THE CISA maintains the Known Exploited Vulnerabilities (KEV) Catalog, which is an authoritative source for identifying vulnerabilities exploited in the wild, aimed at assisting organizations in managing these vulnerabilities effectively. The catalog can be integrated into vulnerability management frameworks and is available in various formats including CSV and JSON.
The entry for CVE-2026-12569 highlights an improper input validation vulnerability in PTC Windchill and FlexPLM, allowing remote attackers to execute arbitrary code. Organizations are urged to apply mitigations as per vendor instructions and adhere to CISA’s guidance for risk-based security updates. Users can also nominate new vulnerabilities for inclusion in the catalog and subscribe for updates.