CISA KEV remediation order for five exploited Apple, Craft CMS, and Laravel Livewire flaws
Advisory/Mitigation
Summary
Hide ▲
Show ▼
CISA added five exploited flaws affecting Apple, Craft CMS, and Laravel Livewire to the KEV catalog, creating an urgent remediation requirement for federal agencies. The agency directed affected organizations to patch by April 3, 2026 because the weaknesses are already known to be under exploitation. The covered issues include flaws in Apple WebKit, Apple kernel components, Craft CMS, and Laravel Livewire.
Related Happenings
WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)
Vulnerability
H score1
First: 30.06.2026 10:15
Last: 30.06.2026 10:15
Sources 1
About this happening:
**WebKit** now has four patched vulnerabilities, including **CVE-2026-43707**, **CVE-2026-43716**, **CVE-2026-43745**, and **CVE-2026-43715**, that can be triggered by **malicious...
WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **WebKit** now has four patched vulnerabilities, including **CVE-2026-43707**, **CVE-2026-43716**, **CVE-2026-43745**, and **CVE-2026-43715**, that can be triggered by **malicious...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector Action
H score70
First: 17.04.2026 12:30
Last: 17.04.2026 12:30
Sources 1
About this happening:
**CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
NIST CVE/NVD prioritization shift
Public Sector Action
H score35
First: 17.04.2026 00:47
Last: 17.04.2026 00:47
Sources 1
About this happening:
**NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...
NIST CVE/NVD prioritization shift
Public Sector ActionAbout this happening: **NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...
NIST/NVD risk-based CVE enrichment change
Public Sector Action
H score35
First: 16.04.2026 15:43
Last: 16.04.2026 15:43
Sources 1
About this happening:
**NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...
NIST/NVD risk-based CVE enrichment change
Public Sector ActionAbout this happening: **NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...
CISA KEV remediation lag is widening as exploit timelines shrink
Trend
H score54
First: 10.04.2026 17:01
Last: 10.04.2026 17:01
Sources 1
About this happening:
**CISA KEV** remediation lag is widening across **10,000 organizations**, leaving enterprise exposures open longer than attackers need to weaponize them. Critical vulnerabilities...
CISA KEV remediation lag is widening as exploit timelines shrink
TrendAbout this happening: **CISA KEV** remediation lag is widening across **10,000 organizations**, leaving enterprise exposures open longer than attackers need to weaponize them. Critical vulnerabilities...
Timeline
-
21.03.2026 10:25 2 articles · 3mo ago
CISA adds five exploited flaws to KEV catalog
Legal Policy Action UpdateCISA added CVE-2025-31277, CVE-2025-43510, CVE-2025-43520, CVE-2025-32432, and CVE-2025-54068 to the Known Exploited Vulnerabilities (KEV) catalog for Apple WebKit, Apple kernel components, Craft CMS, and Laravel Livewire, and directed federal agencies to patch the flaws by April 3, 2026.
Show sources
- CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 — thehackernews.com — 21.03.2026 10:25
- CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 — thehackernews.com — 21.03.2026 10:25