Known Exploited Vulnerabilities
Coverage of Known Exploited Vulnerabilities in the Nexus archive.
- SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
CISA added a high-severity remote code execution vulnerability (CVE-2026-45659) in Microsoft SharePoint Server to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw, rated with a CVSS score of 8.8, stems from deserialization of untrusted data.
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
CISA added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-34291 in Langflow (CVSS 9.4) and a flaw in Trend Micro Apex One. These security flaws have been identified as actively exploited in the wild.
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
CISA has added CVE-2026-20182, a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, to its Known Exploited Vulnerabilities catalog. Federal Civilian Executive Branch agencies are required to remediate the vulnerability by May 17, 2026.