CISA adds Three Vulnerabilities to KEV Catalog

CISA adds Three Vulnerabilities to KEV Catalog

Overview CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-8398 (Daemon Tools Lite Embedded Malicious Code) CVE-2026-45321 (TanStack Unspecified Vulnerability) CVE-2026-48027 (Nx Console Embedded Malicious Code).…
CVE-2026-9082 – Drupal Core SQL Injection

CVE-2026-9082 – Drupal Core SQL Injection

CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core's database abstraction API, specifically in the PostgreSQL EntityQuery condition handler. An unauthenticated, remote attacker can exploit this vulnerability by…
CISA adds Langflow and Trend Micro Apex One to KEV

CISA adds Langflow and Trend Micro Apex One to KEV

CVE-2025-34291 — Langflow Origin Validation Error (RCE) CVSS: 9.4CWE: CWE-346 — Origin Validation ErrorAffected Versions: Langflow ≤ 1.6.9 Vulnerability Summary Researchers at Obsidian Security uncovered a critical vulnerability chain in…
CISA adds Seven Vulnerabilities to KEV Catalog

CISA adds Seven Vulnerabilities to KEV Catalog

CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on confirmed evidence of active exploitation. The batch spans Microsoft Windows, Microsoft Internet Explorer, Adobe Acrobat/Reader, and…
CISA adds cPanel and Linux Kernel to KEV

CISA adds cPanel and Linux Kernel to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog — a critical authentication bypass in cPanel & WHM…
CISA adds Two vulnerabilities to KEV catalog

CISA adds Two vulnerabilities to KEV catalog

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation — CVE-2024-1708, a ConnectWise ScreenConnect path traversal vulnerability, and CVE-2026-32202, a Microsoft Windows…