🎯 KEV Tracker

CISA Known Exploited Vulnerabilities — updated daily · Catalog date: 2026-07-01T19:00:06.9016Z

1631
Total KEV CVEs
20
Added last 30 days
2
Recent w/ ransomware use
1
Remediation due ≤14 days

Added in the Last 30 Days

CVEVendor / ProductVulnerabilityAddedDue
CVE-2026-45659Microsoft SharePoint ServerMicrosoft SharePoint Server Deserialization of Untrusted Data Vulnerability 2026-07-012026-07-04
CVE-2026-48558SimpleHelp SimpleHelpSimpleHelp Authentication Bypass Vulnerability 2026-06-292026-07-02
CVE-2026-12569PTC Windchill and FlexPLMPTC Windchill and FlexPLM Improper Input Validation Vulnerability 2026-06-252026-06-28
CVE-2026-20230Cisco Unified Communications ManagerCisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability 2026-06-252026-06-28
CVE-2025-67038Lantronix EDS5000Lantronix EDS5000 Code Injection Vulnerability 2026-06-232026-06-26
CVE-2026-34910Ubiquiti UniFi OSUbiquiti UniFi OS Improper Input Validation Vulnerability 2026-06-232026-06-26
CVE-2026-34909Ubiquiti UniFi OSUbiquiti UniFi OS Path Traversal Vulnerability 2026-06-232026-06-26
CVE-2026-34908Ubiquiti UniFi OSUbiquiti UniFi OS Improper Access Control Vulnerability 2026-06-232026-06-26
CVE-2026-20253Splunk EnterpriseSplunk Enterprise Missing Authentication for Critical Function Vulnerability 2026-06-182026-06-21
CVE-2026-48907Widget Factory Joomla Content Editor Widget Factory Joomla Content Editor Improper Access Control Vulnerability 2026-06-162026-06-19
CVE-2026-54420LiteSpeed cPanel PluginLiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability 2026-06-152026-06-18
CVE-2026-20262Cisco Catalyst SD-WAN ManagerCisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability 2026-06-152026-06-29
CVE-2026-35273Oracle PeopleSoft Enterprise PeopleToolsOracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability RANSOMWARE2026-06-122026-06-15
CVE-2026-10520Ivanti SentryIvanti Sentry OS Command Injection Vulnerability 2026-06-112026-06-14
CVE-2026-11645Google Chromium V8Google Chromium V8 Out-of-Bounds Read and Write Vulnerability 2026-06-092026-06-23
CVE-2026-7473Arista Extensible Operating SystemArista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability 2026-06-092026-06-23
CVE-2026-20245Cisco Catalyst SD-WAN ManagerCisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability 2026-06-092026-06-23
CVE-2026-42271BerriAI LiteLLMBerriAI LiteLLM Command Injection Vulnerability 2026-06-082026-06-22
CVE-2026-50751Check Point Security GatewayCheck Point Security Gateway Improper Authentication Vulnerability RANSOMWARE2026-06-082026-06-11
CVE-2026-28318SolarWinds Serv-USolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability 2026-06-052026-06-19

Remediation Due Within 14 Days

CVEVendor / ProductVulnerabilityAddedDue
CVE-2026-45659Microsoft SharePoint ServerMicrosoft SharePoint Server Deserialization of Untrusted Data Vulnerability 2026-07-012026-07-04

Monthly Addition Logs

2026-07

Data: official CISA KEV catalog. CVEs listed here are confirmed exploited in the wild — patch these first. Due dates are CISA BOD 22-01 deadlines for US federal agencies, and a strong prioritisation signal for everyone else.