Known Exploited Vulnerabilities (KEV)

CISA Catalog

Known Exploited Vulnerabilities

· Live CISA DataCISA KEV catalog — vulnerabilities with active exploitation requiring federal remediation

Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.

KEV Entries

1,619

Ransomware Use

327

Overdue

1,615

Vendors

266

Products

655

3 results · Page 1/1

CVE-2025-54068Overdue

Due: 2026-04-03
Added: 2026-03-20

Laravel Livewire Code Injection Vulnerability

Laravel · Livewire

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2018-15133Overdue

Due: 2024-02-06
Added: 2024-01-16

Laravel Deserialization of Untrusted Data Vulnerability

Laravel · Laravel Framework

Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable).

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2021-3129RansomwareOverdue

Due: 2023-10-09
Added: 2023-09-18

Laravel Ignition File Upload Vulnerability

Laravel · Ignition

Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.