Skip to content
The Nexus
DossierENTITY

Known Exploited Vulnerabilities (KEV)

Coverage of Known Exploited Vulnerabilities (KEV) in the Nexus archive.

Earliest in view: Apr 21 · 06:23 UTCMost recent: Jun 9 · 16:27 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 9 · 16:27 UTCCYBERSCOOP
    CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector

    CISA is rethinking risk prioritization for federal and private sectors under acting director Nick Andersen, introducing a binding operational directive for federal agencies. The directive emphasizes risk-based vulnerability management, focusing on internet-exposed assets and CISA's Known Exploited Vulnerabilities (KEV) list, while acknowledging past concepts like Section 9 designations as ineffective.

  • SECURITYMay 23 · 07:23 UTCTHE HACKER NEWS
    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

    CISA has added a critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core to its KEV catalog due to active exploitation. The flaw affects all supported versions of Drupal Core and carries a CVSS score of 6.5.

  • SECURITYApr 29 · 08:46 UTCTHE HACKER NEWS
    CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

    CISA added two actively exploited vulnerabilities to its KEV catalog, affecting ConnectWise ScreenConnect and Microsoft Windows. The flaws, including a path traversal vulnerability (CVE-2024-1708) with a CVSS score of 8.4, are being exploited in the wild.

  • SECURITYApr 21 · 06:23 UTCTHE HACKER NEWS
    CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

    CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws in Cisco Catalyst SD-WAN Manager actively exploited in the wild. The agency set federal deadlines for remediation between April and May 2026, with CVE-2023-27351 highlighted as a high-severity authentication flaw in PaperCut.