patchletter

Would you know if a tool in your stack is under active attack?

patchletter watches CISA's catalog of actively exploited vulnerabilities (KEV) and emails you the moment a tool you track is affected. Free, no account.

Actively exploited — right now in the catalog

ToolCVEVulnerabilityIn KEV since
UniFi OS (UDM/UCG)CVE-2026-34908Ubiquiti UniFi OS Improper Access Control Vulnerability23 Jun
UniFi OS (UDM/UCG)CVE-2026-34909Ubiquiti UniFi OS Path Traversal Vulnerability23 Jun
UniFi OS (UDM/UCG)CVE-2026-34910Ubiquiti UniFi OS Improper Input Validation Vulnerability23 Jun
PAN-OSCVE-2026-0257Palo Alto Networks PAN-OS Authentication Bypass Vulnerability29 May
PAN-OSCVE-2026-0300Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability6 May
Exchange ServerCVE-2023-21529RansomwareMicrosoft Exchange Server Deserialization of Untrusted Data Vulnerability13 Apr
n8nCVE-2025-68613n8n Improper Control of Dynamically-Managed Code Resources Vulnerability11 Mar
GitLabCVE-2021-22175GitLab Server-Side Request Forgery (SSRF) Vulnerability18 Feb
GrafanaCVE-2021-43798Grafana Path Traversal Vulnerability9 Oct 25
GitCVE-2025-48384Git Link Following Vulnerability25 Aug 25
FortiOS (FortiGate)CVE-2019-6693RansomwareFortinet FortiOS Use of Hard-Coded Credentials Vulnerability25 Jun 25
PAN-OSCVE-2025-0111Palo Alto Networks PAN-OS File Read Vulnerability20 Feb 25

Source: CISA KEV · updated daily · 67 actively exploited vulnerabilities across 20 tools, 25 ransomware-linked

Last updated:

How CVE tracking works

1

CISA KEV, watched daily

We match the KEV catalog — only vulnerabilities proven to be actively exploited — against the tools in the catalog every day.

2

Email alert when affected

When a new KEV vulnerability affects a tool you subscribe to, you get an email right away — one-click unsubscribe.

3

Context per tool

On each tool page you see the actively exploited vulnerabilities, a ransomware flag, and the link to the NVD entry.

Why KEV, not the CVE flood

There are tens of thousands of CVEs — very few are ever exploited. CISA's KEV catalog lists only those proven to be under active attack. Those are the ones you want to see first. patchletter doesn't scan your systems — it tells you which of the tools you track are affected, so you can check your installed version.

Frequently asked questions

What is the CISA KEV catalog?

The US agency CISA's Known Exploited Vulnerabilities catalog: a curated list of vulnerabilities proven to be actively exploited in the wild. Far less noise than the full set of CVEs.

Do I get an email when a tool is affected?

Yes. If you subscribe to a tool, you get an email as soon as a new actively exploited vulnerability (KEV) affects it — one click to unsubscribe.

Do you scan my systems?

No. We match the KEV catalog against the tools you track, at the product level. Use the linked CVE entry to check whether your installed version is affected.

Why only KEV and not every CVE?

KEV is low-noise and shows real, present danger. Full CVE coverage with CVSS scores is planned, but not live yet.

What does it cost?

Nothing. All you need is an email address to subscribe to tools.

Know the moment it hits your tools

Pick your software in the catalogue — you'll get an email when a new actively exploited vulnerability affects it.

Subscribe to a tool