Would you know if a tool in your stack is under active attack?
patchletter watches CISA's catalog of actively exploited vulnerabilities (KEV) and emails you the moment a tool you track is affected. Free, no account.
Actively exploited — right now in the catalog
| Tool | CVE | Vulnerability | In KEV since | |
|---|---|---|---|---|
| CVE-2026-34908 | Ubiquiti UniFi OS Improper Access Control Vulnerability | 23 Jun | → | |
| CVE-2026-34909 | Ubiquiti UniFi OS Path Traversal Vulnerability | 23 Jun | → | |
| CVE-2026-34910 | Ubiquiti UniFi OS Improper Input Validation Vulnerability | 23 Jun | → | |
| CVE-2026-0257 | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability | 29 May | → | |
| CVE-2026-0300 | Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability | 6 May | → | |
| CVE-2023-21529Ransomware | Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability | 13 Apr | → | |
| CVE-2025-68613 | n8n Improper Control of Dynamically-Managed Code Resources Vulnerability | 11 Mar | → | |
| CVE-2021-22175 | GitLab Server-Side Request Forgery (SSRF) Vulnerability | 18 Feb | → | |
| CVE-2021-43798 | Grafana Path Traversal Vulnerability | 9 Oct 25 | → | |
| CVE-2025-48384 | Git Link Following Vulnerability | 25 Aug 25 | → | |
| CVE-2019-6693Ransomware | Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability | 25 Jun 25 | → | |
| CVE-2025-0111 | Palo Alto Networks PAN-OS File Read Vulnerability | 20 Feb 25 | → |
Source: CISA KEV · updated daily · 67 actively exploited vulnerabilities across 20 tools, 25 ransomware-linked
Last updated:
How CVE tracking works
CISA KEV, watched daily
We match the KEV catalog — only vulnerabilities proven to be actively exploited — against the tools in the catalog every day.
Email alert when affected
When a new KEV vulnerability affects a tool you subscribe to, you get an email right away — one-click unsubscribe.
Context per tool
On each tool page you see the actively exploited vulnerabilities, a ransomware flag, and the link to the NVD entry.
Why KEV, not the CVE flood
There are tens of thousands of CVEs — very few are ever exploited. CISA's KEV catalog lists only those proven to be under active attack. Those are the ones you want to see first. patchletter doesn't scan your systems — it tells you which of the tools you track are affected, so you can check your installed version.
Frequently asked questions
What is the CISA KEV catalog?
The US agency CISA's Known Exploited Vulnerabilities catalog: a curated list of vulnerabilities proven to be actively exploited in the wild. Far less noise than the full set of CVEs.
Do I get an email when a tool is affected?
Yes. If you subscribe to a tool, you get an email as soon as a new actively exploited vulnerability (KEV) affects it — one click to unsubscribe.
Do you scan my systems?
No. We match the KEV catalog against the tools you track, at the product level. Use the linked CVE entry to check whether your installed version is affected.
Why only KEV and not every CVE?
KEV is low-noise and shows real, present danger. Full CVE coverage with CVSS scores is planned, but not live yet.
What does it cost?
Nothing. All you need is an email address to subscribe to tools.
Know the moment it hits your tools
Pick your software in the catalogue — you'll get an email when a new actively exploited vulnerability affects it.
Subscribe to a tool