This repository provides an up-to-date JSON and RSS feed of the Known Exploited Vulnerabilities (KEV) catalog maintained by CISA.
🕒 Last Updated: 2026-02-13 10:28:46 UTC
🕕 Kathmandu Time: 2026-02-13 16:13:46 NPT
| CVE ID | Vulnerability Name | Description |
|---|---|---|
| CVE-2026-20700 | Apple Multiple Buffer Overflow Vulnerability | Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. |
| CVE-2024-43468 | Microsoft Configuration Manager SQL Injection Vulnerability | Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database. |
| CVE-2025-15556 | Notepad++ Download of Code Without Integrity Check Vulnerability | Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user. |
| CVE-2025-40536 | SolarWinds Web Help Desk Security Control Bypass Vulnerability | SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. |
- URL: CISA KEV JSON Feed
- This feed follows the JSON Feed format.
- URL: CISA KEV RSS Feed
- This RSS feed is useful for integrating with FreshRSS, RSS readers, and automation tools.
If you find any issues or have suggestions, feel free to open an issue or submit a pull request.
