npm - @blamejs/exceptd-skills - Versions diffs - 0.13.18 → 0.13.20 - Mend

@blamejs/exceptd-skills 0.13.18 → 0.13.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/CHANGELOG.md +79 -0
package/data/_indexes/_meta.json +9 -9
package/data/_indexes/activity-feed.json +2 -2
package/data/_indexes/catalog-summaries.json +2 -2
package/data/_indexes/chains.json +14 -0
package/data/_indexes/frequency.json +1 -0
package/data/attack-techniques.json +2600 -109
package/data/cve-catalog.json +147 -2678
package/data/cwe-catalog.json +60 -1
package/data/framework-control-gaps.json +252 -84
package/data/rfc-references.json +286 -125
package/data/zeroday-lessons.json +17 -2909
package/lib/canonical-eq.js +88 -0
package/lib/cve-regression-watcher.js +130 -9
package/lib/source-advisories.js +9 -34
package/lib/version-pins.js +73 -0
package/lib/xml-tokenizer.js +344 -0
package/manifest.json +44 -44
package/package.json +6 -2
package/sbom.cdx.json +108 -33
package/scripts/audit-catalog-gaps.js +347 -0
package/scripts/check-test-coverage.js +16 -10
package/scripts/refresh-mitre-ics-attack.js +15 -0
package/scripts/refresh-upstream-catalogs.js +171 -54

package/data/cve-catalog.json CHANGED Viewed

@@ -315,7 +315,11 @@
       ]
     },
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "OX Security advisory 2026-04-15 — researchers Moshe Siman Tov Bustan, Mustafa Naamnih, and Nir Zadok. Independent corroboration by Trail of Bits (tool-poisoning analysis 2026-04-29) and Johann Rehberger. All named-human research; no AI-discovery tool credited. Source: https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/."
+    "discovery_attribution_note": "OX Security advisory 2026-04-15 — researchers Moshe Siman Tov Bustan, Mustafa Naamnih, and Nir Zadok. Independent corroboration by Trail of Bits (tool-poisoning analysis 2026-04-29) and Johann Rehberger. All named-human research; no AI-discovery tool credited. Source: https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/.",
+    "cwe_refs": [
+      "CWE-94",
+      "CWE-1357"
+    ]
   },
   "CVE-2026-31431": {
     "name": "Copy Fail",
@@ -1138,7 +1142,11 @@
       ]
     },
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Discovery by ecosystem detection (multiple firms — Snyk, Wiz, StepSecurity, Socket, Orca, JFrog) within 20 minutes of TeamPCP's 2026-05-11 publish window of 84 malicious versions across 42 @tanstack/* packages. The worm IS the disclosure event; no AI-discovery tool involved on the defender side. Threat-actor side is engineering-grade chained tradecraft (pull_request_target co-residency, OIDC-token scraping). Source: https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem."
+    "discovery_attribution_note": "Discovery by ecosystem detection (multiple firms — Snyk, Wiz, StepSecurity, Socket, Orca, JFrog) within 20 minutes of TeamPCP's 2026-05-11 publish window of 84 malicious versions across 42 @tanstack/* packages. The worm IS the disclosure event; no AI-discovery tool involved on the defender side. Threat-actor side is engineering-grade chained tradecraft (pull_request_target co-residency, OIDC-token scraping). Source: https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem.",
+    "cwe_refs": [
+      "CWE-1357",
+      "CWE-506"
+    ]
   },
   "MAL-2026-3083": {
     "name": "Elementary-Data PyPI Worm (Forged Release via GitHub Actions Script Injection)",
@@ -1517,7 +1525,10 @@
     },
     "epss_score": 0.65,
     "epss_date": "2026-05-14",
-    "cwe_refs": [],
+    "cwe_refs": [
+      "CWE-269",
+      "CWE-668"
+    ],
     "source_verified": "2026-05-14",
     "verification_sources": [
       "https://nvd.nist.gov/vuln/detail/CVE-2024-21626",
@@ -1697,7 +1708,9 @@
     "atlas_refs": [
       "AML.T0016"
     ],
-    "attack_refs": [],
+    "attack_refs": [
+      "T1592"
+    ],
     "rwep_score": 30,
     "rwep_factors": {
       "cisa_kev": 0,
@@ -1894,7 +1907,10 @@
     },
     "epss_score": 0.973,
     "epss_date": "2026-05-14",
-    "cwe_refs": [],
+    "cwe_refs": [
+      "CWE-287",
+      "CWE-288"
+    ],
     "source_verified": "2026-05-14",
     "verification_sources": [
       "https://nvd.nist.gov/vuln/detail/CVE-2024-1709",
@@ -2013,7 +2029,9 @@
     },
     "epss_score": 0.005,
     "epss_date": "2026-05-14",
-    "cwe_refs": [],
+    "cwe_refs": [
+      "CWE-200"
+    ],
     "source_verified": "2026-05-14",
     "verification_sources": [
       "https://nvd.nist.gov/vuln/detail/CVE-2024-40635",
@@ -3723,7 +3741,10 @@
       }
     ],
     "discovery_attribution_note": "Discovered and reported by Google Threat Analysis Group (TAG) — human researcher attribution. Disclosure date 2025-09-16. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-10585",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-843"
+    ]
   },
   "CVE-2025-14174": {
     "id": "CVE-2025-14174",
@@ -3792,7 +3813,11 @@
       }
     ],
     "discovery_attribution_note": "Discovery credit not publicly disclosed by Apple at time of patch; targeted-spyware operator activity rather than AI-assisted discovery. Source: https://support.apple.com/en-us/HT215000",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-787",
+      "CWE-119"
+    ]
   },
   "CVE-2025-43529": {
     "id": "CVE-2025-43529",
@@ -3857,7 +3882,10 @@
       }
     ],
     "discovery_attribution_note": "No AI-tool credit; commercial exploit kit (DarkSword) attribution. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-43529",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-416"
+    ]
   },
   "CVE-2025-4919": {
     "id": "CVE-2025-4919",
@@ -3919,7 +3947,10 @@
       }
     ],
     "discovery_attribution_note": "Pwn2Own competitor disclosure; same-day patch. Source: https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-843"
+    ]
   },
   "CVE-2025-24201": {
     "id": "CVE-2025-24201",
@@ -3987,7 +4018,10 @@
       }
     ],
     "discovery_attribution_note": "Apple-internal discovery in response to targeted-attack telemetry on devices running iOS prior to 17.2. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-24201",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-43300": {
     "id": "CVE-2025-43300",
@@ -4055,7 +4089,10 @@
       }
     ],
     "discovery_attribution_note": "Apple-internal disclosure; full attribution undisclosed. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-43300",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-38352": {
     "id": "CVE-2025-38352",
@@ -4124,7 +4161,10 @@
         "published_date": "2025-09-02"
       }
     ],
-    "discovery_attribution_note": "Google Android Security Bulletin September 2025 attribution; no AI-tool credit. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-38352"
+    "discovery_attribution_note": "Google Android Security Bulletin September 2025 attribution; no AI-tool credit. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-38352",
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-55241": {
     "id": "CVE-2025-55241",
@@ -4190,7 +4230,10 @@
       }
     ],
     "discovery_attribution_note": "Researcher disclosure 2025-07-14; Microsoft global server-side fix 2025-07-17; additional hardening 2025-08-06; public disclosure September 2025. Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-21085": {
     "id": "CVE-2025-21085",
@@ -4252,7 +4295,10 @@
       }
     ],
     "discovery_attribution_note": "Vendor-internal discovery via Cisco PSIRT. Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-auth-info-JgkSWBLz",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-1094": {
     "id": "CVE-2025-1094",
@@ -4322,7 +4368,10 @@
       }
     ],
     "discovery_attribution_note": "Rapid7 disclosure during BeyondTrust incident triage; no AI-tool attribution. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-1094",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-49844": {
     "id": "CVE-2025-49844",
@@ -4388,7 +4437,10 @@
       }
     ],
     "discovery_attribution_note": "Wiz Research disclosure (human-led); no AI-tool credit. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-49844",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-416"
+    ]
   },
   "CVE-2025-14847": {
     "id": "CVE-2025-14847",
@@ -4452,7 +4504,10 @@
       }
     ],
     "discovery_attribution_note": "Bitsight + MongoDB-coordinated disclosure; no AI-tool attribution. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-14847",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-8671": {
     "id": "CVE-2025-8671",
@@ -4520,7 +4575,10 @@
       }
     ],
     "discovery_attribution_note": "Tel Aviv University academic disclosure paired with Imperva production traffic analysis. ai_discovery_source set to academic_ai_fuzzing as the closest enum match for protocol-fuzzing research, though specific AI-fuzzing tool credit was not published. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-8671",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-6965": {
     "id": "CVE-2025-6965",
@@ -4586,7 +4644,11 @@
       }
     ],
     "discovery_attribution_note": "AI-surfaced by Google's 'Big Sleep' (DeepMind + Project Zero collaboration, Gemini-backed). Notable as the first AI-agent foil of an in-the-wild zero-day exploitation campaign. Hard Rule #7 anchor entry.",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-787",
+      "CWE-119"
+    ]
   },
   "CVE-2026-22778": {
     "id": "CVE-2026-22778",
@@ -4653,7 +4715,11 @@
       }
     ],
     "discovery_attribution_note": "OX Security human research disclosure. Source: https://www.ox.security/blog/cve-2026-22778-vllm-rce-vulnerability/",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-122",
+      "CWE-787"
+    ]
   },
   "CVE-2026-7482": {
     "id": "CVE-2026-7482",
@@ -4718,7 +4784,10 @@
       }
     ],
     "discovery_attribution_note": "Coordinated disclosure to Ollama security team. Source: https://github.com/ollama/ollama/security/advisories",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-68664": {
     "id": "CVE-2025-68664",
@@ -4789,7 +4858,10 @@
       }
     ],
     "discovery_attribution_note": "Cyata research team discovery via prompt-injection attack-surface analysis. Source: https://cyata.ai/blog/langgrinch-langchain-core-cve-2025-68664/",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-502"
+    ]
   },
   "CVE-2025-22224": {
     "id": "CVE-2025-22224",
@@ -4859,7 +4931,10 @@
       }
     ],
     "discovery_attribution_note": "Microsoft Threat Intelligence Center disclosure; no AI-tool attribution. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-22224",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-22225": {
     "id": "CVE-2025-22225",
@@ -4926,7 +5001,10 @@
       }
     ],
     "discovery_attribution_note": "Microsoft Threat Intelligence Center co-disclosure. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-22225",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-22226": {
     "id": "CVE-2025-22226",
@@ -4993,7 +5071,10 @@
       }
     ],
     "discovery_attribution_note": "Microsoft Threat Intelligence Center co-disclosure. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-22226",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "MAL-2024-PYPI-ULTRALYTICS-XMRIG": {
     "id": "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
@@ -5065,7 +5146,10 @@
       }
     ],
     "discovery_attribution_note": "ReversingLabs + Wiz + HiddenLayer concurrent ecosystem-telemetry detection. Source: https://www.reversinglabs.com/blog/compromised-ultralytics-pypi-package-delivers-crypto-coinminer",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER": {
     "id": "MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER",
@@ -5140,7 +5224,10 @@
       }
     ],
     "discovery_attribution_note": "Socket.dev research disclosure; concurrent reporting by other supply-chain firms. Source: https://socket.dev/blog/malicious-ruby-gems-and-go-modules-steal-secrets-poison-ci",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "MAL-2025-PYPI-COLORAMA-SOLANA-STEALER": {
     "id": "MAL-2025-PYPI-COLORAMA-SOLANA-STEALER",
@@ -5214,7 +5301,10 @@
       }
     ],
     "discovery_attribution_note": "Imperva Threat Research + Checkmarx + Check Point ecosystem-telemetry detection. Source: https://www.imperva.com/blog/pythons-colorama-typosquatting-meets-fade-stealer-malware/",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-0133": {
     "id": "CVE-2025-0133",
@@ -5282,7 +5372,10 @@
       }
     ],
     "discovery_attribution_note": "AI-surfaced by XBOW autonomous-pentest agent during HackerOne VDP engagement. First publicly-attributed AI-tool CVE against Palo Alto. Hard Rule #7 anchor.",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-59529": {
     "id": "CVE-2025-59529",
@@ -5346,7 +5439,10 @@
       }
     ],
     "discovery_attribution_note": "AI-surfaced by ZeroPath SAST agent. Notable as a business-logic class detection — the category most resistant to conventional SAST and most accelerated by LLM-driven analysis. Hard Rule #7 anchor.",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-55319": {
     "id": "CVE-2025-55319",
@@ -5415,7 +5511,10 @@
       }
     ],
     "discovery_attribution_note": "AI-surfaced by ZeroPath. Doubly-relevant: AI-defender finds bug in AI-agentic IDE integration. ai_assisted_weaponization=true because the AI agent IS the weaponization primitive — qualifies under both Hard Rule #7 limbs.",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-77"
+    ]
   },
   "CVE-2025-53767": {
     "id": "CVE-2025-53767",
@@ -5484,7 +5583,10 @@
       }
     ],
     "discovery_attribution_note": "AI-surfaced by ZeroPath against Azure OpenAI control plane. Hard Rule #7 anchor and identity-class adjacent (cloud-tenant control plane).",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2025-10725": {
     "id": "CVE-2025-10725",
@@ -5551,7 +5653,10 @@
       }
     ],
     "discovery_attribution_note": "AI-surfaced by ZeroPath against Red Hat OpenShift AI. Hard Rule #7 anchor — AI-defender finding bugs in AI-deployment platform.",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP": {
     "id": "MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP",
@@ -5620,7 +5725,10 @@
       }
     ],
     "discovery_attribution_note": "Composite / tranche entry covering the Big Sleep FFmpeg + ImageMagick AI-tool zero-day finds (Google DeepMind + Project Zero). Operator action: when the per-CVE detail becomes available, split this into individual catalog entries and retire the composite. Anchor entry for Hard Rule #7 (AI-discovery rate).",
-    "live_patch_tools": []
+    "live_patch_tools": [],
+    "cwe_refs": [
+      "CWE-1395"
+    ]
   },
   "CVE-2026-31635": {
     "name": "DirtyDecrypt (rxgk page-cache write)",
@@ -5983,8 +6091,8 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1068",
-      "T1574.012"
+      "T1574",
+      "T1068"
     ],
     "rwep_score": 50,
     "rwep_factors": {
@@ -6039,7 +6147,8 @@
     "last_updated": "2026-05-19",
     "discovery_attribution_note": "Public disclosure by Nightmare-Eclipse / Chaotic Eclipse on GitHub 2026-05-13, simultaneously with YellowKey and one day after Microsoft's May 2026 Patch Tuesday. The CTFMON-trust-abuse primitive was named explicitly in the writeup. Sources: BleepingComputer (https://www.bleepingcomputer.com/news/microsoft/new-windows-miniplasma-zero-day-exploit-gives-system-access-poc-released/), The Hacker News (https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html), ThreatLocker analysis (https://www.threatlocker.com/blog/what-yellowkey-and-greenplasma-zero-day-exploits-reveal-about-trusting-native-windows-security), lilting.ch (https://lilting.ch/en/articles/yellowkey-bitlocker-winre-bypass-greenplasma-ctfmon). Same handle as BlueHammer (CVE-2026-33825) / MiniPlasma / UnDefend — see NEW-CTRL-073 handle tracker. Catalog refined v0.13.18 (T+6 days post-PoC) once mechanism became public.",
     "intake_gap_note": "Catalog entry added 2026-05-18 via manual operator triage AFTER public PoC. The daily exceptd-threat-intake routine missed this drop — the researcher (Nightmare-Eclipse / Chaotic Eclipse on GitHub) published the PoC binary + source on GitHub releases and surfaced via BleepingComputer / The Hacker News / Cybersecurity News / Bitdefender HotForSecurity. None of the 12-feed primary-source set polls those tech-press venues nor GitHub release events for known researcher handles. The v0.13.17 release adds three intake methods to close this class: (1) bleepingcomputer-security + thehackernews tech-press feeds, (2) a GitHub-releases tracker for Nightmare-Eclipse and other handles whose prior drops landed in the catalog (NEW-CTRL-073), (3) a CVE-regression-watcher (NEW-CTRL-074) that flags PoC text referencing historical CVE IDs as candidate silent-regression cases. ",
-    "_curation_note": "v0.13.18 refinement — original v0.13.17 stub punted on mechanism; CTFMON-trust-abuse primitive named in subsequent writeups (The Hacker News 2026-05-14, ThreatLocker 2026-05-15, lilting.ch 2026-05-16). Catalog re-curated 2026-05-19."
+    "_curation_note": "v0.13.18 refinement — original v0.13.17 stub punted on mechanism; CTFMON-trust-abuse primitive named in subsequent writeups (The Hacker News 2026-05-14, ThreatLocker 2026-05-15, lilting.ch 2026-05-16). Catalog re-curated 2026-05-19.",
+    "_attack_refs_correction_note": "v0.13.20: replaced T1574.012 (COR_PROFILER, .NET-specific) with T1574 base + T1068 — CTFMON trust-abuse is a generic Hijack-Execution-Flow primitive against a SYSTEM-context process, not the .NET CLR profiler hijack sub-technique. Operator-curation pending if/when MITRE publishes a CTFMON-specific sub-technique."
   },
   "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND": {
     "name": "UnDefend — Microsoft Defender Update-Disruption Tampering (Nightmare-Eclipse)",
@@ -6242,17 +6351,6 @@
         "published_date": "2026-04-30"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running WebPros cPanel & WHM and WP2 (WordPress Squared)."
-      ],
-      "version_exposure": [
-        "Version inventory required for WebPros cPanel & WHM and WP2 (WordPress Squared) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-30; due date 2026-05-03. Notes reference: https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026 ; https://docs.cpanel.net/release-notes/release-notes/ ; https://docs.wpsquared.com/changelogs/version",
     "_auto_imported": true,
@@ -6350,17 +6448,6 @@
         "published_date": "2026-04-28"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running ConnectWise ScreenConnect."
-      ],
-      "version_exposure": [
-        "Version inventory required for ConnectWise ScreenConnect — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-28; due date 2026-05-12. Notes reference: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708",
     "_auto_imported": true,
@@ -6457,17 +6544,6 @@
         "published_date": "2026-04-24"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running D-Link DIR-823X."
-      ],
-      "version_exposure": [
-        "Version inventory required for D-Link DIR-823X — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-24; due date 2026-05-08. Notes reference: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635",
     "_auto_imported": true,
@@ -6564,17 +6640,6 @@
         "published_date": "2026-04-24"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Samsung MagicINFO 9 Server."
-      ],
-      "version_exposure": [
-        "Version inventory required for Samsung MagicINFO 9 Server — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-24; due date 2026-05-08. Notes reference: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399",
     "_auto_imported": true,
@@ -6672,17 +6737,6 @@
         "published_date": "2026-04-24"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running SimpleHelp  SimpleHelp."
-      ],
-      "version_exposure": [
-        "Version inventory required for SimpleHelp  SimpleHelp — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-24; due date 2026-05-08. Notes reference: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728",
     "_auto_imported": true,
@@ -6781,17 +6835,6 @@
         "published_date": "2026-04-24"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SimpleHelp  SimpleHelp."
-      ],
-      "version_exposure": [
-        "Version inventory required for SimpleHelp  SimpleHelp — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-24; due date 2026-05-08. Notes reference: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726",
     "_auto_imported": true,
@@ -6890,17 +6933,6 @@
         "published_date": "2026-04-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Catalyst SD-WAN Manger."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Catalyst SD-WAN Manger — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-20; due date 2026-04-23. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed",
     "_auto_imported": true,
@@ -6999,17 +7031,6 @@
         "published_date": "2026-04-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Catalyst SD-WAN Manager."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Catalyst SD-WAN Manager — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-20; due date 2026-04-23. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed",
     "_auto_imported": true,
@@ -7106,17 +7127,6 @@
         "published_date": "2026-04-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Kentico Kentico Xperience."
-      ],
-      "version_exposure": [
-        "Version inventory required for Kentico Kentico Xperience — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-20; due date 2026-05-04. Notes reference: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749",
     "_auto_imported": true,
@@ -7215,17 +7225,6 @@
         "published_date": "2026-04-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running PaperCut NG/MF."
-      ],
-      "version_exposure": [
-        "Version inventory required for PaperCut NG/MF — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-20; due date 2026-05-04. Notes reference: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351",
     "_auto_imported": true,
@@ -7321,17 +7320,6 @@
         "published_date": "2026-04-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Synacor Zimbra Collaboration Suite (ZCS)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Synacor Zimbra Collaboration Suite (ZCS) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-20; due date 2026-04-23. Notes reference: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700",
     "_auto_imported": true,
@@ -7430,17 +7418,6 @@
         "published_date": "2026-04-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Catalyst SD-WAN Manager."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Catalyst SD-WAN Manager — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-20; due date 2026-04-23. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed",
     "_auto_imported": true,
@@ -7537,17 +7514,6 @@
         "published_date": "2026-04-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Quest KACE Systems Management Appliance (SMA)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Quest KACE Systems Management Appliance (SMA) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-20; due date 2026-05-04. Notes reference: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975",
     "_auto_imported": true,
@@ -7646,17 +7612,6 @@
         "published_date": "2026-04-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running JetBrains TeamCity."
-      ],
-      "version_exposure": [
-        "Version inventory required for JetBrains TeamCity — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-20; due date 2026-05-04. Notes reference: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27",
     "_auto_imported": true,
@@ -7754,17 +7709,6 @@
         "published_date": "2026-04-16"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Apache ActiveMQ."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apache ActiveMQ — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-16; due date 2026-04-30. Notes reference: https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197",
     "_auto_imported": true,
@@ -7861,17 +7805,6 @@
         "published_date": "2026-04-14"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Office."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Office — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-14; due date 2026-04-28. Notes reference: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238",
     "_auto_imported": true,
@@ -7968,17 +7901,6 @@
         "published_date": "2026-04-14"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft SharePoint Server."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft SharePoint Server — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-14; due date 2026-04-28. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201",
     "_auto_imported": true,
@@ -8075,17 +7997,6 @@
         "published_date": "2026-04-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Visual Basic for Applications (VBA)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Visual Basic for Applications (VBA) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-13; due date 2026-04-27. Notes reference: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854",
     "_auto_imported": true,
@@ -8181,17 +8092,6 @@
         "published_date": "2026-04-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-13; due date 2026-04-27. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710",
     "_auto_imported": true,
@@ -8290,17 +8190,6 @@
         "published_date": "2026-04-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Exchange Server."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Exchange Server — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-13; due date 2026-04-27. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529",
     "_auto_imported": true,
@@ -8396,17 +8285,6 @@
         "published_date": "2026-04-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-13; due date 2026-04-27. Notes reference: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424",
     "_auto_imported": true,
@@ -8502,17 +8380,6 @@
         "published_date": "2026-04-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Adobe Acrobat."
-      ],
-      "version_exposure": [
-        "Version inventory required for Adobe Acrobat — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-13; due date 2026-04-27. Notes reference: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715",
     "_auto_imported": true,
@@ -8609,17 +8476,6 @@
         "published_date": "2026-04-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Fortinet FortiClient EMS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortinet FortiClient EMS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-13; due date 2026-04-16. Notes reference: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643",
     "_auto_imported": true,
@@ -8716,17 +8572,6 @@
         "published_date": "2026-04-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Adobe Acrobat and Reader."
-      ],
-      "version_exposure": [
-        "Version inventory required for Adobe Acrobat and Reader — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-13; due date 2026-04-27. Notes reference: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621",
     "_auto_imported": true,
@@ -8825,17 +8670,6 @@
         "published_date": "2026-04-08"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Ivanti Endpoint Manager Mobile (EPMM)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Ivanti Endpoint Manager Mobile (EPMM) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-08; due date 2026-04-11. Notes reference: Please adhere to Ivanti's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any",
     "_auto_imported": true,
@@ -8932,17 +8766,6 @@
         "published_date": "2026-04-06"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Fortinet FortiClient EMS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortinet FortiClient EMS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-06; due date 2026-04-09. Notes reference: Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply",
     "_auto_imported": true,
@@ -9040,17 +8863,6 @@
         "published_date": "2026-04-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running TrueConf Client."
-      ],
-      "version_exposure": [
-        "Version inventory required for TrueConf Client — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-02; due date 2026-04-16. Notes reference: https://trueconf.com/blog/update/trueconf-8-5 ; https://trueconf.com/downloads/windows.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3502",
     "_auto_imported": true,
@@ -9146,17 +8958,6 @@
         "published_date": "2026-04-01"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Google Dawn."
-      ],
-      "version_exposure": [
-        "Version inventory required for Google Dawn — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-01; due date 2026-04-15. Notes reference: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://ch",
     "_auto_imported": true,
@@ -9252,17 +9053,6 @@
         "published_date": "2026-03-30"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Citrix NetScaler."
-      ],
-      "version_exposure": [
-        "Version inventory required for Citrix NetScaler — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-30; due date 2026-04-02. Notes reference: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 ; https://nvd.nist",
     "_auto_imported": true,
@@ -9361,17 +9151,6 @@
         "published_date": "2026-03-27"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running F5 BIG-IP."
-      ],
-      "version_exposure": [
-        "Version inventory required for F5 BIG-IP — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-27; due date 2026-03-30. Notes reference: Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more informat",
     "_auto_imported": true,
@@ -9468,17 +9247,6 @@
         "published_date": "2026-03-26"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Aquasecurity Trivy."
-      ],
-      "version_exposure": [
-        "Version inventory required for Aquasecurity Trivy — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-26; due date 2026-04-09. Notes reference: This vulnerability involves a supply‑chain compromise in a product that may be used across multiple products and environments. Additional vendor‑provided guidance must be followed to ensure full remed",
     "_auto_imported": true,
@@ -9577,17 +9345,6 @@
         "published_date": "2026-03-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Langflow Langflow."
-      ],
-      "version_exposure": [
-        "Version inventory required for Langflow Langflow — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-25; due date 2026-04-08. Notes reference: https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx ; https://nvd.nist.gov/vuln/detail/CVE-2026-33017",
     "_auto_imported": true,
@@ -9685,17 +9442,6 @@
         "published_date": "2026-03-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Craft CMS Craft CMS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Craft CMS Craft CMS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-20; due date 2026-04-03. Notes reference: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432",
     "_auto_imported": true,
@@ -9793,17 +9539,6 @@
         "published_date": "2026-03-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Laravel Livewire."
-      ],
-      "version_exposure": [
-        "Version inventory required for Laravel Livewire — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-20; due date 2026-04-03. Notes reference: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/C",
     "_auto_imported": true,
@@ -9907,17 +9642,6 @@
         "published_date": "2026-03-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Apple Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apple Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-20; due date 2026-04-03. Notes reference: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/1256",
     "_auto_imported": true,
@@ -10021,17 +9745,6 @@
         "published_date": "2026-03-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Apple Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apple Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-20; due date 2026-04-03. Notes reference: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/1256",
     "_auto_imported": true,
@@ -10131,17 +9844,6 @@
         "published_date": "2026-03-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Apple Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apple Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-20; due date 2026-04-03. Notes reference: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/1241",
     "_auto_imported": true,
@@ -10240,17 +9942,6 @@
         "published_date": "2026-03-19"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Secure Firewall Management Center (FMC)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Secure Firewall Management Center (FMC) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-19; due date 2026-03-22. Notes reference: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh ; https://nvd.nist.gov/vuln/detail/CVE-2026-20131",
     "_auto_imported": true,
@@ -10346,17 +10037,6 @@
         "published_date": "2026-03-18"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Synacor Zimbra Collaboration Suite (ZCS)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Synacor Zimbra Collaboration Suite (ZCS) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-18; due date 2026-04-01. Notes reference: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-66376",
     "_auto_imported": true,
@@ -10453,17 +10133,6 @@
         "published_date": "2026-03-18"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft SharePoint."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft SharePoint — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-18; due date 2026-03-21. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20963",
     "_auto_imported": true,
@@ -10559,17 +10228,6 @@
         "published_date": "2026-03-16"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Wing FTP Server Wing FTP Server."
-      ],
-      "version_exposure": [
-        "Version inventory required for Wing FTP Server Wing FTP Server — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-16; due date 2026-03-30. Notes reference: https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47813",
     "_auto_imported": true,
@@ -10666,17 +10324,6 @@
         "published_date": "2026-03-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Google Chromium V8."
-      ],
-      "version_exposure": [
-        "Version inventory required for Google Chromium V8 — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-13; due date 2026-03-27. Notes reference: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910",
     "_auto_imported": true,
@@ -10773,17 +10420,6 @@
         "published_date": "2026-03-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Google Skia."
-      ],
-      "version_exposure": [
-        "Version inventory required for Google Skia — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-13; due date 2026-03-27. Notes reference: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For mor",
     "_auto_imported": true,
@@ -10880,17 +10516,6 @@
         "published_date": "2026-03-11"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running n8n n8n."
-      ],
-      "version_exposure": [
-        "Version inventory required for n8n n8n — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-11; due date 2026-03-25. Notes reference: https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613",
     "_auto_imported": true,
@@ -10986,17 +10611,6 @@
         "published_date": "2026-03-09"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Omnissa Workspace One UEM."
-      ],
-      "version_exposure": [
-        "Version inventory required for Omnissa Workspace One UEM — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-09; due date 2026-03-23. Notes reference: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054",
     "_auto_imported": true,
@@ -11094,17 +10708,6 @@
         "published_date": "2026-03-09"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SolarWinds Web Help Desk."
-      ],
-      "version_exposure": [
-        "Version inventory required for SolarWinds Web Help Desk — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-09; due date 2026-03-12. Notes reference: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; ht",
     "_auto_imported": true,
@@ -11201,17 +10804,6 @@
         "published_date": "2026-03-09"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Ivanti  Endpoint Manager (EPM)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Ivanti  Endpoint Manager (EPM) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-09; due date 2026-03-23. Notes reference: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603",
     "_auto_imported": true,
@@ -11308,17 +10900,6 @@
         "published_date": "2026-03-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Hikvision Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Hikvision Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-05; due date 2026-03-26. Notes reference: https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921",
     "_auto_imported": true,
@@ -11416,17 +10997,6 @@
         "published_date": "2026-03-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Rockwell Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Rockwell Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-05; due date 2026-03-26. Notes reference: https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-a",
     "_auto_imported": true,
@@ -11524,17 +11094,6 @@
         "published_date": "2026-03-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Apple Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apple Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-05; due date 2026-03-26. Notes reference: https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000",
     "_auto_imported": true,
@@ -11634,17 +11193,6 @@
         "published_date": "2026-03-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Apple Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apple Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-05; due date 2026-03-26. Notes reference: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en",
     "_auto_imported": true,
@@ -11741,17 +11289,6 @@
         "published_date": "2026-03-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Apple iOS and iPadOS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apple iOS and iPadOS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-05; due date 2026-03-26. Notes reference: https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974",
     "_auto_imported": true,
@@ -11849,17 +11386,6 @@
         "published_date": "2026-03-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Broadcom VMware Aria Operations."
-      ],
-      "version_exposure": [
-        "Version inventory required for Broadcom VMware Aria Operations — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-03; due date 2026-03-24. Notes reference: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/det",
     "_auto_imported": true,
@@ -11955,17 +11481,6 @@
         "published_date": "2026-03-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Qualcomm Multiple Chipsets."
-      ],
-      "version_exposure": [
-        "Version inventory required for Qualcomm Multiple Chipsets — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-03; due date 2026-03-24. Notes reference: Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.go",
     "_auto_imported": true,
@@ -12064,17 +11579,6 @@
         "published_date": "2026-02-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Cisco SD-WAN."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco SD-WAN — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-25; due date 2026-02-27. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed",
     "_auto_imported": true,
@@ -12173,17 +11677,6 @@
         "published_date": "2026-02-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Cisco Catalyst SD-WAN Controller and Manager."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Catalyst SD-WAN Controller and Manager — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-25; due date 2026-02-27. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed",
     "_auto_imported": true,
@@ -12280,17 +11773,6 @@
         "published_date": "2026-02-24"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Soliton Systems K.K FileZen."
-      ],
-      "version_exposure": [
-        "Version inventory required for Soliton Systems K.K FileZen — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-24; due date 2026-03-17. Notes reference: https://jvn.jp/en/jp/JVN84622767/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-25108",
     "_auto_imported": true,
@@ -12389,17 +11871,6 @@
         "published_date": "2026-02-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Roundcube Webmail."
-      ],
-      "version_exposure": [
-        "Version inventory required for Roundcube Webmail — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-20; due date 2026-03-13. Notes reference: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.",
     "_auto_imported": true,
@@ -12496,17 +11967,6 @@
         "published_date": "2026-02-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Roundcube Webmail."
-      ],
-      "version_exposure": [
-        "Version inventory required for Roundcube Webmail — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-20; due date 2026-03-13. Notes reference: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail",
     "_auto_imported": true,
@@ -12602,17 +12062,6 @@
         "published_date": "2026-02-18"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running GitLab GitLab."
-      ],
-      "version_exposure": [
-        "Version inventory required for GitLab GitLab — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-18; due date 2026-03-11. Notes reference: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175",
     "_auto_imported": true,
@@ -12711,17 +12160,6 @@
         "published_date": "2026-02-18"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Dell RecoverPoint for Virtual Machines (RP4VMs)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Dell RecoverPoint for Virtual Machines (RP4VMs) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-18; due date 2026-02-21. Notes reference: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.co",
     "_auto_imported": true,
@@ -12817,17 +12255,6 @@
         "published_date": "2026-02-17"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Synacor Zimbra Collaboration Suite."
-      ],
-      "version_exposure": [
-        "Version inventory required for Synacor Zimbra Collaboration Suite — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-17; due date 2026-03-10. Notes reference: https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 ; https://nvd.nist.gov/vuln/detail/CVE-2020-7796",
     "_auto_imported": true,
@@ -12925,17 +12352,6 @@
         "published_date": "2026-02-17"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running TeamT5 ThreatSonar Anti-Ransomware."
-      ],
-      "version_exposure": [
-        "Version inventory required for TeamT5 ThreatSonar Anti-Ransomware — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-17; due date 2026-03-10. Notes reference: https://teamt5.org/en/posts/vulnerability-notice-threat-sonar-anti-ransomware-20240715/ ; https://www.twcert.org.tw/en/cp-139-8000-e5a5c-2.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-7694",
     "_auto_imported": true,
@@ -13032,17 +12448,6 @@
         "published_date": "2026-02-17"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-17; due date 2026-03-10. Notes reference: https://web.archive.org/web/20110305211119/https://www.microsoft.com/technet/security/bulletin/ms09-032.mspx ; https://nvd.nist.gov/vuln/detail/CVE-2008-0015",
     "_auto_imported": true,
@@ -13138,17 +12543,6 @@
         "published_date": "2026-02-17"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Google Chromium."
-      ],
-      "version_exposure": [
-        "Version inventory required for Google Chromium — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-17; due date 2026-03-10. Notes reference: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-2441",
     "_auto_imported": true,
@@ -13247,17 +12641,6 @@
         "published_date": "2026-02-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)."
-      ],
-      "version_exposure": [
-        "Version inventory required for BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-13; due date 2026-02-16. Notes reference: Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. ",
     "_auto_imported": true,
@@ -13358,17 +12741,6 @@
         "published_date": "2026-02-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Apple Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apple Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-12; due date 2026-03-05. Notes reference: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/1263",
     "_auto_imported": true,
@@ -13465,17 +12837,6 @@
         "published_date": "2026-02-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Configuration Manager."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Configuration Manager — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-12; due date 2026-03-05. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468",
     "_auto_imported": true,
@@ -13573,17 +12934,6 @@
         "published_date": "2026-02-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Notepad++ Notepad++."
-      ],
-      "version_exposure": [
-        "Version inventory required for Notepad++ Notepad++ — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-12; due date 2026-03-05. Notes reference: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-1",
     "_auto_imported": true,
@@ -13681,17 +13031,6 @@
         "published_date": "2026-02-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SolarWinds Web Help Desk."
-      ],
-      "version_exposure": [
-        "Version inventory required for SolarWinds Web Help Desk — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-12; due date 2026-02-15. Notes reference: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd",
     "_auto_imported": true,
@@ -13788,17 +13127,6 @@
         "published_date": "2026-02-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-10; due date 2026-03-03. Notes reference: https://msrc.microsoft.com/update-guide/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513",
     "_auto_imported": true,
@@ -13895,17 +13223,6 @@
         "published_date": "2026-02-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-10; due date 2026-03-03. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525",
     "_auto_imported": true,
@@ -14002,17 +13319,6 @@
         "published_date": "2026-02-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-10; due date 2026-03-03. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510 ",
     "_auto_imported": true,
@@ -14109,17 +13415,6 @@
         "published_date": "2026-02-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-10; due date 2026-03-03. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533",
     "_auto_imported": true,
@@ -14216,17 +13511,6 @@
         "published_date": "2026-02-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-10; due date 2026-03-03. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519",
     "_auto_imported": true,
@@ -14323,17 +13607,6 @@
         "published_date": "2026-02-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Office."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Office — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-10; due date 2026-03-03. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514",
     "_auto_imported": true,
@@ -14431,17 +13704,6 @@
         "published_date": "2026-02-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running React Native Community CLI."
-      ],
-      "version_exposure": [
-        "Version inventory required for React Native Community CLI — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-05; due date 2026-02-26. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
     "_auto_imported": true,
@@ -14541,17 +13803,6 @@
         "published_date": "2026-02-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running SmarterTools SmarterMail."
-      ],
-      "version_exposure": [
-        "Version inventory required for SmarterTools SmarterMail — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-05; due date 2026-02-26. Notes reference: https://www.smartertools.com/smartermail/release-notes/current ; https://www.cve.org/CVERecord?id=CVE-2026-24423 ; https://nvd.nist.gov/vuln/detail/CVE-2026-24423",
     "_auto_imported": true,
@@ -14647,17 +13898,6 @@
         "published_date": "2026-02-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running GitLab Community and Enterprise Editions."
-      ],
-      "version_exposure": [
-        "Version inventory required for GitLab Community and Enterprise Editions — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-03; due date 2026-02-24. Notes reference: https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-39935",
     "_auto_imported": true,
@@ -14754,17 +13994,6 @@
         "published_date": "2026-02-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Sangoma FreePBX ."
-      ],
-      "version_exposure": [
-        "Version inventory required for Sangoma FreePBX  — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-03; due date 2026-02-24. Notes reference: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw ; https://nvd.nist.gov/vuln/detail/CVE-2025-64328",
     "_auto_imported": true,
@@ -14861,17 +14090,6 @@
         "published_date": "2026-02-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Sangoma FreePBX."
-      ],
-      "version_exposure": [
-        "Version inventory required for Sangoma FreePBX — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-03; due date 2026-02-24. Notes reference: https://wiki.freepbx.org/display/FOP/2019-11-20%2BRemote%2BAdmin%2BAuthentication%2BBypass ; https://nvd.nist.gov/vuln/detail/CVE-2019-19006",
     "_auto_imported": true,
@@ -14968,17 +14186,6 @@
         "published_date": "2026-02-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SolarWinds Web Help Desk."
-      ],
-      "version_exposure": [
-        "Version inventory required for SolarWinds Web Help Desk — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-03; due date 2026-02-06. Notes reference: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40551",
     "_auto_imported": true,
@@ -15077,17 +14284,6 @@
         "published_date": "2026-01-29"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Ivanti Endpoint Manager Mobile (EPMM)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Ivanti Endpoint Manager Mobile (EPMM) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-29; due date 2026-02-01. Notes reference: Please adhere to Ivanti's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any",
     "_auto_imported": true,
@@ -15185,17 +14381,6 @@
         "published_date": "2026-01-27"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Fortinet Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortinet Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-27; due date 2026-01-30. Notes reference: Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply",
     "_auto_imported": true,
@@ -15294,17 +14479,6 @@
         "published_date": "2026-01-26"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Linux Kernel."
-      ],
-      "version_exposure": [
-        "Version inventory required for Linux Kernel — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-26; due date 2026-02-16. Notes reference: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For mor",
     "_auto_imported": true,
@@ -15404,17 +14578,6 @@
         "published_date": "2026-01-26"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SmarterTools SmarterMail."
-      ],
-      "version_exposure": [
-        "Version inventory required for SmarterTools SmarterMail — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-26; due date 2026-02-16. Notes reference: https://www.smartertools.com/smartermail/release-notes/current ; https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-52691",
     "_auto_imported": true,
@@ -15513,17 +14676,6 @@
         "published_date": "2026-01-26"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SmarterTools SmarterMail."
-      ],
-      "version_exposure": [
-        "Version inventory required for SmarterTools SmarterMail — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-26; due date 2026-02-16. Notes reference: https://www.smartertools.com/smartermail/release-notes/current ; https://nvd.nist.gov/vuln/detail/CVE-2026-23760",
     "_auto_imported": true,
@@ -15622,17 +14774,6 @@
         "published_date": "2026-01-26"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running GNU InetUtils."
-      ],
-      "version_exposure": [
-        "Version inventory required for GNU InetUtils — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-26; due date 2026-02-16. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
     "_auto_imported": true,
@@ -15729,17 +14870,6 @@
         "published_date": "2026-01-26"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Office."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Office — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-26; due date 2026-02-16. Notes reference: Please adhere to Microsoft’s recommended guidelines to address this vulnerability. Implement all final mitigations provided by the vendor for Office 2021, and apply the interim corresponding mitigatio",
     "_auto_imported": true,
@@ -15836,17 +14966,6 @@
         "published_date": "2026-01-23"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Broadcom VMware vCenter Server."
-      ],
-      "version_exposure": [
-        "Version inventory required for Broadcom VMware vCenter Server — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-23; due date 2026-02-13. Notes reference: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37079",
     "_auto_imported": true,
@@ -15943,17 +15062,6 @@
         "published_date": "2026-01-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Synacor  Zimbra Collaboration Suite (ZCS)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Synacor  Zimbra Collaboration Suite (ZCS) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-22; due date 2026-02-12. Notes reference: https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2025-68645",
     "_auto_imported": true,
@@ -16050,17 +15158,6 @@
         "published_date": "2026-01-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Versa Concerto."
-      ],
-      "version_exposure": [
-        "Version inventory required for Versa Concerto — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-22; due date 2026-02-12. Notes reference: https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e ; https://nvd.nist.gov/vuln/detail/CVE-2025-34026",
     "_auto_imported": true,
@@ -16158,17 +15255,6 @@
         "published_date": "2026-01-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Vite Vitejs."
-      ],
-      "version_exposure": [
-        "Version inventory required for Vite Vitejs — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-22; due date 2026-02-12. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
     "_auto_imported": true,
@@ -16266,17 +15352,6 @@
         "published_date": "2026-01-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Prettier eslint-config-prettier."
-      ],
-      "version_exposure": [
-        "Version inventory required for Prettier eslint-config-prettier — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-22; due date 2026-02-12. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
     "_auto_imported": true,
@@ -16373,17 +15448,6 @@
         "published_date": "2026-01-21"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Unified Communications Manager."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Unified Communications Manager — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-21; due date 2026-02-11. Notes reference: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b ; https://nvd.nist.gov/vuln/detail/CVE-2026-20045",
     "_auto_imported": true,
@@ -16479,17 +15543,6 @@
         "published_date": "2026-01-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-13; due date 2026-02-03. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20805 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20805",
     "_auto_imported": true,
@@ -16585,17 +15638,6 @@
         "published_date": "2026-01-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Gogs Gogs."
-      ],
-      "version_exposure": [
-        "Version inventory required for Gogs Gogs — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-12; due date 2026-02-02. Notes reference: https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8110",
     "_auto_imported": true,
@@ -16692,17 +15734,6 @@
         "published_date": "2026-01-07"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Office."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Office — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-07; due date 2026-01-28. Notes reference: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0556",
     "_auto_imported": true,
@@ -16799,17 +15830,6 @@
         "published_date": "2026-01-07"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Hewlett Packard Enterprise (HPE) OneView."
-      ],
-      "version_exposure": [
-        "Version inventory required for Hewlett Packard Enterprise (HPE) OneView — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-07; due date 2026-01-28. Notes reference: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2025-37164",
     "_auto_imported": true,
@@ -16906,17 +15926,6 @@
         "published_date": "2025-12-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Digiever DS-2105 Pro."
-      ],
-      "version_exposure": [
-        "Version inventory required for Digiever DS-2105 Pro — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-22; due date 2026-01-12. Notes reference: https://www.digiever.com/tw/support/faq-content.php?FAQ=217 ; https://nvd.nist.gov/vuln/detail/CVE-2023-52163",
     "_auto_imported": true,
@@ -17013,17 +16022,6 @@
         "published_date": "2025-12-19"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running WatchGuard Firebox."
-      ],
-      "version_exposure": [
-        "Version inventory required for WatchGuard Firebox — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-19; due date 2025-12-26. Notes reference: Check for signs of potential compromise on all internet accessible instances after applying mitigations. For more information please see: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027",
     "_auto_imported": true,
@@ -17120,17 +16118,6 @@
         "published_date": "2025-12-17"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running ASUS Live Update."
-      ],
-      "version_exposure": [
-        "Version inventory required for ASUS Live Update — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-17; due date 2026-01-07. Notes reference: https://www.asus.com/support/faq/1018727/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-59374",
     "_auto_imported": true,
@@ -17227,17 +16214,6 @@
         "published_date": "2025-12-17"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running SonicWall SMA1000 appliance."
-      ],
-      "version_exposure": [
-        "Version inventory required for SonicWall SMA1000 appliance — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-17; due date 2025-12-24. Notes reference: Check for signs of potential compromise on all internet accessible SonicWall SMA1000 instances after applying mitigations. For more information please see: https://psirt.global.sonicwall.com/vuln-deta",
     "_auto_imported": true,
@@ -17334,17 +16310,6 @@
         "published_date": "2025-12-17"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-17; due date 2025-12-24. Notes reference: Please adhere to Cisco's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Cisco products affected by this vulnerability. Apply any f",
     "_auto_imported": true,
@@ -17442,17 +16407,6 @@
         "published_date": "2025-12-16"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Fortinet Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortinet Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-16; due date 2025-12-23. Notes reference: https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ; https://docs.fortinet.com/upgrade-tool/fortigate ; https://nvd.nist.gov/vuln/detail/CVE-2025-59718",
     "_auto_imported": true,
@@ -17551,17 +16505,6 @@
         "published_date": "2025-12-15"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Gladinet CentreStack and Triofox."
-      ],
-      "version_exposure": [
-        "Version inventory required for Gladinet CentreStack and Triofox — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-15; due date 2026-01-05. Notes reference: https://www.centrestack.com/p/gce_latest_release.html ; https://access.triofox.com/releases_history/; https://support.centrestack.com/hc/en-us/articles/360007159054-Hardening-the-CentreStack-Cluster#h",
     "_auto_imported": true,
@@ -17660,17 +16603,6 @@
         "published_date": "2025-12-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Sierra Wireless AirLink ALEOS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Sierra Wireless AirLink ALEOS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-12; due date 2026-01-02. Notes reference: https://www.cisa.gov/news-events/ics-advisories/icsa-19-122-03 ; https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi",
     "_auto_imported": true,
@@ -17768,17 +16700,6 @@
         "published_date": "2025-12-11"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running OSGeo GeoServer."
-      ],
-      "version_exposure": [
-        "Version inventory required for OSGeo GeoServer — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-11; due date 2026-01-01. Notes reference: This vulnerability affects an open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/geoserver/geoserver/security/ad",
     "_auto_imported": true,
@@ -17874,17 +16795,6 @@
         "published_date": "2025-12-09"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running RARLAB WinRAR."
-      ],
-      "version_exposure": [
-        "Version inventory required for RARLAB WinRAR — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-09; due date 2025-12-30. Notes reference: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6218",
     "_auto_imported": true,
@@ -17981,17 +16891,6 @@
         "published_date": "2025-12-09"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-09; due date 2025-12-30. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62221 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62221",
     "_auto_imported": true,
@@ -18088,17 +16987,6 @@
         "published_date": "2025-12-08"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running D-Link Routers."
-      ],
-      "version_exposure": [
-        "Version inventory required for D-Link Routers — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-08; due date 2025-12-29. Notes reference: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308 ; https://nvd.nist.gov/vuln/detail/CVE-2022-37055",
     "_auto_imported": true,
@@ -18196,17 +17084,6 @@
         "published_date": "2025-12-08"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Array Networks  ArrayOS AG."
-      ],
-      "version_exposure": [
-        "Version inventory required for Array Networks  ArrayOS AG — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-08; due date 2025-12-29. Notes reference: https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/ag.html ; https://www.jpcert.or.jp/at/2025/at250024.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-66644",
     "_auto_imported": true,
@@ -18306,17 +17183,6 @@
         "published_date": "2025-12-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Meta React Server Components."
-      ],
-      "version_exposure": [
-        "Version inventory required for Meta React Server Components — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-05; due date 2025-12-12. Notes reference: Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, please see: https://react.dev/blog/2025/12/03/critical-security-vul",
     "_auto_imported": true,
@@ -18413,17 +17279,6 @@
         "published_date": "2025-12-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running OpenPLC ScadaBR."
-      ],
-      "version_exposure": [
-        "Version inventory required for OpenPLC ScadaBR — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-03; due date 2025-12-24. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
     "_auto_imported": true,
@@ -18519,17 +17374,6 @@
         "published_date": "2025-12-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Android Framework."
-      ],
-      "version_exposure": [
-        "Version inventory required for Android Framework — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-02; due date 2025-12-23. Notes reference: https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48633",
     "_auto_imported": true,
@@ -18625,17 +17469,6 @@
         "published_date": "2025-12-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running Android Framework."
-      ],
-      "version_exposure": [
-        "Version inventory required for Android Framework — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-02; due date 2025-12-23. Notes reference: https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48572",
     "_auto_imported": true,
@@ -18731,17 +17564,6 @@
         "published_date": "2025-11-28"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running OpenPLC ScadaBR."
-      ],
-      "version_exposure": [
-        "Version inventory required for OpenPLC ScadaBR — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-28; due date 2025-12-19. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
     "_auto_imported": true,
@@ -18838,17 +17660,6 @@
         "published_date": "2025-11-21"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Oracle Fusion Middleware."
-      ],
-      "version_exposure": [
-        "Version inventory required for Oracle Fusion Middleware — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-21; due date 2025-12-12. Notes reference: https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757",
     "_auto_imported": true,
@@ -18945,17 +17756,6 @@
         "published_date": "2025-11-19"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Google Chromium V8."
-      ],
-      "version_exposure": [
-        "Version inventory required for Google Chromium V8 — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-19; due date 2025-12-10. Notes reference: https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-13223",
     "_auto_imported": true,
@@ -19052,17 +17852,6 @@
         "published_date": "2025-11-18"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Fortinet FortiWeb."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortinet FortiWeb — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-18; due date 2025-11-25. Notes reference: https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034",
     "_auto_imported": true,
@@ -19158,17 +17947,6 @@
         "published_date": "2025-11-14"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Fortinet FortiWeb."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortinet FortiWeb — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-14; due date 2025-11-21. Notes reference: https://www.fortiguard.com/psirt/FG-IR-25-910 ; https://nvd.nist.gov/vuln/detail/CVE-2025-64446",
     "_auto_imported": true,
@@ -19265,17 +18043,6 @@
         "published_date": "2025-11-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Gladinet Triofox."
-      ],
-      "version_exposure": [
-        "Version inventory required for Gladinet Triofox — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-12; due date 2025-12-03. Notes reference: https://access.triofox.com/releases_history ; https://nvd.nist.gov/vuln/detail/CVE-2025-12480",
     "_auto_imported": true,
@@ -19371,17 +18138,6 @@
         "published_date": "2025-11-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-12; due date 2025-12-03. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62215",
     "_auto_imported": true,
@@ -19478,17 +18234,6 @@
         "published_date": "2025-11-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running WatchGuard Firebox."
-      ],
-      "version_exposure": [
-        "Version inventory required for WatchGuard Firebox — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-12; due date 2025-12-03. Notes reference: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 ; https://nvd.nist.gov/vuln/detail/CVE-2025-9242",
     "_auto_imported": true,
@@ -19585,17 +18330,6 @@
         "published_date": "2025-11-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Samsung Mobile Devices."
-      ],
-      "version_exposure": [
-        "Version inventory required for Samsung Mobile Devices — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-10; due date 2025-12-01. Notes reference: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21042",
     "_auto_imported": true,
@@ -19692,17 +18426,6 @@
         "published_date": "2025-11-04"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running CWP Control Web Panel."
-      ],
-      "version_exposure": [
-        "Version inventory required for CWP Control Web Panel — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-04; due date 2025-11-25. Notes reference: https://control-webpanel.com/changelog ; https://nvd.nist.gov/vuln/detail/CVE-2025-48703",
     "_auto_imported": true,
@@ -19799,17 +18522,6 @@
         "published_date": "2025-11-04"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Gladinet CentreStack and Triofox."
-      ],
-      "version_exposure": [
-        "Version inventory required for Gladinet CentreStack and Triofox — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-11-04; due date 2025-11-25. Notes reference: https://www.centrestack.com/p/gce_latest_release.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-11371",
     "_auto_imported": true,
@@ -19906,17 +18618,6 @@
         "published_date": "2025-10-30"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Broadcom VMware Aria Operations and VMware Tools."
-      ],
-      "version_exposure": [
-        "Version inventory required for Broadcom VMware Aria Operations and VMware Tools — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-30; due date 2025-11-20. Notes reference: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 ; https://nvd.nist.gov/vuln/detail/CVE-2025-41244",
     "_auto_imported": true,
@@ -20013,17 +18714,6 @@
         "published_date": "2025-10-30"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running XWiki Platform."
-      ],
-      "version_exposure": [
-        "Version inventory required for XWiki Platform — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-30; due date 2025-11-20. Notes reference: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j ; https://nvd.nist.gov/vuln/detail/CVE-2025-24893",
     "_auto_imported": true,
@@ -20120,17 +18810,6 @@
         "published_date": "2025-10-28"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Dassault Systèmes DELMIA Apriso."
-      ],
-      "version_exposure": [
-        "Version inventory required for Dassault Systèmes DELMIA Apriso — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-28; due date 2025-11-18. Notes reference: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6204",
     "_auto_imported": true,
@@ -20227,17 +18906,6 @@
         "published_date": "2025-10-28"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Dassault Systèmes DELMIA Apriso."
-      ],
-      "version_exposure": [
-        "Version inventory required for Dassault Systèmes DELMIA Apriso — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-28; due date 2025-11-18. Notes reference: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6205",
     "_auto_imported": true,
@@ -20334,17 +19002,6 @@
         "published_date": "2025-10-24"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Adobe Commerce and Magento."
-      ],
-      "version_exposure": [
-        "Version inventory required for Adobe Commerce and Magento — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-24; due date 2025-11-14. Notes reference: https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236",
     "_auto_imported": true,
@@ -20441,17 +19098,6 @@
         "published_date": "2025-10-24"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-24; due date 2025-11-14. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59287",
     "_auto_imported": true,
@@ -20548,17 +19194,6 @@
         "published_date": "2025-10-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Motex LANSCOPE Endpoint Manager."
-      ],
-      "version_exposure": [
-        "Version inventory required for Motex LANSCOPE Endpoint Manager — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-22; due date 2025-11-12. Notes reference: https://www.motex.co.jp/news/notice/2025/release251020/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-61932",
     "_auto_imported": true,
@@ -20659,17 +19294,6 @@
         "published_date": "2025-10-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Apple Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apple Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-20; due date 2025-11-10. Notes reference: https://support.apple.com/en-us/HT213340 ; https://support.apple.com/en-us/HT213341 ; https://support.apple.com/en-us/HT213342 ; https://support.apple.com/en-us/HT213345 ; https://support.apple.com/en",
     "_auto_imported": true,
@@ -20766,17 +19390,6 @@
         "published_date": "2025-10-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Kentico Xperience CMS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Kentico Xperience CMS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-20; due date 2025-11-10. Notes reference: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2746",
     "_auto_imported": true,
@@ -20873,17 +19486,6 @@
         "published_date": "2025-10-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Kentico Xperience CMS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Kentico Xperience CMS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-20; due date 2025-11-10. Notes reference: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2747",
     "_auto_imported": true,
@@ -20980,17 +19582,6 @@
         "published_date": "2025-10-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-20; due date 2025-11-10. Notes reference: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33073",
     "_auto_imported": true,
@@ -21088,17 +19679,6 @@
         "published_date": "2025-10-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Oracle E-Business Suite."
-      ],
-      "version_exposure": [
-        "Version inventory required for Oracle E-Business Suite — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-20; due date 2025-11-10. Notes reference: https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884",
     "_auto_imported": true,
@@ -21195,17 +19775,6 @@
         "published_date": "2025-10-15"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Adobe Experience Manager (AEM) Forms."
-      ],
-      "version_exposure": [
-        "Version inventory required for Adobe Experience Manager (AEM) Forms — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-15; due date 2025-11-05. Notes reference: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-54253",
     "_auto_imported": true,
@@ -21302,17 +19871,6 @@
         "published_date": "2025-10-14"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running IGEL IGEL OS."
-      ],
-      "version_exposure": [
-        "Version inventory required for IGEL IGEL OS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-14; due date 2025-11-04. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827 ; https://nvd.nist.gov/vuln/detail/CVE-2025-47827",
     "_auto_imported": true,
@@ -21408,17 +19966,6 @@
         "published_date": "2025-10-14"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-14; due date 2025-11-04. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24990 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24990",
     "_auto_imported": true,
@@ -21515,17 +20062,6 @@
         "published_date": "2025-10-14"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-14; due date 2025-11-04. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59230",
     "_auto_imported": true,
@@ -21622,17 +20158,6 @@
         "published_date": "2025-10-14"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SKYSEA Client View."
-      ],
-      "version_exposure": [
-        "Version inventory required for SKYSEA Client View — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-14; due date 2025-11-04. Notes reference: https://www.skyseaclientview.net/news/161221/ ; https://nvd.nist.gov/vuln/detail/CVE-2016-7836",
     "_auto_imported": true,
@@ -21728,17 +20253,6 @@
         "published_date": "2025-10-09"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Grafana Labs Grafana."
-      ],
-      "version_exposure": [
-        "Version inventory required for Grafana Labs Grafana — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-09; due date 2025-10-30. Notes reference: https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-43798",
     "_auto_imported": true,
@@ -21834,17 +20348,6 @@
         "published_date": "2025-10-07"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Synacor Zimbra Collaboration Suite (ZCS)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Synacor Zimbra Collaboration Suite (ZCS) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-07; due date 2025-10-28. Notes reference: https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2025-27915",
     "_auto_imported": true,
@@ -21943,17 +20446,6 @@
         "published_date": "2025-10-06"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Linux Kernel."
-      ],
-      "version_exposure": [
-        "Version inventory required for Linux Kernel — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-06; due date 2025-10-27. Notes reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21 ; https://git.kernel.org/pub/scm/linux/kernel/git/torvald",
     "_auto_imported": true,
@@ -22050,17 +20542,6 @@
         "published_date": "2025-10-06"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Internet Explorer."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Internet Explorer — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-06; due date 2025-10-27. Notes reference: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2458511?redirectedfrom=MSDN ; https://nvd.nist.gov/vuln/detail/CVE-2010-3962",
     "_auto_imported": true,
@@ -22156,17 +20637,6 @@
         "published_date": "2025-10-06"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-06; due date 2025-10-27. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43226 ; https://nvd.nist.gov/vuln/detail/CVE-2021-43226",
     "_auto_imported": true,
@@ -22263,17 +20733,6 @@
         "published_date": "2025-10-06"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-06; due date 2025-10-27. Notes reference: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090 ; https://nvd.nist.gov/vuln/detail/CVE-2013-3918",
     "_auto_imported": true,
@@ -22370,17 +20829,6 @@
         "published_date": "2025-10-06"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-06; due date 2025-10-27. Notes reference: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 ; https://nvd.nist.gov/vuln/detail/CVE-2011-3402",
     "_auto_imported": true,
@@ -22477,17 +20925,6 @@
         "published_date": "2025-10-06"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Mozilla Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Mozilla Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-06; due date 2025-10-27. Notes reference: https://www.mozilla.org/en-US/security/advisories/mfsa2010-73 ; https://nvd.nist.gov/vuln/detail/CVE-2010-3765",
     "_auto_imported": true,
@@ -22586,17 +21023,6 @@
         "published_date": "2025-10-06"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Oracle E-Business Suite."
-      ],
-      "version_exposure": [
-        "Version inventory required for Oracle E-Business Suite — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-06; due date 2025-10-27. Notes reference: https://www.oracle.com/security-alerts/alert-cve-2025-61882.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61882",
     "_auto_imported": true,
@@ -22696,17 +21122,6 @@
         "published_date": "2025-10-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running GNU GNU Bash."
-      ],
-      "version_exposure": [
-        "Version inventory required for GNU GNU Bash — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-02; due date 2025-10-23. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: http:",
     "_auto_imported": true,
@@ -22803,17 +21218,6 @@
         "published_date": "2025-10-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Jenkins Jenkins."
-      ],
-      "version_exposure": [
-        "Version inventory required for Jenkins Jenkins — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-02; due date 2025-10-23. Notes reference: https://www.jenkins.io/security/advisory/2017-04-26/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-1000353",
     "_auto_imported": true,
@@ -22910,17 +21314,6 @@
         "published_date": "2025-10-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Juniper ScreenOS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Juniper ScreenOS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-02; due date 2025-10-23. Notes reference: https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756 ; https://nvd.nist.gov/vuln/detail/CVE-20",
     "_auto_imported": true,
@@ -23017,17 +21410,6 @@
         "published_date": "2025-10-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Samsung Mobile Devices."
-      ],
-      "version_exposure": [
-        "Version inventory required for Samsung Mobile Devices — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-02; due date 2025-10-23. Notes reference: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21043",
     "_auto_imported": true,
@@ -23125,17 +21507,6 @@
         "published_date": "2025-10-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Smartbedded Meteobridge."
-      ],
-      "version_exposure": [
-        "Version inventory required for Smartbedded Meteobridge — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-10-02; due date 2025-10-23. Notes reference: https://forum.meteohub.de/viewtopic.php?t=18687 ; https://nvd.nist.gov/vuln/detail/CVE-2025-4008",
     "_auto_imported": true,
@@ -23232,17 +21603,6 @@
         "published_date": "2025-09-29"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Sudo Sudo."
-      ],
-      "version_exposure": [
-        "Version inventory required for Sudo Sudo — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-29; due date 2025-10-20. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
     "_auto_imported": true,
@@ -23339,17 +21699,6 @@
         "published_date": "2025-09-29"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Libraesva Email Security Gateway."
-      ],
-      "version_exposure": [
-        "Version inventory required for Libraesva Email Security Gateway — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-29; due date 2025-10-20. Notes reference: https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-59689",
     "_auto_imported": true,
@@ -23449,17 +21798,6 @@
         "published_date": "2025-09-29"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Fortra GoAnywhere MFT."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortra GoAnywhere MFT — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-29; due date 2025-10-20. Notes reference: https://www.fortra.com/security/advisories/product-security/fi-2025-012 ; https://nvd.nist.gov/vuln/detail/CVE-2025-10035",
     "_auto_imported": true,
@@ -23556,17 +21894,6 @@
         "published_date": "2025-09-29"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco IOS and IOS XE."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco IOS and IOS XE — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-29; due date 2025-10-20. Notes reference: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte ; https://nvd.nist.gov/vuln/detail/CVE-2025-20352",
     "_auto_imported": true,
@@ -23662,17 +21989,6 @@
         "published_date": "2025-09-29"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Adminer Adminer."
-      ],
-      "version_exposure": [
-        "Version inventory required for Adminer Adminer — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-29; due date 2025-10-20. Notes reference: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 ; https://nvd.nist.gov/vuln/detail/CVE-2021-21311",
     "_auto_imported": true,
@@ -23774,17 +22090,6 @@
         "published_date": "2025-09-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-25; due date 2025-09-26. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices ; https://www.cisa.gov/news-events/directives/supplemental-d",
     "_auto_imported": true,
@@ -23886,17 +22191,6 @@
         "published_date": "2025-09-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-25; due date 2025-09-26. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices ; https://www.cisa.gov/news-events/directives/supplemental-d",
     "_auto_imported": true,
@@ -23993,17 +22287,6 @@
         "published_date": "2025-09-11"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Dassault Systèmes DELMIA Apriso."
-      ],
-      "version_exposure": [
-        "Version inventory required for Dassault Systèmes DELMIA Apriso — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-11; due date 2025-10-02. Notes reference: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-5086 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5086",
     "_auto_imported": true,
@@ -24099,17 +22382,6 @@
         "published_date": "2025-09-04"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running Android Runtime."
-      ],
-      "version_exposure": [
-        "Version inventory required for Android Runtime — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-04; due date 2025-09-25. Notes reference: https://source.android.com/docs/security/bulletin/2025-09-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48543",
     "_auto_imported": true,
@@ -24206,17 +22478,6 @@
         "published_date": "2025-09-04"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Sitecore Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Sitecore Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-04; due date 2025-09-25. Notes reference: https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53690",
     "_auto_imported": true,
@@ -24313,17 +22574,6 @@
         "published_date": "2025-09-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running TP-Link TL-WR841N."
-      ],
-      "version_exposure": [
-        "Version inventory required for TP-Link TL-WR841N — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-03; due date 2025-09-24. Notes reference: https://www.tp-link.com/us/support/faq/4308/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-50224",
     "_auto_imported": true,
@@ -24420,17 +22670,6 @@
         "published_date": "2025-09-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running TP-Link Multiple Routers."
-      ],
-      "version_exposure": [
-        "Version inventory required for TP-Link Multiple Routers — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-03; due date 2025-09-24. Notes reference: https://www.tp-link.com/us/support/faq/4308/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-9377",
     "_auto_imported": true,
@@ -24528,17 +22767,6 @@
         "published_date": "2025-09-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running TP-Link TL-WA855RE."
-      ],
-      "version_exposure": [
-        "Version inventory required for TP-Link TL-WA855RE — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-02; due date 2025-09-23. Notes reference: https://www.tp-link.com/us/home-networking/range-extender/tl-wa855re/#overview ; https://www.tp-link.com/us/support/download/tl-wa855re/#FAQs ; https://nvd.nist.gov/vuln/detail/CVE-2020-24363",
     "_auto_imported": true,
@@ -24635,17 +22863,6 @@
         "published_date": "2025-09-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Meta Platforms WhatsApp."
-      ],
-      "version_exposure": [
-        "Version inventory required for Meta Platforms WhatsApp — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-09-02; due date 2025-09-23. Notes reference: https://www.whatsapp.com/security/advisories/2025/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-55177",
     "_auto_imported": true,
@@ -24743,17 +22960,6 @@
         "published_date": "2025-08-29"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Sangoma FreePBX."
-      ],
-      "version_exposure": [
-        "Version inventory required for Sangoma FreePBX — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-29; due date 2025-09-19. Notes reference: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h ; https://nvd.nist.gov/vuln/detail/CVE-2025-57819",
     "_auto_imported": true,
@@ -24850,17 +23056,6 @@
         "published_date": "2025-08-26"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Citrix NetScaler."
-      ],
-      "version_exposure": [
-        "Version inventory required for Citrix NetScaler — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-26; due date 2025-08-28. Notes reference: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 ; https://nvd.nist.gov/vuln/detail/CVE-2025-7775",
     "_auto_imported": true,
@@ -24962,17 +23157,6 @@
         "published_date": "2025-08-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Git Git."
-      ],
-      "version_exposure": [
-        "Version inventory required for Git Git — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-25; due date 2025-09-15. Notes reference: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/git/git/security/advisori",
     "_auto_imported": true,
@@ -25068,17 +23252,6 @@
         "published_date": "2025-08-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running Citrix Session Recording."
-      ],
-      "version_exposure": [
-        "Version inventory required for Citrix Session Recording — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-25; due date 2025-09-15. Notes reference: https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8068",
     "_auto_imported": true,
@@ -25175,17 +23348,6 @@
         "published_date": "2025-08-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Citrix Session Recording."
-      ],
-      "version_exposure": [
-        "Version inventory required for Citrix Session Recording — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-25; due date 2025-09-15. Notes reference: https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8069",
     "_auto_imported": true,
@@ -25282,17 +23444,6 @@
         "published_date": "2025-08-18"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Trend Micro Apex One."
-      ],
-      "version_exposure": [
-        "Version inventory required for Trend Micro Apex One — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-18; due date 2025-09-08. Notes reference: https://success.trendmicro.com/en-US/solution/KA-0020652 ; N/A ; https://nvd.nist.gov/vuln/detail/CVE-2025-54948",
     "_auto_imported": true,
@@ -25389,17 +23540,6 @@
         "published_date": "2025-08-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running N-able N-Central."
-      ],
-      "version_exposure": [
-        "Version inventory required for N-able N-Central — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-13; due date 2025-08-20. Notes reference: https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8876",
     "_auto_imported": true,
@@ -25496,17 +23636,6 @@
         "published_date": "2025-08-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running N-able N-Central."
-      ],
-      "version_exposure": [
-        "Version inventory required for N-able N-Central — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-13; due date 2025-08-20. Notes reference: https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8875",
     "_auto_imported": true,
@@ -25602,17 +23731,6 @@
         "published_date": "2025-08-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running RARLAB WinRAR."
-      ],
-      "version_exposure": [
-        "Version inventory required for RARLAB WinRAR — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-12; due date 2025-09-02. Notes reference: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088",
     "_auto_imported": true,
@@ -25709,17 +23827,6 @@
         "published_date": "2025-08-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Office."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Office — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-12; due date 2025-09-02. Notes reference: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015 ; https://nvd.nist.gov/vuln/detail/CVE-2007-0671",
     "_auto_imported": true,
@@ -25816,17 +23923,6 @@
         "published_date": "2025-08-12"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Internet Explorer."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Internet Explorer — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-12; due date 2025-09-02. Notes reference: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080 ; https://nvd.nist.gov/vuln/detail/CVE-2013-3893",
     "_auto_imported": true,
@@ -25924,17 +24020,6 @@
         "published_date": "2025-08-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running D-Link DCS-2530L and DCS-2670L Devices."
-      ],
-      "version_exposure": [
-        "Version inventory required for D-Link DCS-2530L and DCS-2670L Devices — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-05; due date 2025-08-26. Notes reference: https://support.dlink.com/productinfo.aspx?m=DCS-2530L ; https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 ; https://nvd.nist.gov/vuln/detail/CVE-2020-25078",
     "_auto_imported": true,
@@ -26032,17 +24117,6 @@
         "published_date": "2025-08-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running D-Link DCS-2530L and DCS-2670L Devices."
-      ],
-      "version_exposure": [
-        "Version inventory required for D-Link DCS-2530L and DCS-2670L Devices — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-05; due date 2025-08-26. Notes reference: https://support.dlink.com/productinfo.aspx?m=DCS-2530L ; https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 ; https://nvd.nist.gov/vuln/detail/CVE-2020-25079",
     "_auto_imported": true,
@@ -26139,17 +24213,6 @@
         "published_date": "2025-08-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running D-Link DNR-322L."
-      ],
-      "version_exposure": [
-        "Version inventory required for D-Link DNR-322L — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-08-05; due date 2025-08-26. Notes reference: https://www.dlink.com/uk/en/products/dnr-322l-cloud-network-video-recorder ; https://nvd.nist.gov/vuln/detail/CVE-2022-40799",
     "_auto_imported": true,
@@ -26246,17 +24309,6 @@
         "published_date": "2025-07-28"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running PaperCut NG/MF."
-      ],
-      "version_exposure": [
-        "Version inventory required for PaperCut NG/MF — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-28; due date 2025-08-18. Notes reference: https://www.papercut.com/kb/Main/SecurityBulletinJune2023 ; https://nvd.nist.gov/vuln/detail/CVE-2023-2533",
     "_auto_imported": true,
@@ -26353,17 +24405,6 @@
         "published_date": "2025-07-28"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Identity Services Engine."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Identity Services Engine — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-28; due date 2025-08-18. Notes reference: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-20337",
     "_auto_imported": true,
@@ -26460,17 +24501,6 @@
         "published_date": "2025-07-28"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Cisco Identity Services Engine."
-      ],
-      "version_exposure": [
-        "Version inventory required for Cisco Identity Services Engine — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-28; due date 2025-08-18. Notes reference: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-20281",
     "_auto_imported": true,
@@ -26567,17 +24597,6 @@
         "published_date": "2025-07-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SysAid SysAid On-Prem."
-      ],
-      "version_exposure": [
-        "Version inventory required for SysAid SysAid On-Prem — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-22; due date 2025-08-12. Notes reference: https://documentation.sysaid.com/docs/24-40-60 ; https://nvd.nist.gov/vuln/detail/CVE-2025-2775",
     "_auto_imported": true,
@@ -26674,17 +24693,6 @@
         "published_date": "2025-07-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SysAid SysAid On-Prem."
-      ],
-      "version_exposure": [
-        "Version inventory required for SysAid SysAid On-Prem — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-22; due date 2025-08-12. Notes reference: https://documentation.sysaid.com/docs/24-40-60 ; https://nvd.nist.gov/vuln/detail/CVE-2025-2776",
     "_auto_imported": true,
@@ -26781,17 +24789,6 @@
         "published_date": "2025-07-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Google Chromium."
-      ],
-      "version_exposure": [
-        "Version inventory required for Google Chromium — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-22; due date 2025-08-12. Notes reference: https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-6558",
     "_auto_imported": true,
@@ -26888,17 +24885,6 @@
         "published_date": "2025-07-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running CrushFTP CrushFTP."
-      ],
-      "version_exposure": [
-        "Version inventory required for CrushFTP CrushFTP — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-22; due date 2025-08-12. Notes reference: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54309 ",
     "_auto_imported": true,
@@ -26999,17 +24985,6 @@
         "published_date": "2025-07-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft SharePoint."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft SharePoint — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-22; due date 2025-07-23. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/secur",
     "_auto_imported": true,
@@ -27110,17 +25085,6 @@
         "published_date": "2025-07-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Microsoft SharePoint."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft SharePoint — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-22; due date 2025-07-23. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 ; https://www.microsoft.com/en-us/secu",
     "_auto_imported": true,
@@ -27221,17 +25185,6 @@
         "published_date": "2025-07-20"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft SharePoint."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft SharePoint — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-20; due date 2025-07-21. Notes reference: CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/secur",
     "_auto_imported": true,
@@ -27328,17 +25281,6 @@
         "published_date": "2025-07-18"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Fortinet FortiWeb."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortinet FortiWeb — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-18; due date 2025-08-08. Notes reference: https://fortiguard.fortinet.com/psirt/FG-IR-25-151 ; https://nvd.nist.gov/vuln/detail/CVE-2025-25257",
     "_auto_imported": true,
@@ -27435,17 +25377,6 @@
         "published_date": "2025-07-14"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Wing FTP Server Wing FTP Server."
-      ],
-      "version_exposure": [
-        "Version inventory required for Wing FTP Server Wing FTP Server — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-14; due date 2025-08-04. Notes reference: https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47812",
     "_auto_imported": true,
@@ -27543,17 +25474,6 @@
         "published_date": "2025-07-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Citrix NetScaler ADC and Gateway."
-      ],
-      "version_exposure": [
-        "Version inventory required for Citrix NetScaler ADC and Gateway — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-10; due date 2025-07-11. Notes reference: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5777",
     "_auto_imported": true,
@@ -27651,17 +25571,6 @@
         "published_date": "2025-07-07"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Synacor Zimbra Collaboration Suite (ZCS)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Synacor Zimbra Collaboration Suite (ZCS) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-07; due date 2025-07-28. Notes reference: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2019-9621",
     "_auto_imported": true,
@@ -27757,17 +25666,6 @@
         "published_date": "2025-07-07"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Rails Ruby on Rails."
-      ],
-      "version_exposure": [
-        "Version inventory required for Rails Ruby on Rails — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-07; due date 2025-07-28. Notes reference: https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-5418",
     "_auto_imported": true,
@@ -27866,17 +25764,6 @@
         "published_date": "2025-07-07"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running PHP PHPMailer."
-      ],
-      "version_exposure": [
-        "Version inventory required for PHP PHPMailer — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-07; due date 2025-07-28. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
     "_auto_imported": true,
@@ -27972,17 +25859,6 @@
         "published_date": "2025-07-07"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Looking Glass Multi-Router Looking Glass (MRLG)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Looking Glass Multi-Router Looking Glass (MRLG) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-07; due date 2025-07-28. Notes reference: https://mrlg.op-sec.us/ ; https://nvd.nist.gov/vuln/detail/CVE-2014-3931",
     "_auto_imported": true,
@@ -28079,17 +25955,6 @@
         "published_date": "2025-07-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Google Chromium V8."
-      ],
-      "version_exposure": [
-        "Version inventory required for Google Chromium V8 — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-02; due date 2025-07-23. Notes reference: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html?m=1 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6554",
     "_auto_imported": true,
@@ -28178,17 +26043,6 @@
         "published_date": "2025-07-01"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running TeleMessage TM SGNL."
-      ],
-      "version_exposure": [
-        "Version inventory required for TeleMessage TM SGNL — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-01; due date 2025-07-22. Notes reference: It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https:/",
     "_auto_imported": true,
@@ -28277,17 +26131,6 @@
         "published_date": "2025-07-01"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running TeleMessage TM SGNL."
-      ],
-      "version_exposure": [
-        "Version inventory required for TeleMessage TM SGNL — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-07-01; due date 2025-07-22. Notes reference: It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https:/",
     "_auto_imported": true,
@@ -28384,17 +26227,6 @@
         "published_date": "2025-06-30"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Citrix NetScaler ADC and Gateway."
-      ],
-      "version_exposure": [
-        "Version inventory required for Citrix NetScaler ADC and Gateway — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-30; due date 2025-07-21. Notes reference: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 ; https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/ ;   http",
     "_auto_imported": true,
@@ -28493,17 +26325,6 @@
         "published_date": "2025-06-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Fortinet FortiOS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortinet FortiOS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-25; due date 2025-07-16. Notes reference: https://fortiguard.com/advisory/FG-IR-19-007 ; https://nvd.nist.gov/vuln/detail/CVE-2019-6693",
     "_auto_imported": true,
@@ -28599,17 +26420,6 @@
         "published_date": "2025-06-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running D-Link DIR-859 Router."
-      ],
-      "version_exposure": [
-        "Version inventory required for D-Link DIR-859 Router — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-25; due date 2025-07-16. Notes reference: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0769",
     "_auto_imported": true,
@@ -28707,17 +26517,6 @@
         "published_date": "2025-06-25"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running AMI MegaRAC SPx."
-      ],
-      "version_exposure": [
-        "Version inventory required for AMI MegaRAC SPx — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-25; due date 2025-07-16. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
     "_auto_imported": true,
@@ -28816,17 +26615,6 @@
         "published_date": "2025-06-17"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Linux Kernel."
-      ],
-      "version_exposure": [
-        "Version inventory required for Linux Kernel — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-17; due date 2025-07-08. Notes reference: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/",
     "_auto_imported": true,
@@ -28923,17 +26711,6 @@
         "published_date": "2025-06-16"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running TP-Link Multiple Routers."
-      ],
-      "version_exposure": [
-        "Version inventory required for TP-Link Multiple Routers — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-16; due date 2025-07-07. Notes reference: https://www.tp-link.com/nordic/support/faq/3562/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-33538",
     "_auto_imported": true,
@@ -29036,17 +26813,6 @@
         "published_date": "2025-06-16"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Apple Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Apple Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-16; due date 2025-07-07. Notes reference: https://support.apple.com/en-us/122174 ; https://support.apple.com/en-us/122173 ; https://support.apple.com/en-us/122900 ; https://support.apple.com/en-us/122901 ; https://support.apple.com/en-us/1229",
     "_auto_imported": true,
@@ -29143,17 +26909,6 @@
         "published_date": "2025-06-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-10; due date 2025-07-01. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33053",
     "_auto_imported": true,
@@ -29251,17 +27006,6 @@
         "published_date": "2025-06-10"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Wazuh Wazuh Server."
-      ],
-      "version_exposure": [
-        "Version inventory required for Wazuh Wazuh Server — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-10; due date 2025-07-01. Notes reference: https://wazuh.com/blog/addressing-the-cve-2025-24016-vulnerability/ ; https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh ; https://nvd.nist.gov/vuln/detail/CVE-2025-24016",
     "_auto_imported": true,
@@ -29357,17 +27101,6 @@
         "published_date": "2025-06-09"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Roundcube Webmail."
-      ],
-      "version_exposure": [
-        "Version inventory required for Roundcube Webmail — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-09; due date 2025-06-30. Notes reference: https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-42009",
     "_auto_imported": true,
@@ -29465,17 +27198,6 @@
         "published_date": "2025-06-09"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Erlang Erlang/OTP."
-      ],
-      "version_exposure": [
-        "Version inventory required for Erlang Erlang/OTP — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-09; due date 2025-06-30. Notes reference: This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/erlang/otp/security/advisor",
     "_auto_imported": true,
@@ -29572,17 +27294,6 @@
         "published_date": "2025-06-05"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Google Chromium V8."
-      ],
-      "version_exposure": [
-        "Version inventory required for Google Chromium V8 — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-05; due date 2025-06-26. Notes reference: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html;   https://nvd.nist.gov/vuln/detail/CVE-2025-5419\",",
     "_auto_imported": true,
@@ -29678,17 +27389,6 @@
         "published_date": "2025-06-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Qualcomm Multiple Chipsets."
-      ],
-      "version_exposure": [
-        "Version inventory required for Qualcomm Multiple Chipsets — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-03; due date 2025-06-24. Notes reference: Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.h",
     "_auto_imported": true,
@@ -29784,17 +27484,6 @@
         "published_date": "2025-06-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Qualcomm Multiple Chipsets."
-      ],
-      "version_exposure": [
-        "Version inventory required for Qualcomm Multiple Chipsets — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-03; due date 2025-06-24. Notes reference: Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.h",
     "_auto_imported": true,
@@ -29890,17 +27579,6 @@
         "published_date": "2025-06-03"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Qualcomm Multiple Chipsets."
-      ],
-      "version_exposure": [
-        "Version inventory required for Qualcomm Multiple Chipsets — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-03; due date 2025-06-24. Notes reference: Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.h",
     "_auto_imported": true,
@@ -29998,17 +27676,6 @@
         "published_date": "2025-06-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running ASUS Routers."
-      ],
-      "version_exposure": [
-        "Version inventory required for ASUS Routers — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-02; due date 2025-06-23. Notes reference: https://www.asus.com/us/supportonly/lyra%20mini/helpdesk_bios/ ; https://www.asus.com/us/supportonly/rog%20rapture%20gt-ac2900/helpdesk_bios/; https://nvd.nist.gov/vuln/detail/CVE-2021-32030",
     "_auto_imported": true,
@@ -30105,17 +27772,6 @@
         "published_date": "2025-06-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running ConnectWise ScreenConnect."
-      ],
-      "version_exposure": [
-        "Version inventory required for ConnectWise ScreenConnect — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-02; due date 2025-06-23. Notes reference: https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4 ;   https://nvd.nist.gov/vuln/detail/CVE-2025-3935",
     "_auto_imported": true,
@@ -30212,17 +27868,6 @@
         "published_date": "2025-06-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Craft CMS Craft CMS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Craft CMS Craft CMS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-02; due date 2025-06-23. Notes reference: https://github.com/craftcms/cms/pull/17220 ;   https://nvd.nist.gov/vuln/detail/CVE-2025-35939",
     "_auto_imported": true,
@@ -30319,17 +27964,6 @@
         "published_date": "2025-06-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Craft CMS Craft CMS."
-      ],
-      "version_exposure": [
-        "Version inventory required for Craft CMS Craft CMS — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-02; due date 2025-06-23. Notes reference: https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-56145",
     "_auto_imported": true,
@@ -30427,17 +28061,6 @@
         "published_date": "2025-06-02"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running ASUS RT-AX55 Routers."
-      ],
-      "version_exposure": [
-        "Version inventory required for ASUS RT-AX55 Routers — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-06-02; due date 2025-06-23. Notes reference: https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax55/helpdesk_bios/?model2Name=RT-AX55 ;   https://www.asus.com/content/asus-product-security-advisory/ ; https://nvd.nist.gov/vuln/det",
     "_auto_imported": true,
@@ -30533,17 +28156,6 @@
         "published_date": "2025-05-22"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Samsung MagicINFO 9 Server."
-      ],
-      "version_exposure": [
-        "Version inventory required for Samsung MagicINFO 9 Server — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-22; due date 2025-06-12. Notes reference: https://security.samsungtv.com/securityUpdates#SVP-MAY-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2025-4632",
     "_auto_imported": true,
@@ -30639,17 +28251,6 @@
         "published_date": "2025-05-19"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running ZKTeco BioTime."
-      ],
-      "version_exposure": [
-        "Version inventory required for ZKTeco BioTime — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-19; due date 2025-06-09. Notes reference: https://www.zkteco.com/en/Security_Bulletinsibs ; https://nvd.nist.gov/vuln/detail/CVE-2023-38950",
     "_auto_imported": true,
@@ -30747,17 +28348,6 @@
         "published_date": "2025-05-19"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Synacor Zimbra Collaboration Suite (ZCS)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Synacor Zimbra Collaboration Suite (ZCS) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-19; due date 2025-06-09. Notes reference: https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Sec",
     "_auto_imported": true,
@@ -30853,17 +28443,6 @@
         "published_date": "2025-05-19"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Srimax Output Messenger."
-      ],
-      "version_exposure": [
-        "Version inventory required for Srimax Output Messenger — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-19; due date 2025-06-09. Notes reference: https://www.outputmessenger.com/cve-2025-27920/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-27920",
     "_auto_imported": true,
@@ -30960,17 +28539,6 @@
         "published_date": "2025-05-19"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running MDaemon Email Server."
-      ],
-      "version_exposure": [
-        "Version inventory required for MDaemon Email Server — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-19; due date 2025-06-09. Notes reference: https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html ; https://mdaemon.com/pages/downloads-critical-updates ; https://nvd.nist.gov/vuln/detail/CVE-2024-11182",
     "_auto_imported": true,
@@ -31067,17 +28635,6 @@
         "published_date": "2025-05-19"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Ivanti Endpoint Manager Mobile (EPMM)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Ivanti Endpoint Manager Mobile (EPMM) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-19; due date 2025-06-09. Notes reference: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https://nvd.nist.gov/vuln/detail/CVE-2025-4428",
     "_auto_imported": true,
@@ -31174,17 +28731,6 @@
         "published_date": "2025-05-19"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Ivanti Endpoint Manager Mobile (EPMM)."
-      ],
-      "version_exposure": [
-        "Version inventory required for Ivanti Endpoint Manager Mobile (EPMM) — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-19; due date 2025-06-09. Notes reference: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https://nvd.nist.gov/vuln/detail/CVE-2025-4427",
     "_auto_imported": true,
@@ -31281,17 +28827,6 @@
         "published_date": "2025-05-15"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running SAP NetWeaver."
-      ],
-      "version_exposure": [
-        "Version inventory required for SAP NetWeaver — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-15; due date 2025-06-05. Notes reference: SAP users must have an account to log in and access the patch: https://me.sap.com/notes/3604119 ; https://nvd.nist.gov/vuln/detail/CVE-2025-42999",
     "_auto_imported": true,
@@ -31390,17 +28925,6 @@
         "published_date": "2025-05-15"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running DrayTek Vigor Routers."
-      ],
-      "version_exposure": [
-        "Version inventory required for DrayTek Vigor Routers — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-15; due date 2025-06-05. Notes reference: https://fw.draytek.com.tw/Vigor2960/Firmware/v1.5.1.5/DrayTek_Vigor2960_V1.5.1.5_01release-note.pdf ; https://fw.draytek.com.tw/Vigor300B/Firmware/v1.5.1.5/DrayTek_Vigor300B_V1.5.1.5_01release-note.pd",
     "_auto_imported": true,
@@ -31497,17 +29021,6 @@
         "published_date": "2025-05-14"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Fortinet Multiple Products."
-      ],
-      "version_exposure": [
-        "Version inventory required for Fortinet Multiple Products — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-14; due date 2025-06-04. Notes reference: https://fortiguard.fortinet.com/psirt/FG-IR-25-254 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32756",
     "_auto_imported": true,
@@ -31603,17 +29116,6 @@
         "published_date": "2025-05-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected abnormal state changes on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-13; due date 2025-06-03. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32709 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32709",
     "_auto_imported": true,
@@ -31710,17 +29212,6 @@
         "published_date": "2025-05-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-13; due date 2025-06-03. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-30397",
     "_auto_imported": true,
@@ -31817,17 +29308,6 @@
         "published_date": "2025-05-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected remote process execution on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-13; due date 2025-06-03. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32706 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32706",
     "_auto_imported": true,
@@ -31923,17 +29403,6 @@
         "published_date": "2025-05-13"
       }
     ],
-    "iocs": {
-      "payload_artifacts": [
-        "Refer to vendor advisory for IOC list — bulk-imported KEV entry, IOCs not extracted at intake time."
-      ],
-      "behavioral": [
-        "Vendor-product-specific observations: monitor for unexpected privilege transitions on assets running Microsoft Windows."
-      ],
-      "version_exposure": [
-        "Version inventory required for Microsoft Windows — confirm against vendor advisory."
-      ]
-    },
     "last_updated": "2026-05-18",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-05-13; due date 2025-06-03. Notes reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32701 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32701",
     "_auto_imported": true,