Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 44
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-34291 in Langflow and CVE-2026-34926 in Trend Micro Apex One to the KEV catalog after evidence of active exploitation. The Langflow flaw can lead to arbitrary code execution and full system compromise, while the Apex One flaw can enable malicious code injection on affected installations. FCEB agencies must apply fixes by June 4, 2026.

Related Happenings

Apex One on-premises server directory traversal zero-day (CVE-2026-34926)

Vulnerability
First: 22.05.2026 16:39 Last: 22.05.2026 16:39 Sources 1

About this happening: **CVE-2026-34926** is a **Trend Micro Apex One** **on-premises** directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected **agents...

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

CISA adds two Roundcube flaws to KEV catalog

Public Sector Action
First: 21.02.2026 09:21 Last: 21.02.2026 09:21 Sources 1

About this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...

Open Happening

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
First: 18.02.2026 08:52 Last: 18.02.2026 08:52 Sources 1

About this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...

Open Happening

Timeline

  1. 22.05.2026 08:47 2 articles · 5d ago

    CISA adds exploited Langflow and Trend Micro Apex One flaws to KEV

    Legal Policy Action Update

    CISA added CVE-2025-34291 in Langflow and CVE-2026-34926 in on-premise Trend Micro Apex One to the KEV catalog after evidence of active exploitation. CVE-2025-34291 is an origin validation error that can enable arbitrary code execution and full system compromise, while CVE-2026-34926 is a directory traversal flaw that can let a pre-authenticated local attacker modify a key table on the server and inject malicious code to deploy to agents on affected installations. Federal Civilian Executive Branch agencies must apply the necessary fixes by June 4, 2026.

    Show sources
    Open in new tab