Timeline
Known Exploited Vulnerabilities
CISA's KEV catalogue of CVEs with confirmed active exploitation; 9 CVEs added in 30 days including CitrixBleed 3, F5 BIG-IP RCE, and a 17-year-old Office bug.
15 of 15 entries (15 events, 0 interactions)
Filters
#522 May
Mentioned in: Drupal SQL flaw hits PostgreSQL sites
Cybersecurity: Threats and Defences#521 May
Listed CVE-2025-34291 and CVE-2026-34926 with a 4 June federal patch deadline
Cybersecurity: Threats and Defences: AI orchestration flaw joins CISA's KEV#518 May
Mentioned in: GitHub's own code cloned via add-on
Cybersecurity: Threats and Defences#415 May
Mentioned in: Exchange repeats the CISA deadline-before-patch trap
Cybersecurity: Threats and Defences#414 May
Mentioned in: UAT-8616 keeps Cisco SD-WAN under fire
Cybersecurity: Threats and Defences#413 May
Mentioned in: Patch Tuesday clean streak hides out-of-band KEVs
Cybersecurity: Threats and Defences#37 May
Mentioned in: Ivanti EPMM logs fourth KEV zero-day since 2023
Cybersecurity: Threats and Defences#36 May
Received CVE-2026-0300 entry on 6 May
Cybersecurity: Threats and Defences: CISA deadline for PAN-OS RCE lands four days early#330 Apr
Mentioned in: cPanel zero-day ran 65 days before patch; Sorry ransomware active
Cybersecurity: Threats and Defences#220 Apr
CISA gives Cisco SD-WAN three days to patch
Cybersecurity: Threats and Defences#319 Apr
Mentioned in: KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief
Cybersecurity: Threats and Defences#114 Apr
Mentioned in: 17-year-old Office RCE back on KEV
Cybersecurity: Threats and Defences#17 Apr
Mentioned in: Trump proposes $707m CISA cut, 860 jobs
Cybersecurity: Threats and Defences#128 Mar
Mentioned in: F5 reclassifies DoS bug to 9.8 RCE
Cybersecurity: Threats and Defences#123 Mar