Tag
#kev
9 posts tagged #kev.
-
Analysis · Jun 23, 2026 · Colten Anderson
What CVE-2023-7028 says about the gap between vendor patches and your patch window
GitLab fixed a perfect-10 account-takeover bug in a day. Two weeks later, 5,379 self-managed instances were still exposed. The flaw isn't the story. The lag is.
-
Field Note · Jun 22, 2026 · Colten Anderson
Patch Tomcat now, but the four-condition RCE probably isn't pointed at you
CVE-2025-24813 carries a 9.8 and a KEV listing, but real-world RCE needs four config conditions to all line up. Here's how to triage it against your actual deployment instead of the headline.
-
Analysis · Jun 19, 2026 · Colten Anderson
A 6.1 read European government email for two years
Two medium-severity Roundcube XSS bugs let Russian state actors read government email with no click required. The CVSS score said monitor. The KEV listing said move.
-
Analysis · May 22, 2026 · Colten Anderson
Your antivirus runs as SYSTEM, and that's the whole story
Two actively-exploited Defender zero-days look like 'the AV is broken.' The pattern underneath is older and more boring: the scanner has run unsandboxed as SYSTEM for a decade, and that makes it a target, not a sentinel.
-
Field Note · May 15, 2026 · Colten Anderson
A defensible software inventory you can build with the tools you already have
PowerShell, dpkg, system_profiler, Nmap, and a git repo will produce a weekly software inventory that joins cleanly against the CISA KEV catalog. Here are the parts that look right and aren't.
-
Field Note · May 15, 2026 · Colten Anderson
A 30-minute Patch Tuesday triage you can actually run
How to get from 150 CVEs to the 4-8 that change your week, using only public signals and a clock.
-
Analysis · May 14, 2026 · Colten Anderson
Does this CVE actually apply to you? Three filters before you patch
Single-score triage fails in both directions: 10.0s that don't apply, 4.3s that get exploited for 13 days. Three filters reduce the queue.
-
Analysis · May 10, 2026 · Colten Anderson
Array Networks patched in a week and forgot to build a security program
CVE-2023-28461 is a CVSS 9.8 auth bypass on an SSL VPN that Earth Kasha was already exploiting. The fix shipped fast. The disclosure infrastructure around it doesn't exist.
-
Analysis · May 8, 2026 · Colten Anderson
Your LiteLLM proxy needs to be on 1.83.10 by May 11
CISA gave a three-day deadline on a pre-auth SQL injection in LiteLLM. The patch is one version bump; the rotation work after it is the real job.