THE Known Exploited Vulnerabilities (KEV) Catalog, maintained by CISA, serves as a crucial resource for the cybersecurity community to manage vulnerabilities that have been actively exploited. This catalog aids organizations in prioritizing their vulnerability management efforts. Users can access the catalog in multiple formats, including CSV and JSON. The page highlights a specific vulnerability, CVE-2026-45321, related to TanStack, which poses risks of credential theft via malicious npm packages.
Organizations are advised to follow vendor mitigations or discontinue the product if necessary. There is also a call to action for users to report any unlisted vulnerabilities.