Tag: kev
-
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
by
in SecurityNewsAs many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.Describing 2024 as “another banner year for threat actors targeting the exploitation of vulnerabilities,” VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized…
-
U.S. CISA adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: apple, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, update, vulnerability, zero-dayU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple Multiple Products Use-After-Free Vulnerability, tracked as CVE-2025-24085, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Apple released security updates to address 2025’s first zero-day vulnerability, tracked as CVE-2025-24085, actively exploited…
-
U.S. CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: authentication, cisa, cve, cybersecurity, exploit, fortinet, infrastructure, kev, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. Remote attackers can exploit the vulnerability to bypass authentication and gain…
-
CISA adds second BeyondTrust CVE to known exploited vulnerabilities list
by
in SecurityNewsFederal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-second-beyondtrust-cve-exploited/737288/
-
U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-12686 (CVSS score of 6.6) The flaw is an OS Command Injection Vulnerability in BeyondTrust…
-
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could First…
-
CISA Adds Mitel, Oracle, flaws to the KEV list
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/cisa-adds-mitel-oracle-flaws-to-the-kev-list
-
U.S. CISA adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure, and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure Vulnerability, tracked as CVE-2025-0282 (CVSS score: 9.0) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability Ivanti impacted Ivanti Connect…
-
Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
by
in SecurityNewsCISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/08/mitel-micollab-oracle-weblogic-server-vulnerabilities-exploited-by-attackers/
-
U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server and Mitel MiCollab vulnerabilities, to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for the vulnerabilities added to the catalog:…
-
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2024-41713 (CVSS score: 9.1) – A path traversal vulnerability in Mitel MiCollab that could allow an attacker…
-
CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that First…
-
U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Acclaim Systems USAHERDS vulnerability, tracked as CVE-2021-44207 (CVSS score: 8.1) to its Known Exploited Vulnerabilities (KEV) catalog. USAHERDS, developed by Acclaim Systems, is a web-based application designed to…
-
U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, software, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw, tracked as CVE-2024-12356 (CVSS score of 9.8) to…
-
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
by
in SecurityNews
Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, software, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that First…
-
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: access, adobe, cisa, control, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The…
-
CISA Warns of Adobe Windows Kernel Driver Vulnerabilities Exploited in Attacks
by
in SecurityNews
Tags: access, adobe, attack, cisa, control, cve, cyber, cybersecurity, exploit, infrastructure, kev, malicious, risk, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, actively exploited by malicious actors, underscore the growing risks facing organizations. Adobe ColdFusion Access Control Weakness (CVE-2024-20767) One of the newly added vulnerabilities, CVE-2024-20767, affects Adobe ColdFusion due to improper access…
-
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
by
in SecurityNews
Tags: access, adobe, cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of flaws is below -CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or…
-
U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 (CVSS score 8.8), which impacts multiple Cleo products to its Known Exploited Vulnerabilities (KEV) catalog. >>Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623)…
-
U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Common Log File System (CLFS) driver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Common Log File System (CLFS) driver flaw CVE-2024-49138 (CVSS score: 7.8) to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft December 2024…
-
U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CyberPanel flaw CVE-2024-51378 (CVSS score: 10.0) to its Known Exploited Vulnerabilities (KEV) catalog. The getresetstatus vulnerability in CyberPanel (before commit 1c0c6cb) affects dns/views.py and ftp/views.py. Remote attackers could bypass authentication and execute…
-
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2024-51378 (CVSS score: 10.0) – An incorrect default permissions First seen on…
-
U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Proself versions before Ver5.62, Ver1.65, and Ver1.08 are vulnerable to XXE attacks, allowing unauthenticated attackers…
-
CISA Adds Array Networks’ CVE-2023-28461 to KEV List: Critical Patching Urged
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw, CVE-2023-28461, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability impacts First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-adds-cve-2023-28461-vulnerability/
-
U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog. Array Networks’ AG Series and vxAG (versions 9.4.0.481 and…
-
CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks
by
in SecurityNews
Tags: access, attack, authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, network, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that First…