Tag: kev
-
CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
by
in SecurityNews
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, network, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The flaws are listed below -CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto Networks PAN-OS…
-
Security Affairs newsletter Round 511 by Pierluigi Paganini INTERNATIONAL EDITION
by
in SecurityNewsA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog…
-
U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: This week Apple released…
-
U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SimpleHelp vulnerability, tracked as CVE-2024-57727, to its Known Exploited Vulnerabilities (KEV) catalog. At the end of January, Horizon3 researchers discovered three vulnerabilities, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, that could be used…
-
U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, vulnerability, windows, zyxelU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-40891 is a command injection issue in Zyxel CPE Series devices that remains unpatched and has not yet…
-
CISA Flags Critical Trimble Cityworks Vulnerability (CVE-2025-0994) in KEV Catalog
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, identified as CVE-2025-0994, affects Trimble First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2025-0994-trimble-cityworks-vulnerability/
-
U.S. CISA adds Trimble Cityworks flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trimble Cityworks vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Trimble Cityworks vulnerability, tracked as CVE-2025-0994, to its Known Exploited Vulnerabilities (KEV) catalog. Trimble Cityworks is a GIS-centric asset management and permitting software designed for local governments, utilities, and…
-
7-Zip 0-Day Flaw Added to CISA’s List of Actively Exploited Vulnerabilities
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability affecting the popular file compression utility, 7-Zip, to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, identified as CVE-2025-0411, highlights a severe flaw that allows attackers to bypass the Mark-of-the-Web (MotW) security feature and execute arbitrary code on targeted systems. Details…
-
U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, firewall, flaw, infrastructure, kev, microsoft, remote-code-execution, sophos, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Outlook, Sophos XG Firewall, and otherflaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-21413 (CVSS score of 9.8) is a Remote Code Execution flaw in Microsoft Outlook.…
-
U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: android, attack, cisa, cve, cybersecurity, exploit, infrastructure, kev, linux, vulnerability, zero-dayU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Linux kernel vulnerability, tracked as CVE-2024-53104, to its Known Exploited Vulnerabilities (KEV) catalog. The February 2025 Android security updates addressed 48 vulnerabilities, the zero-day flaw CVE-2024-53104 which is actively exploited in attacks…
-
CISA Updates KEV Catalog with High-Severity Vulnerabilities”, Patch Now!
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding several new vulnerabilities that have been actively exploited by cybercriminals. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-adds-new-known-exploited-vulnerabilities-2/
-
CISA Issues Exploitation Warning for .NET Vulnerability
by
in SecurityNewsCISA has added CVE-2024-29059, a flaw affecting Microsoft .NET, to its Known Exploited Vulnerabilities catalog. The post CISA Issues Exploitation Warning for .NET Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-issues-exploitation-warning-for-net-vulnerability/
-
CISA Adds Actively Exploited Apache and Microsoft Vulnerabilities to its Database
by
in SecurityNews
Tags: apache, cisa, cyber, cybersecurity, exploit, flaw, framework, infrastructure, kev, microsoft, network, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog with several critical security flaws, prompting heightened vigilance among organizations using affected software platforms. Among these newly added vulnerabilities are severe flaws in Apache OFBiz, Microsoft .NET Framework, and Paessler PRTG Network Monitor. These vulnerabilities, if exploited, could enable attackers to…
-
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
by
in SecurityNewsAs many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.Describing 2024 as “another banner year for threat actors targeting the exploitation of vulnerabilities,” VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized…
-
U.S. CISA adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: apple, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, update, vulnerability, zero-dayU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple Multiple Products Use-After-Free Vulnerability, tracked as CVE-2025-24085, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Apple released security updates to address 2025’s first zero-day vulnerability, tracked as CVE-2025-24085, actively exploited…
-
U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: authentication, cisa, cve, cybersecurity, exploit, fortinet, infrastructure, kev, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. Remote attackers can exploit the vulnerability to bypass authentication and gain…
-
CISA adds second BeyondTrust CVE to known exploited vulnerabilities list
by
in SecurityNewsFederal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-second-beyondtrust-cve-exploited/737288/
-
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could First…
-
U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-12686 (CVSS score of 6.6) The flaw is an OS Command Injection Vulnerability in BeyondTrust…
-
CISA Adds Mitel, Oracle, flaws to the KEV list
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/cisa-adds-mitel-oracle-flaws-to-the-kev-list
-
U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure Vulnerability, tracked as CVE-2025-0282 (CVSS score: 9.0) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability Ivanti impacted Ivanti Connect…
-
Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
by
in SecurityNewsCISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/08/mitel-micollab-oracle-weblogic-server-vulnerabilities-exploited-by-attackers/
-
U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server and Mitel MiCollab vulnerabilities, to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for the vulnerabilities added to the catalog:…
-
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2024-41713 (CVSS score: 9.1) – A path traversal vulnerability in Mitel MiCollab that could allow an attacker…
-
CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that First…
-
U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Acclaim Systems USAHERDS vulnerability, tracked as CVE-2021-44207 (CVSS score: 8.1) to its Known Exploited Vulnerabilities (KEV) catalog. USAHERDS, developed by Acclaim Systems, is a web-based application designed to…
-
U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, software, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw, tracked as CVE-2024-12356 (CVSS score of 9.8) to…