All patch & vulnerability trackers

Vulnerabilities exploited this week

Every CVE that crossed from theoretical to confirmed exploited in the wild in the last 7 days: the newest CISA KEV catalog additions for July 2026, all vendors, enriched with CVSS and EPSS and flagged for ransomware use. Updated today and every day, four times daily, free, no sign-in.

Treat it as your today-view of the vendor security advisories that actually matter: if a CVE is on this page, someone is exploiting it right now, whether it lives in Cisco IOS XE, PAN-OS, Fortinet, Windows, or a package deep in your stack.

AI patch management: put your own AI on this data

All 1,250+ exploited CVEs By vendor Microsoft patches CVE reference Patch Tuesday All trackers

Added to CISA KEV in the last 7 days

Take this week to your AI

Generated from this week's actual KEV additions, refreshed daily. Copy it into Claude, ChatGPT, or Copilot. Free, no sign-in.

The rest of the last 30 days

Full catalog, searchable with EPSS ranking and CISA due dates: the exploited-CVE tracker. Microsoft entries link to their CVE pages with the fixing KB.

Authoritative references

The primary sources this page is built from, and the ones worth bookmarking alongside it.

Frequently asked questions

Which vulnerabilities are being exploited this week?

The list above shows every CVE added to the CISA Known Exploited Vulnerabilities (KEV) catalog in the last 7 days, across all vendors. KEV means exploitation in the wild has been confirmed by CISA, not just predicted. The page refreshes four times daily.

What does it mean when a vulnerability is added to CISA KEV?

CISA has confirmed active exploitation and, for U.S. federal agencies, sets a remediation due date. For everyone else it is the strongest fix-first signal available: attackers are using it right now.

How is exploited this week different from a new CVE?

Thousands of CVEs are published every month, but only a small fraction are ever exploited. This page tracks the moment a CVE crosses from theoretical to actively exploited, which is usually when it should jump the patch queue.

How often is this page updated?

Four times daily from the CISA KEV catalog, enriched with CVSS and EPSS. When CISA adds new entries, they appear here the same day.

What was added to the CISA KEV catalog today?

The cards at the top of this page are the newest CISA KEV catalog additions, each with its date added. The page refreshes four times daily, so entries CISA adds today appear here the same day, with CVSS, EPSS, and ransomware context attached.

Which vendors show up most in the KEV catalog?

Cisco (including IOS XE and Identity Services Engine), Microsoft, Apple, Adobe, Google, Palo Alto Networks (PAN-OS), Fortinet, and Ivanti (including Pulse Connect Secure) are recurring names. Live per-vendor counts and a searchable list are on the exploited-CVE tracker.

Is there a CISA KEV JSON feed I can use?

CISA publishes the official KEV catalog as JSON and CSV on cisa.gov. Senserva also provides free JSON and RSS feeds of the enriched data, EPSS-ranked with no login, on the feeds page.

Is this the same as CISA's Top Routinely Exploited Vulnerabilities advisory?

No. That is an annual joint advisory listing the CVEs most exploited during a past year (the 2023 edition is the best known). This page tracks the live CISA KEV catalog: the moment a CVE is confirmed exploited, it is added and appears here. Both are CISA exploitation signals; this one moves daily.

Can I use this data with my own AI?

Yes. A free copy-paste AI prompt below the list is generated from this week's actual additions and carries the CVE names, vendors, CVSS, EPSS, and ransomware use into Claude, ChatGPT, or Copilot for triage in your own words.

Sponsored by Senserva

Siemserva by Senserva reports patch status for your own devices: which ones are missing the updates on this page, ranked by what attackers actually exploit.

  • Patch status in one scan: which devices are affected, which are not
  • Missing updates ranked by CISA KEV and EPSS, so you fix the right things first
  • Data from Intune, Microsoft Defender, Windows Autopatch, and Azure Update Manager, with more sources on the way
  • Third-party app patching too: updates published to Intune by PatchMyPC, Scappman, Robopack, or any vendor, read vendor-neutrally
  • Optional AI Enhanced Reporting: plain-language summaries and recommended next steps written into your reports
  • Then go further: 650+ security checks, compliance evidence, and Senserva Trustworthy AI driven configuration remediation
Get Going with Senserva Senserva patching Built for IT admins and security teams, with audit-ready data for compliance. Senserva is a Microsoft Intelligent Security Association member.

Reference: the Microsoft patching guide, how Intune, Windows Autopatch, Defender, and Azure Update Manager fit together.

Data notice: this page is provided as is, for informational purposes only, without warranty of any kind. Senserva, LLC does not guarantee the accuracy, completeness, or timeliness of third-party data (CISA KEV, NVD, EPSS) and accepts no liability for actions taken based on it; verify against the authoritative vendor advisory before acting. All use of this data is subject to the Senserva EULA.