This repository provides an up-to-date JSON and RSS feed of the Known Exploited Vulnerabilities (KEV) catalog maintained by CISA.
🕒 Last Updated: 2026-01-23 10:14:08 UTC
🕕 Kathmandu Time: 2026-01-23 15:59:08 NPT
| CVE ID | Vulnerability Name | Description |
|---|---|---|
| CVE-2025-68645 | Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability | Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory. |
| CVE-2025-34026 | Versa Concerto Improper Authentication Vulnerability | Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs. |
| CVE-2025-31125 | Vite Vitejs Improper Access Control Vulnerability | Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. |
| CVE-2025-54313 | Prettier eslint-config-prettier Embedded Malicious Code Vulnerability | Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows. |
- URL: CISA KEV JSON Feed
- This feed follows the JSON Feed format.
- URL: CISA KEV RSS Feed
- This RSS feed is useful for integrating with FreshRSS, RSS readers, and automation tools.
If you find any issues or have suggestions, feel free to open an issue or submit a pull request.