CISA KEV coverage snapshot

Auto-generated by scripts/refresh-cve-index.py. Re-run with:

scripts/refresh-cve-index.py --markdown --days 180 --max 30 > docs/cve-coverage.md

• CISA KEV catalog version: 2026.05.15
• Total KEV vulnerabilities: 1592
• CVE IDs indexed in this repo: 91

Coverage report (180-day lookback, in-scope vendors only)

• In-scope CVEs: 53
• Already indexed: 0
• Gaps: 53

Top 30 in-scope CVEs NOT indexed (newest first)

Date added	CVE	Vendor	Product	Vulnerability
2026-05-15	CVE-2026-42897	Microsoft	Microsoft	Microsoft Exchange Server Cross-Site Scripting Vulnerability
2026-05-14	CVE-2026-20182	Cisco	Catalyst SD-WAN	Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
2026-05-07	CVE-2026-6973	Ivanti	Endpoint Manager Mobile (EPMM)	Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
2026-05-06	CVE-2026-0300	Palo Alto Networks	PAN-OS	Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
2026-04-30	CVE-2026-41940	WebPros	cPanel & WHM and WP2 (WordPress Squared)	WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Funct
2026-04-28	CVE-2026-32202	Microsoft	Windows	Microsoft Windows Protection Mechanism Failure Vulnerability
2026-04-22	CVE-2026-33825	Microsoft	Defender	Microsoft Defender Insufficient Granularity of Access Control Vulnerability
2026-04-20	CVE-2026-20122	Cisco	Catalyst SD-WAN Manger	Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
2026-04-20	CVE-2026-20133	Cisco	Catalyst SD-WAN Manager	Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor V
2026-04-20	CVE-2026-20128	Cisco	Catalyst SD-WAN Manager	Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
2026-04-16	CVE-2026-34197	Apache	ActiveMQ	Apache ActiveMQ Improper Input Validation Vulnerability
2026-04-14	CVE-2009-0238	Microsoft	Office	Microsoft Office Remote Code Execution
2026-04-14	CVE-2026-32201	Microsoft	SharePoint Server	Microsoft SharePoint Server Improper Input Validation Vulnerability
2026-04-13	CVE-2012-1854	Microsoft	Visual Basic for Applications (VBA)	Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
2026-04-13	CVE-2025-60710	Microsoft	Windows	Microsoft Windows Link Following Vulnerability
2026-04-13	CVE-2023-21529	Microsoft	Exchange Server	Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
2026-04-13	CVE-2023-36424	Microsoft	Windows	Microsoft Windows Out-of-Bounds Read Vulnerability
2026-04-13	CVE-2020-9715	Adobe	Acrobat	Adobe Acrobat Use-After-Free Vulnerability
2026-04-13	CVE-2026-21643	Fortinet	FortiClient EMS	Fortinet FortiClient EMS SQL Injection Vulnerability
2026-04-13	CVE-2026-34621	Adobe	Acrobat and Reader	Adobe Acrobat and Reader Prototype Pollution Vulnerability
2026-04-08	CVE-2026-1340	Ivanti	Endpoint Manager Mobile (EPMM)	Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
2026-04-06	CVE-2026-35616	Fortinet	FortiClient EMS	Fortinet FortiClient EMS Improper Access Control Vulnerability
2026-03-30	CVE-2026-3055	Citrix	NetScaler	Citrix NetScaler Out-of-Bounds Read Vulnerability
2026-03-27	CVE-2025-53521	F5	BIG-IP	F5 BIG-IP Stack-Based Buffer Overflow Vulnerability
2026-03-19	CVE-2026-20131	Cisco	Secure Firewall Management Center (FMC)	Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (S
2026-03-18	CVE-2026-20963	Microsoft	SharePoint	Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
2026-03-09	CVE-2021-22054	Omnissa	Workspace One UEM	Omnissa Workspace ONE Server-Side Request Forgery
2026-03-09	CVE-2026-1603	Ivanti	Endpoint Manager (EPM)	Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
2026-03-03	CVE-2026-22719	Broadcom	VMware Aria Operations	Broadcom VMware Aria Operations Command Injection Vulnerability
2026-02-25	CVE-2022-20775	Cisco	SD-WAN	Cisco SD-WAN Path Traversal Vulnerability

To close a gap: add a Pattern Library entry in docs/disclosed-reports/hunt-<class>.md and an exploit summary in skills/hunt-<class>/SKILL.md.