<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Senserva: actively-exploited non-Microsoft vulnerabilities (CISA KEV)</title>
<link>https://senserva.com/non-microsoft-cve-tracker.html</link>
<atom:link href="https://senserva.com/feed/non-ms-kev.xml" rel="self" type="application/rss+xml"/>
<description>The newest non-Microsoft CVEs in the CISA Known Exploited Vulnerabilities catalog, with vendor, CVSS, and ransomware flags. From Senserva.</description>
<language>en-us</language>
<lastBuildDate>Tue, 30 Jun 2026 00:00:00 GMT</lastBuildDate>
<ttl>720</ttl>
<item>
<title>SimpleHelp SimpleHelp: SimpleHelp Authentication Bypass Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-48558</link>
<guid isPermaLink="false">kev-CVE-2026-48558</guid>
<pubDate>Mon, 29 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-48558, CVSS 10. Actively exploited (CISA KEV), added 2026-06-29.</description>
</item>
<item>
<title>Cisco Unified Communications Manager: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-20230</link>
<guid isPermaLink="false">kev-CVE-2026-20230</guid>
<pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-20230, CVSS 8.6. Actively exploited (CISA KEV), added 2026-06-25.</description>
</item>
<item>
<title>PTC Windchill and FlexPLM: PTC Windchill and FlexPLM Improper Input Validation Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-12569</link>
<guid isPermaLink="false">kev-CVE-2026-12569</guid>
<pubDate>Thu, 25 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-12569, CVSS 9.8. Actively exploited (CISA KEV), added 2026-06-25.</description>
</item>
<item>
<title>Ubiquiti UniFi OS: Ubiquiti UniFi OS Improper Input Validation Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-34910</link>
<guid isPermaLink="false">kev-CVE-2026-34910</guid>
<pubDate>Tue, 23 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-34910, CVSS 10. Actively exploited (CISA KEV), added 2026-06-23.</description>
</item>
<item>
<title>Ubiquiti UniFi OS: Ubiquiti UniFi OS Improper Access Control Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-34908</link>
<guid isPermaLink="false">kev-CVE-2026-34908</guid>
<pubDate>Tue, 23 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-34908, CVSS 10. Actively exploited (CISA KEV), added 2026-06-23.</description>
</item>
<item>
<title>Ubiquiti UniFi OS: Ubiquiti UniFi OS Path Traversal Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-34909</link>
<guid isPermaLink="false">kev-CVE-2026-34909</guid>
<pubDate>Tue, 23 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-34909, CVSS 10. Actively exploited (CISA KEV), added 2026-06-23.</description>
</item>
<item>
<title>Lantronix EDS5000: Lantronix EDS5000 Code Injection Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2025-67038</link>
<guid isPermaLink="false">kev-CVE-2025-67038</guid>
<pubDate>Tue, 23 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2025-67038, CVSS 9.8. Actively exploited (CISA KEV), added 2026-06-23.</description>
</item>
<item>
<title>Splunk Enterprise: Splunk Enterprise Missing Authentication for Critical Function Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-20253</link>
<guid isPermaLink="false">kev-CVE-2026-20253</guid>
<pubDate>Thu, 18 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-20253, CVSS 9.8. Actively exploited (CISA KEV), added 2026-06-18.</description>
</item>
<item>
<title>Widget Factory Joomla Content Editor: Widget Factory Joomla Content Editor Improper Access Control Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-48907</link>
<guid isPermaLink="false">kev-CVE-2026-48907</guid>
<pubDate>Tue, 16 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-48907, CVSS 9.8. Actively exploited (CISA KEV), added 2026-06-16.</description>
</item>
<item>
<title>Cisco Catalyst SD-WAN Manager: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-20262</link>
<guid isPermaLink="false">kev-CVE-2026-20262</guid>
<pubDate>Mon, 15 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-20262, CVSS 6.5. Actively exploited (CISA KEV), added 2026-06-15.</description>
</item>
<item>
<title>LiteSpeed cPanel Plugin: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-54420</link>
<guid isPermaLink="false">kev-CVE-2026-54420</guid>
<pubDate>Mon, 15 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-54420, CVSS 8.5. Actively exploited (CISA KEV), added 2026-06-15.</description>
</item>
<item>
<title>Oracle PeopleSoft Enterprise PeopleTools: Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-35273</link>
<guid isPermaLink="false">kev-CVE-2026-35273</guid>
<pubDate>Fri, 12 Jun 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2026-35273, CVSS 9.8, ransomware-linked. Actively exploited (CISA KEV), added 2026-06-12.</description>
</item>
<item>
<title>Ivanti Sentry: Ivanti Sentry OS Command Injection Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-10520</link>
<guid isPermaLink="false">kev-CVE-2026-10520</guid>
<pubDate>Thu, 11 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-10520, CVSS 10. Actively exploited (CISA KEV), added 2026-06-11.</description>
</item>
<item>
<title>Cisco Catalyst SD-WAN Manager: Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-20245</link>
<guid isPermaLink="false">kev-CVE-2026-20245</guid>
<pubDate>Tue, 09 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-20245, CVSS 7.8. Actively exploited (CISA KEV), added 2026-06-09.</description>
</item>
<item>
<title>Google Chromium V8: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-11645</link>
<guid isPermaLink="false">kev-CVE-2026-11645</guid>
<pubDate>Tue, 09 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-11645, CVSS 8.8. Actively exploited (CISA KEV), added 2026-06-09.</description>
</item>
<item>
<title>Arista Extensible Operating System: Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-7473</link>
<guid isPermaLink="false">kev-CVE-2026-7473</guid>
<pubDate>Tue, 09 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-7473, CVSS 5.8. Actively exploited (CISA KEV), added 2026-06-09.</description>
</item>
<item>
<title>BerriAI LiteLLM: BerriAI LiteLLM Command Injection Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-42271</link>
<guid isPermaLink="false">kev-CVE-2026-42271</guid>
<pubDate>Mon, 08 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-42271, CVSS 8.8. Actively exploited (CISA KEV), added 2026-06-08.</description>
</item>
<item>
<title>Check Point Security Gateway: Check Point Security Gateway Improper Authentication Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-50751</link>
<guid isPermaLink="false">kev-CVE-2026-50751</guid>
<pubDate>Mon, 08 Jun 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2026-50751, CVSS 9.3, ransomware-linked. Actively exploited (CISA KEV), added 2026-06-08.</description>
</item>
<item>
<title>SolarWinds Serv-U: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-28318</link>
<guid isPermaLink="false">kev-CVE-2026-28318</guid>
<pubDate>Fri, 05 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-28318, CVSS 7.5. Actively exploited (CISA KEV), added 2026-06-05.</description>
</item>
<item>
<title>Mirasvit Mirasvit Full Page Cache Warmer: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-45247</link>
<guid isPermaLink="false">kev-CVE-2026-45247</guid>
<pubDate>Wed, 03 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-45247, CVSS 9.8. Actively exploited (CISA KEV), added 2026-06-03.</description>
</item>
<item>
<title>Linux Kernel: Linux Kernel Improper Authentication Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2022-0492</link>
<guid isPermaLink="false">kev-CVE-2022-0492</guid>
<pubDate>Tue, 02 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2022-0492, CVSS 7.8. Actively exploited (CISA KEV), added 2026-06-02.</description>
</item>
<item>
<title>Android Framework: Android Framework Integer Overflow Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2025-48595</link>
<guid isPermaLink="false">kev-CVE-2025-48595</guid>
<pubDate>Tue, 02 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2025-48595, CVSS 8.4. Actively exploited (CISA KEV), added 2026-06-02.</description>
</item>
<item>
<title>Oracle WebLogic Server: Oracle WebLogic Server Unspecified Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2024-21182</link>
<guid isPermaLink="false">kev-CVE-2024-21182</guid>
<pubDate>Mon, 01 Jun 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2024-21182, CVSS 7.5. Actively exploited (CISA KEV), added 2026-06-01.</description>
</item>
<item>
<title>Palo Alto Networks PAN-OS: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-0257</link>
<guid isPermaLink="false">kev-CVE-2026-0257</guid>
<pubDate>Fri, 29 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-0257, CVSS 9.1. Actively exploited (CISA KEV), added 2026-05-29.</description>
</item>
<item>
<title>TanStack TanStack: TanStack Unspecified Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-45321</link>
<guid isPermaLink="false">kev-CVE-2026-45321</guid>
<pubDate>Wed, 27 May 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2026-45321, CVSS 9.6, ransomware-linked. Actively exploited (CISA KEV), added 2026-05-27.</description>
</item>
<item>
<title>Nx Nx Console: Nx Console Embedded Malicious Code Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-48027</link>
<guid isPermaLink="false">kev-CVE-2026-48027</guid>
<pubDate>Wed, 27 May 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2026-48027, CVSS 9.8, ransomware-linked. Actively exploited (CISA KEV), added 2026-05-27.</description>
</item>
<item>
<title>Daemon Daemon Tools Lite: Daemon Tools Lite Embedded Malicious Code Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-8398</link>
<guid isPermaLink="false">kev-CVE-2026-8398</guid>
<pubDate>Wed, 27 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-8398, CVSS 9.8. Actively exploited (CISA KEV), added 2026-05-27.</description>
</item>
<item>
<title>LiteSpeed cPanel Plugin: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-48172</link>
<guid isPermaLink="false">kev-CVE-2026-48172</guid>
<pubDate>Tue, 26 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-48172, CVSS 9.8. Actively exploited (CISA KEV), added 2026-05-26.</description>
</item>
<item>
<title>Drupal Core: Drupal Core SQL Injection Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-9082</link>
<guid isPermaLink="false">kev-CVE-2026-9082</guid>
<pubDate>Fri, 22 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-9082, CVSS 9.8. Actively exploited (CISA KEV), added 2026-05-22.</description>
</item>
<item>
<title>Langflow Langflow: Langflow Origin Validation Error Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2025-34291</link>
<guid isPermaLink="false">kev-CVE-2025-34291</guid>
<pubDate>Thu, 21 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2025-34291, CVSS 8.8. Actively exploited (CISA KEV), added 2026-05-21.</description>
</item>
<item>
<title>Trend Micro Apex One: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-34926</link>
<guid isPermaLink="false">kev-CVE-2026-34926</guid>
<pubDate>Thu, 21 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-34926, CVSS 6.7. Actively exploited (CISA KEV), added 2026-05-21.</description>
</item>
<item>
<title>Adobe Acrobat and Reader: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2009-3459</link>
<guid isPermaLink="false">kev-CVE-2009-3459</guid>
<pubDate>Wed, 20 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2009-3459, CVSS 8.8. Actively exploited (CISA KEV), added 2026-05-20.</description>
</item>
<item>
<title>Cisco Catalyst SD-WAN: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-20182</link>
<guid isPermaLink="false">kev-CVE-2026-20182</guid>
<pubDate>Thu, 14 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-20182, CVSS 10. Actively exploited (CISA KEV), added 2026-05-14.</description>
</item>
<item>
<title>BerriAI LiteLLM: BerriAI LiteLLM SQL Injection Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-42208</link>
<guid isPermaLink="false">kev-CVE-2026-42208</guid>
<pubDate>Fri, 08 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-42208, CVSS 9.8. Actively exploited (CISA KEV), added 2026-05-08.</description>
</item>
<item>
<title>Ivanti Endpoint Manager Mobile (EPMM): Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-6973</link>
<guid isPermaLink="false">kev-CVE-2026-6973</guid>
<pubDate>Thu, 07 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-6973, CVSS 7.2. Actively exploited (CISA KEV), added 2026-05-07.</description>
</item>
<item>
<title>Palo Alto Networks PAN-OS: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-0300</link>
<guid isPermaLink="false">kev-CVE-2026-0300</guid>
<pubDate>Wed, 06 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-0300, CVSS 9.8. Actively exploited (CISA KEV), added 2026-05-06.</description>
</item>
<item>
<title>Linux Kernel: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-31431</link>
<guid isPermaLink="false">kev-CVE-2026-31431</guid>
<pubDate>Fri, 01 May 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-31431, CVSS 7.8. Actively exploited (CISA KEV), added 2026-05-01.</description>
</item>
<item>
<title>WebPros cPanel &amp; WHM and WP2 (WordPress Squared): WebPros cPanel &amp; WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-41940</link>
<guid isPermaLink="false">kev-CVE-2026-41940</guid>
<pubDate>Thu, 30 Apr 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2026-41940, CVSS 9.8, ransomware-linked. Actively exploited (CISA KEV), added 2026-04-30.</description>
</item>
<item>
<title>ConnectWise ScreenConnect: ConnectWise ScreenConnect Path Traversal Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2024-1708</link>
<guid isPermaLink="false">kev-CVE-2024-1708</guid>
<pubDate>Tue, 28 Apr 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2024-1708, CVSS 8.4, ransomware-linked. Actively exploited (CISA KEV), added 2026-04-28.</description>
</item>
<item>
<title>Samsung MagicINFO 9 Server: Samsung MagicINFO 9 Server Path Traversal Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2024-7399</link>
<guid isPermaLink="false">kev-CVE-2024-7399</guid>
<pubDate>Fri, 24 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2024-7399, CVSS 9.8. Actively exploited (CISA KEV), added 2026-04-24.</description>
</item>
<item>
<title>D-Link DIR-823X: D-Link DIR-823X Command Injection Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2025-29635</link>
<guid isPermaLink="false">kev-CVE-2025-29635</guid>
<pubDate>Fri, 24 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2025-29635, CVSS 7.2. Actively exploited (CISA KEV), added 2026-04-24.</description>
</item>
<item>
<title>SimpleHelp SimpleHelp: SimpleHelp Missing Authorization Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2024-57726</link>
<guid isPermaLink="false">kev-CVE-2024-57726</guid>
<pubDate>Fri, 24 Apr 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2024-57726, CVSS 9.9, ransomware-linked. Actively exploited (CISA KEV), added 2026-04-24.</description>
</item>
<item>
<title>SimpleHelp SimpleHelp: SimpleHelp Path Traversal Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2024-57728</link>
<guid isPermaLink="false">kev-CVE-2024-57728</guid>
<pubDate>Fri, 24 Apr 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2024-57728, CVSS 7.2, ransomware-linked. Actively exploited (CISA KEV), added 2026-04-24.</description>
</item>
<item>
<title>Marimo Marimo: Marimo Remote Code Execution Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-39987</link>
<guid isPermaLink="false">kev-CVE-2026-39987</guid>
<pubDate>Thu, 23 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-39987, CVSS 9.8. Actively exploited (CISA KEV), added 2026-04-23.</description>
</item>
<item>
<title>JetBrains TeamCity: JetBrains TeamCity Relative Path Traversal Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2024-27199</link>
<guid isPermaLink="false">kev-CVE-2024-27199</guid>
<pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2024-27199, CVSS 7.3, ransomware-linked. Actively exploited (CISA KEV), added 2026-04-20.</description>
</item>
<item>
<title>PaperCut NG/MF: PaperCut NG/MF Improper Authentication Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2023-27351</link>
<guid isPermaLink="false">kev-CVE-2023-27351</guid>
<pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
<category>Ransomware</category>
<description>CVE-2023-27351, CVSS 7.5, ransomware-linked. Actively exploited (CISA KEV), added 2026-04-20.</description>
</item>
<item>
<title>Cisco Catalyst SD-WAN Manager: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-20133</link>
<guid isPermaLink="false">kev-CVE-2026-20133</guid>
<pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-20133, CVSS 7.5. Actively exploited (CISA KEV), added 2026-04-20.</description>
</item>
<item>
<title>Cisco Catalyst SD-WAN Manger: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-20122</link>
<guid isPermaLink="false">kev-CVE-2026-20122</guid>
<pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-20122, CVSS 5.4. Actively exploited (CISA KEV), added 2026-04-20.</description>
</item>
<item>
<title>Cisco Catalyst SD-WAN Manager: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-20128</link>
<guid isPermaLink="false">kev-CVE-2026-20128</guid>
<pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-20128, CVSS 7.5. Actively exploited (CISA KEV), added 2026-04-20.</description>
</item>
<item>
<title>Kentico Kentico Xperience: Kentico Xperience Path Traversal Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2025-2749</link>
<guid isPermaLink="false">kev-CVE-2025-2749</guid>
<pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2025-2749, CVSS 7.2. Actively exploited (CISA KEV), added 2026-04-20.</description>
</item>
<item>
<title>Quest KACE Systems Management Appliance (SMA): Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2025-32975</link>
<guid isPermaLink="false">kev-CVE-2025-32975</guid>
<pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2025-32975, CVSS 10. Actively exploited (CISA KEV), added 2026-04-20.</description>
</item>
<item>
<title>Synacor Zimbra Collaboration Suite (ZCS): Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2025-48700</link>
<guid isPermaLink="false">kev-CVE-2025-48700</guid>
<pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2025-48700, CVSS 6.1. Actively exploited (CISA KEV), added 2026-04-20.</description>
</item>
<item>
<title>Apache ActiveMQ: Apache ActiveMQ Improper Input Validation Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-34197</link>
<guid isPermaLink="false">kev-CVE-2026-34197</guid>
<pubDate>Thu, 16 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-34197, CVSS 8.8. Actively exploited (CISA KEV), added 2026-04-16.</description>
</item>
<item>
<title>Fortinet FortiClient EMS: Fortinet FortiClient EMS SQL Injection Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-21643</link>
<guid isPermaLink="false">kev-CVE-2026-21643</guid>
<pubDate>Mon, 13 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-21643, CVSS 9.8. Actively exploited (CISA KEV), added 2026-04-13.</description>
</item>
<item>
<title>Adobe Acrobat: Adobe Acrobat Use-After-Free Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2020-9715</link>
<guid isPermaLink="false">kev-CVE-2020-9715</guid>
<pubDate>Mon, 13 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2020-9715, CVSS 7.8. Actively exploited (CISA KEV), added 2026-04-13.</description>
</item>
<item>
<title>Adobe Acrobat and Reader: Adobe Acrobat and Reader Prototype Pollution Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-34621</link>
<guid isPermaLink="false">kev-CVE-2026-34621</guid>
<pubDate>Mon, 13 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-34621, CVSS 8.6. Actively exploited (CISA KEV), added 2026-04-13.</description>
</item>
<item>
<title>Ivanti Endpoint Manager Mobile (EPMM): Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-1340</link>
<guid isPermaLink="false">kev-CVE-2026-1340</guid>
<pubDate>Wed, 08 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-1340, CVSS 9.8. Actively exploited (CISA KEV), added 2026-04-08.</description>
</item>
<item>
<title>Fortinet FortiClient EMS: Fortinet FortiClient EMS Improper Access Control Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-35616</link>
<guid isPermaLink="false">kev-CVE-2026-35616</guid>
<pubDate>Mon, 06 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-35616, CVSS 9.8. Actively exploited (CISA KEV), added 2026-04-06.</description>
</item>
<item>
<title>TrueConf Client: TrueConf Client Download of Code Without Integrity Check Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-3502</link>
<guid isPermaLink="false">kev-CVE-2026-3502</guid>
<pubDate>Thu, 02 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-3502, CVSS 7.8. Actively exploited (CISA KEV), added 2026-04-02.</description>
</item>
<item>
<title>Google Dawn: Google Dawn Use-After-Free Vulnerability</title>
<link>https://nvd.nist.gov/vuln/detail/CVE-2026-5281</link>
<guid isPermaLink="false">kev-CVE-2026-5281</guid>
<pubDate>Wed, 01 Apr 2026 00:00:00 GMT</pubDate>
<category>Exploited</category>
<description>CVE-2026-5281, CVSS 8.8. Actively exploited (CISA KEV), added 2026-04-01.</description>
</item>
</channel>
</rss>
