Known Exploited Vulnerabilities and counting....

A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.

Woman Looking at Computer Screen

CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.

Search Known Exploits

Search for CVEs by vendor to identify known exploited vulnerabilities in your environment

Loading vendors...

Upcoming Patch Due Dates

via Binding Operational Directive 22-01

(BOD) 22-01 is a directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) in the United States to federal agencies and federal contractors in order to improve their cybersecurity practices. It provides a set of guidelines and requirements that these agencies and contractors must follow to increase their defenses against cyber threats.

Loading...

News Logo

Cyber Security News

You may have missed...

📌 Pinned

*

https:betanews.comMar 5

Inside a cyberattack: How hackers steal data

The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...

Read more →
https://cybernews.comMar 27

Hackers steal data from European Commission in AWS cloud breach

The European Commission discovered a cyberattack on March 24, 2026 affecting its AWS-hosted Europa.eu platform, with threat actors allegedly stealing ...

Read more →
https://cloud.google.comApr 1

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

Google Threat Intelligence Group attributes the Axios npm supply chain attack to UNC1069, a North Korea-nexus threat actor, which deployed the WAVESHA...

Read more →
https://www.paloaltonetworks.comMar 26

When Security Scanners Become the Weapon: Breaking Down the Trivy Supply Chain Attack

On March 19, 2026, Aqua Security's Trivy vulnerability scanner was compromised in a sophisticated multi-phase supply chain attack by TeamPCP that comb...

Read more →
https://www.bleepingcomputer.comMar 31

Dutch Finance Ministry takes treasury banking portal offline after breach

The Dutch Ministry of Finance took systems offline including the treasury banking portal while investigating a cyberattack detected on March 19, 2026 ...

Read more →
https://socradar.ioMar 31

Trivy-Linked Cisco Breach & ShinyHunters' Stolen Data Claim

ShinyHunters published an extortion post on March 31, 2026 claiming responsibility for the Cisco breach and alleging theft of over 3 million Salesforc...

Read more →
https://www.microsoft.comApr 1

Mitigating the Axios npm supply chain compromise

Microsoft attributes the Axios npm package compromise to North Korean state actor Sapphire Sleet, which deployed malicious versions that downloaded a ...

Read more →
https://digitalforensicsmagazine.comApr 1

CISA Orders Federal Agencies to Patch Actively Exploited Citrix NetScaler Flaw

CISA ordered U.S. federal agencies to patch the actively exploited Citrix NetScaler vulnerability CVE-2026-3055 by Thursday after defenders linked it ...

Read more →
https://www.macworld.comApr 2

Apple pushes rare iOS update for newer iPhones to address DarkSword hack | Macworld

In summary: Apple released an unprecedented iOS 18.7.7 security update for all iPhones to counter the critical DarkSword hacking tool threat. Macworld...

Read more →

Updated daily

TOP SITES

Cyber_Comply © 2021-25