ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog is the authoritative source of vulnerabilities that have been exploited in the wild, with formats available in CSV, JSON, and JSON Schema. The page shows one current entry: CVE-2025-29635 for D-Link DIR-823X, described as a command injection vulnerability that allows an authorised attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting.
The entry notes that the impacted product could be end-of-life (EoL) and/or end-of-service (EoS), and recommends discontinuing product utilisation or applying mitigations per vendor instructions, or following BOD 22-01 guidance for cloud services where mitigations are unavailable. Date Added is 24 April 2026, with a Due Date of 8 May 2026. Additional links to vendor advisories and the NVD entry are provided on the page, and the KEV Catalog invites readers to subscribe for updates.