Known Exploited Vulnerabilities Catalog

Pierluigi Paganini March 27, 2024
CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft addressed the remote code execution flaw in SharePoint Server, […]

Pierluigi Paganini March 25, 2024
CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-48788 (CVSS score 9.3) is a critical pervasive SQL injection issue that resides […]

Pierluigi Paganini March 06, 2024
CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The Android Pixel vulnerability, tracked as CVE-2023-21237, resides in applyRemoteView of NotificationContentInflater.java. The exploitation of this vulnerability could lead […]

Pierluigi Paganini March 05, 2024
CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Windows Kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-21338 (CVSS Score 7.8) Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. An attacker can exploit this vulnerability to gain SYSTEM privileges. […]

Pierluigi Paganini March 01, 2024
CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-29360 (CVSS Score 8.4) Microsoft Streaming Service Untrusted pointer dereference vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. An attacker can exploit this vulnerability to gain SYSTEM privileges. […]

Pierluigi Paganini February 23, 2024
CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ConnectWise ScreenConnect bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an authentication bypass vulnerability issue that an attacker with network access to the […]

Pierluigi Paganini February 15, 2024
CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 2 Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week. Microsoft released Patch Tuesday security updates for February 2024 that resolved a total of 72 vulnerabilities, […]

Pierluigi Paganini February 12, 2024
CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube Webmail Persistent Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-43770, to its Known Exploited Vulnerabilities (KEV) catalog. Roundcube is an open-source web-based email client. It […]

Pierluigi Paganini February 10, 2024
CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS Out-of-Bound write vulnerability, tracked as CVE-2024-21762, to its Known Exploited Vulnerabilities (KEV) catalog. This week Fortinet warned that the recently discovered critical remote code execution vulnerability in […]

Pierluigi Paganini January 31, 2024
CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer […]