Timeline
Known Exploited Vulnerabilities
CISA's catalogue of CVEs confirmed as actively exploited; mandatory patch deadlines for US federal agencies.
31 of 31 entries (31 events, 0 interactions)
Filters
#1014 Jul
A quiet KEV fortnight, then a 2008 bug
Cybersecurity: Threats and Defences#94 Jul
Mentioned in: BOD 26-04, a fortnight of triage
Cybersecurity: Threats and Defences#91 Jul
Mentioned in: SharePoint patch clock runs out today
Cybersecurity: Threats and Defences#91 Jul
Mentioned in: BlueHammer turns into a ransomware step
Cybersecurity: Threats and Defences#929 Jun
Mentioned in: Cisco tops a five-vendor KEV batch
Cybersecurity: Threats and Defences#823 Jun
Mentioned in: Triple CVSS-10 Ubiquiti chain hits root
Cybersecurity: Threats and Defences#818 Jun
Mentioned in: Splunk lands its first-ever KEV entry
Cybersecurity: Threats and Defences#817 Jun
Mentioned in: A handle keeps dropping MS zero-days
Cybersecurity: Threats and Defences#810 Jun
Reached 1,627 entries under the new regime as of 23 June
Cybersecurity: Threats and Defences: CISA tears up its KEV deadline rules#79 Jun
Mentioned in: 200 fixes, six zero-days, late Exchange
Cybersecurity: Threats and Defences#79 Jun
Mentioned in: Arista refuses to patch KEV flaw
Cybersecurity: Threats and Defences#78 Jun
Mentioned in: VPN zero-day open a month pre-patch
Cybersecurity: Threats and Defences#75 Jun
Mentioned in: SolarWinds Serv-U back on KEV list
Cybersecurity: Threats and Defences#63 Jun
Received CVE-2026-45247 as a new entry on 3 June 2026
Cybersecurity: Threats and Defences: Magento RCE forces 9-day patch race#62 Jun
Mentioned in: Old Linux container bug back in the wild
Cybersecurity: Threats and Defences#61 Jun
Mentioned in: WebLogic flaw revived as ransomware vector
Cybersecurity: Threats and Defences#522 May
Mentioned in: Drupal SQL flaw hits PostgreSQL sites
Cybersecurity: Threats and Defences#521 May
Listed CVE-2025-34291 and CVE-2026-34926 with a 4 June federal patch deadline
Cybersecurity: Threats and Defences: AI orchestration flaw joins CISA's KEV#518 May
Mentioned in: GitHub's own code cloned via add-on
Cybersecurity: Threats and Defences#415 May
Mentioned in: Exchange repeats the CISA deadline-before-patch trap
Cybersecurity: Threats and Defences#414 May
Mentioned in: UAT-8616 keeps Cisco SD-WAN under fire
Cybersecurity: Threats and Defences#413 May
Mentioned in: Patch Tuesday clean streak hides out-of-band KEVs
Cybersecurity: Threats and Defences#37 May
Mentioned in: Ivanti EPMM logs fourth KEV zero-day since 2023
Cybersecurity: Threats and Defences#36 May
Received CVE-2026-0300 entry on 6 May
Cybersecurity: Threats and Defences: CISA deadline for PAN-OS RCE lands four days early#330 Apr
Mentioned in: cPanel zero-day ran 65 days before patch; Sorry ransomware active
Cybersecurity: Threats and Defences#220 Apr
CISA gives Cisco SD-WAN three days to patch
Cybersecurity: Threats and Defences#319 Apr
Mentioned in: KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief
Cybersecurity: Threats and Defences#114 Apr
Mentioned in: 17-year-old Office RCE back on KEV
Cybersecurity: Threats and Defences#17 Apr
Mentioned in: Trump proposes $707m CISA cut, 860 jobs
Cybersecurity: Threats and Defences#128 Mar
Mentioned in: F5 reclassifies DoS bug to 9.8 RCE
Cybersecurity: Threats and Defences#123 Mar