KEV Tracker

All vulnerabilities covered by Vuln Brief that appear in the CISA Known Exploited Vulnerabilities catalogue — sorted by analysis date.

What is the CISA KEV Catalogue?

The CISA Known Exploited Vulnerabilities (KEV) catalogue is the authoritative source of CVEs that have been confirmed exploited in the wild against real-world targets. Maintained by the U.S. Cybersecurity and Infrastructure Security Agency, it's the gold standard for vulnerability prioritisation — if a CVE is in the KEV catalogue, attackers are actively using it.

Federal civilian agencies are required to remediate KEV entries within tight deadlines. Private sector organisations should treat KEV entries with the same urgency. Vuln Brief provides the technical depth needed to understand what each vulnerability actually does and how to remediate it effectively.

Source: CISA KEV Catalogue →

Total Analysed 8
Critical Severity 4
High Severity 4
Patches Available 8
Severity: 8 entries

All Covered KEV Entries

CISA KEV source →
CVE ID Title Vendor Product Severity CVSS Patch Published Analysis
CVE-2024-1708 CVE-2024-1708: ConnectWise ScreenConnect Path Traversal — RMM Tools as Attack Vectors ConnectWise ScreenConnect Critical 9.8 Yes Read →
CVE-2026-20182 CVE-2026-20182: Cisco Catalyst SD-WAN Authentication Bypass — Unauthenticated Admin Access Cisco Catalyst SD-WAN Controller & Manager Critical 9.8 Yes Read →
CVE-2026-31431 CVE-2026-31431: Linux Kernel Privilege Escalation via Incorrect Resource Transfer Linux Linux Kernel High 7.8 Yes Read →
CVE-2026-41940 CVE-2026-41940: cPanel & WHM Authentication Bypass — Unauthenticated Control Panel Access WebPros cPanel & WHM Critical 9.8 Yes Read →
CVE-2026-0300 CVE-2026-0300: Palo Alto PAN-OS Out-of-Bounds Write Leads to Root RCE on Firewalls Palo Alto Networks PAN-OS Critical 9.8 Yes Read →
CVE-2026-42208 CVE-2026-42208: SQL Injection in BerriAI LiteLLM Exposes AI Proxy Credentials BerriAI LiteLLM High 8.1 Yes Read →
CVE-2026-6973 CVE-2026-6973: Ivanti EPMM Improper Input Validation Enables Authenticated RCE Ivanti Endpoint Manager Mobile (EPMM) High 7.2 Yes Read →
CVE-2026-42897 CVE-2026-42897: Microsoft Exchange Server XSS in Outlook Web Access Microsoft Exchange Server High 8 Yes Read →

No entries match your search.