn-cve-2026-50751-ikev1-auth-bypass-qilin-cover-en-0707
News

The Security Risks of Outdated VPN Protocols Like IKEv1 (and the CVE-2026-50751 Attack, Explained)

June 9, 2026
litellm-cve-2026-42271-mcp-command-injection-unauth-rce-cover-en
News

LiteLLM Unauthenticated RCE via MCP: CVE-2026-42271 (Now in CISA KEV) β€” Upgrade to 1.83.7

June 9, 2026
markdown-preview-enhanced-cve-2026-49492-49493-50733-vscode-rce-cover-en
News

Markdown Preview Enhanced (VS Code Extension): Opening a Markdown File Can Run Code, CVE-2026-49492/49493/50733, Update to 0.8.28

June 6, 2026
solarwinds-serv-u-cve-2026-28318-kev-dos-cover-en
News

SolarWinds Serv-U Flaw Lets Attackers Crash the Service: CVE-2026-28318, Now Exploited

June 6, 2026
7-zip-cve-2026-48095-ntfs-heap-overflow-rce-cover-en
News

7-Zip Flaw Lets a Crafted File Take Over Your PC: CVE-2026-48095, Update to 26.01

June 6, 2026
tp-link-tapo-cve-2026-34126-bluetooth-cleartext-setup-cover-en
News

Tapo D100C, L535E and P300 Leak Setup Data Over Bluetooth (CVE-2026-34126) β€” Update Now

June 5, 2026
bartender-cve-2026-25550-net-remoting-rce-cover-en
News

Unauthenticated Takeover in Label Software BarTender (CVE-2026-25550): Legacy 2010/2016/2019 at Risk

June 5, 2026
tautulli-cve-2026-43986-plex-monitor-takeover-cover-en
News

Plex Companion Tautulli Hit by Five Flaws (CVE-2026-43986 and More): Update to v2.17.1

June 5, 2026
openstack-mistral-cve-2026-41283-policy-bypass-rce-cover-en
News

Critical Takeover Flaw in OpenStack Mistral: CVE-2026-41283 Lets Any Logged-In User Run Code

June 4, 2026
mirasvit-cache-warmer-cve-2026-45247-magento-rce-cover-en
News

Magento Stores Face Server Takeover Flaw CVE-2026-45247, Already Under Attack

June 4, 2026
apache-mina-cve-2026-47065-deserialization-rce-cover-en
News

Apache MINA Flaw CVE-2026-47065 Lets Attackers Take Over Servers Without a Login

June 3, 2026
authentik-cve-2026-49448-multiple-vulnerabilities-cover-en
News

authentik Identity Platform: 4 Flaws Let Attackers Skip Login, CVE-2026-49448 β€” Update Now

June 3, 2026
linux-cgroups-cve-2022-0492-container-escape-kev-cover-en
News

Linux container-escape flaw CVE-2022-0492 exploited; CISA orders a fix

June 3, 2026
amazon-kiro-cve-2026-10591-file-write-tasks-json-rce-cover-en
News

Flaw in Amazon's AI dev tool Kiro, CVE-2026-10591: open a folder, run code

June 3, 2026
progress-sitefinity-cve-2026-7198-7312-multiple-vulnerabilities-cover-en
News

Five flaws in enterprise CMS Sitefinity, unauthenticated data exposure: CVE-2026-7198 and more

June 3, 2026
openshift-cve-2026-1784-route-haproxy-config-injection-cover-en
News

OpenShift flaw CVE-2026-1784: low-privilege users can hijack cluster traffic

June 2, 2026
kirki-cve-2026-8206-account-takeover-password-reset-cover-en
News

WordPress 'Kirki' flaw CVE-2026-8206 now exploited to hijack admins on 500k sites

June 2, 2026
cloud-foundry-uaa-cve-2026-40965-ec-private-key-exposure-cover-en
News

Cloud Foundry UAA leaks its private key: CVE-2026-40965 (CVSS 10.0)

June 2, 2026
weblogic-cve-2024-21182-kev-exploited-cover-en
News

Oracle WebLogic CVE-2024-21182 exploited in the wild; CISA orders a fix

June 2, 2026
wordpress-plugins-gravity-forms-cve-2026-48866-42680-42682-48879-roundup-cover-en
News

Four WordPress plugins hit with critical takeover flaws: CVE-2026-48866 and 3 more

June 2, 2026
dassault-catia-teamwork-cloud-cve-2026-7858-9024-unauth-rce-cover-en
News

CATIA design-data server hijacked without login: CVE-2026-7858 (and DELMIA XSS CVE-2026-9024)

June 1, 2026
japan-enterprise-vulnerabilities-2026-jvn-roundup-cover-en
News

Major Vulnerabilities in Products Japanese Enterprises Use, H1 2026

June 1, 2026
palo-alto-pan-os-cve-2026-0257-globalprotect-auth-bypass-cover-en
News

Palo Alto VPN Authentication Bypass CVE-2026-0257 Exploited in the Wild β€” Patch Now

May 30, 2026
mautic-cve-2026-9558-twig-ssti-may-bundle-cover-en
News

Mautic Hit by Twig-Theme SSTI RCE: CVE-2026-9558, Bundled May Patch Fixes 7 CVEs

May 29, 2026
acf-extended-cve-2026-8809-admin-creation-second-round-cover-en
News

ACF Extended Admin-Hijack Returns 4 Months Later: CVE-2026-8809, Fix 0.9.2.6

May 29, 2026
oracle-cspu-may-2026-monthly-launch-cvss-10-cover-en
News

Oracle Goes Monthly: First CSPU, 35 Patches Including CVSS 10.0 (May 2026)

May 29, 2026
samba-cve-2026-4408-check-password-script-rce-cover-en
News

Unauthenticated RCE in Samba: CVE-2026-4408 Injects Commands via %u in check password script, Patch to 4.24.3 Now

May 28, 2026
jupyter-server-cve-2025-61669-login-open-redirect-cover-en
News

Phishing Redirect Flaw in Jupyter Server CVE-2025-61669: Researcher Logins In The Crosshairs

May 28, 2026
goobi-viewer-cve-2026-45083-solr-unauth-streaming-cover-en
News

Goobi Viewer Hit by Unauthenticated CVE-2026-45083: Digital Archives At Risk

May 28, 2026
pi-alert-cve-2026-44887-44888-config-injection-cover-en
News

Two Unauthenticated RCEs in Pi.Alert: CVE-2026-44887 / 44888 Hit Home Network Watchers

May 28, 2026
gladinet-triofox-cve-2026-8362-8363-8364-unauth-rce-cover-en
News

Three Critical Flaws Hit Gladinet Triofox: CVE-2026-8362 / 8363 / 8364, Enterprise File Sharing At Risk

May 28, 2026
budibase-cve-2026-46425-five-flaws-low-code-bypass-cover-en
News

Budibase Hit by Five Critical Authz Flaws: CVE-2026-46425 et al., Update to v3.39.0

May 28, 2026
dalfox-cve-2026-45087-rest-api-unauth-rce-cover-en
News

XSS Scanner Dalfox Hit by Unauthenticated RCE: CVE-2026-45087 (CVSS 10.0)

May 28, 2026
free5gc-cve-2026-44315-44326-44327-44329-44330-noauth-bypass-cover-en
News

free5GC Hit by Five Critical Auth Bypass Flaws: CVE-2026-44315/26/27/29/30

May 28, 2026
tanstack-nx-console-supply-chain-cve-2026-45321-48027-cover-en
News

From TanStack to Nx Console: Chained Supply-Chain Attack CVE-2026-45321 / CVE-2026-48027

May 28, 2026
libvnc-cve-2026-44988-malicious-server-oob-write-cover-en
News

LibVNCClient Flaw CVE-2026-44988: Malicious VNC Server Can Hijack Your PC On Connect

May 28, 2026
ibm-aspera-cve-2026-8175-8179-asperahttpd-bof-cover-en
News

IBM Aspera Hit by Two asperahttpd Buffer Overflows: CVE-2026-8175 / CVE-2026-8179

May 28, 2026
langflow-cve-2026-7524-tar-symlink-rce-cover-en
News

Critical Langflow Flaw CVE-2026-7524: TAR Symlinks Leak JWT Secret, Chain to RCE

May 28, 2026
nec-aterm-nv26-002-nv26-003-vulnerabilities-cover-en
News

NEC Aterm Routers Hit With Two New Vulnerabilities β€” Nine Home Wi-Fi Models and Two LTE Routers Affected

May 25, 2026
ubiquiti-unifi-bulletin-064-cover-en
News

UniFi hit by 15 flaws at once: cameras, door locks, routers, CVE-2026-50746

May 22, 2026
trendmicro-apex-one-2026-may-cover-en
News

Apex One Hit by 14 Vulnerabilities; Console Hijack Could Reach All Company PCs

May 22, 2026
guardianwall-mailsuite-rce-cover-en
News

Critical RCE in GUARDIANWALL MailSuite Confirmed Under Active Attack β€” 4,000 Japanese Firms Affected

May 21, 2026
axios-npm-supply-chain-attack-rat-cover-en
News

Axios npm package hijacked: RAT pushed to 100M weekly downloads (2026)

April 1, 2026
teampcp-supply-chain-cascade-trivy-cover-en
News

Trivy supply-chain cascade: 4 OSS projects compromised in 10 days (2026)

March 30, 2026