Skip to content

Commit 264caa1

Browse files
aboutcode-automationaboutcode-automation
committed
Update KEV: Sat Mar 21 00:17:26 UTC 2026
Signed-off-by: AboutCode Automation <automation@aboutcode.org>
1 parent aa20baf commit 264caa1

1 file changed

Lines changed: 78 additions & 3 deletions

File tree

known_exploited_vulnerabilities.json

Lines changed: 78 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,84 @@
11
{
22
"title": "CISA Catalog of Known Exploited Vulnerabilities",
3-
"catalogVersion": "2026.03.19",
4-
"dateReleased": "2026-03-19T15:13:53.6798Z",
5-
"count": 1546,
3+
"catalogVersion": "2026.03.20",
4+
"dateReleased": "2026-03-20T15:03:55.6382Z",
5+
"count": 1551,
66
"vulnerabilities": [
7+
{
8+
"cveID": "CVE-2025-32432",
9+
"vendorProject": "Craft CMS",
10+
"product": "Craft CMS",
11+
"vulnerabilityName": "Craft CMS Code Injection Vulnerability",
12+
"dateAdded": "2026-03-20",
13+
"shortDescription": "Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.",
14+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
15+
"dueDate": "2026-04-03",
16+
"knownRansomwareCampaignUse": "Unknown",
17+
"notes": "https:\/\/craftcms.com\/knowledge-base\/craft-cms-cve-2025-32432 ; https:\/\/github.com\/craftcms\/cms\/security\/advisories\/GHSA-f3gw-9ww9-jmc3 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32432",
18+
"cwes": [
19+
"CWE-94"
20+
]
21+
},
22+
{
23+
"cveID": "CVE-2025-54068",
24+
"vendorProject": "Laravel",
25+
"product": "Livewire",
26+
"vulnerabilityName": "Laravel Livewire Code Injection Vulnerability",
27+
"dateAdded": "2026-03-20",
28+
"shortDescription": "Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.",
29+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
30+
"dueDate": "2026-04-03",
31+
"knownRansomwareCampaignUse": "Unknown",
32+
"notes": "https:\/\/github.com\/livewire\/livewire\/security\/advisories\/GHSA-29cq-5w36-x7w3 ; https:\/\/github.com\/livewire\/livewire\/commit\/ef04be759da41b14d2d129e670533180a44987dc ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-54068",
33+
"cwes": [
34+
"CWE-94"
35+
]
36+
},
37+
{
38+
"cveID": "CVE-2025-43510",
39+
"vendorProject": "Apple",
40+
"product": "Multiple Products",
41+
"vulnerabilityName": "Apple Multiple Products Improper Locking Vulnerability",
42+
"dateAdded": "2026-03-20",
43+
"shortDescription": "Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.",
44+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
45+
"dueDate": "2026-04-03",
46+
"knownRansomwareCampaignUse": "Unknown",
47+
"notes": "https:\/\/support.apple.com\/en-us\/125632 ; https:\/\/support.apple.com\/en-us\/125633 ; https:\/\/support.apple.com\/en-us\/125634 ; https:\/\/support.apple.com\/en-us\/125635 ; https:\/\/support.apple.com\/en-us\/125636 ; https:\/\/support.apple.com\/en-us\/125637 ; https:\/\/support.apple.com\/en-us\/125638 ; https:\/\/support.apple.com\/en-us\/125639 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-43510",
48+
"cwes": [
49+
"CWE-667"
50+
]
51+
},
52+
{
53+
"cveID": "CVE-2025-43520",
54+
"vendorProject": "Apple",
55+
"product": "Multiple Products",
56+
"vulnerabilityName": "Apple Multiple Products Classic Buffer Overflow Vulnerability",
57+
"dateAdded": "2026-03-20",
58+
"shortDescription": "Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.",
59+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
60+
"dueDate": "2026-04-03",
61+
"knownRansomwareCampaignUse": "Unknown",
62+
"notes": "https:\/\/support.apple.com\/en-us\/125632 ; https:\/\/support.apple.com\/en-us\/125633 ; https:\/\/support.apple.com\/en-us\/125634 ; https:\/\/support.apple.com\/en-us\/125635 ; https:\/\/support.apple.com\/en-us\/125636 ; https:\/\/support.apple.com\/en-us\/125637 ; https:\/\/support.apple.com\/en-us\/125638 ; https:\/\/support.apple.com\/en-us\/125639 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-43520",
63+
"cwes": [
64+
"CWE-120"
65+
]
66+
},
67+
{
68+
"cveID": "CVE-2025-31277",
69+
"vendorProject": "Apple",
70+
"product": "Multiple Products",
71+
"vulnerabilityName": "Apple Multiple Products Buffer Overflow Vulnerability",
72+
"dateAdded": "2026-03-20",
73+
"shortDescription": "Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.",
74+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
75+
"dueDate": "2026-04-03",
76+
"knownRansomwareCampaignUse": "Unknown",
77+
"notes": "https:\/\/support.apple.com\/en-us\/124147 ; https:\/\/support.apple.com\/en-us\/124149 ; https:\/\/support.apple.com\/en-us\/124152 ; https:\/\/support.apple.com\/en-us\/124153 ; https:\/\/support.apple.com\/en-us\/124155 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31277",
78+
"cwes": [
79+
"CWE-119"
80+
]
81+
},
782
{
883
"cveID": "CVE-2026-20131",
984
"vendorProject": "Cisco",

0 commit comments

Comments
 (0)