Known Exploited Vulnerabilities Catalog

Pierluigi Paganini September 29, 2023
CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw CVE-2018-14667¬†in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its¬†Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, […]

Pierluigi Paganini September 22, 2023
CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw¬†CVE-2023-41179¬†in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw¬†CVE-2023-41179¬†(CVSS score 7.2) affecting Trend Micro Apex One and Worry-Free Business Security to its¬†Known Exploited Vulnerabilities Catalog. Trend Micro this week has released security updates to patch […]

Pierluigi Paganini September 11, 2023
CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

U.S. CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the¬†zero-click iMessage¬†exploit BLASTPASS to its¬†Known Exploited Vulnerabilities Catalog. The two flaws, tracked as CVE-2023-41064 and CVE-2023-41061, were used to install NSO […]

Pierluigi Paganini September 09, 2023
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability¬†CVE-2023-33246¬†in Apache RocketMQ to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw¬†CVE-2023-33246¬†(CVSS score 9.8) affecting Apache RocketMQ to its¬†Known Exploited Vulnerabilities Catalog. Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. Threat actors […]

Pierluigi Paganini August 22, 2023
CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability¬†CVE-2023-26359¬†in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw¬†CVE-2023-26359¬†(CVSS score 9.8) affecting Adobe ColdFusion to its¬†Known Exploited Vulnerabilities Catalog. Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can […]

Pierluigi Paganini August 16, 2023
CISA adds flaw in Citrix ShareFile to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-24489 in Citrix ShareFile to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added critical flaw CVE-2023-24489 (CVSS score 9.8) affecting Citrix ShareFile to its Known Exploited Vulnerabilities Catalog. Citrix ShareFile is a secure file sharing and storage platform designed for businesses and professionals to collaborate on documents, exchange […]

Pierluigi Paganini August 10, 2023
CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog

US CISA added zero-day vulnerability CVE-2023-38180 affecting .NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting .NET and Visual Studio to its¬†Known Exploited Vulnerabilities Catalog. The vulnerability can be exploited to trigger a denial-of-service (DoS) condition, […]

Pierluigi Paganini August 02, 2023
CISA adds second Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog

US CISA added a second actively exploited Ivanti ‚Äės Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the second actively exploited Ivanti ‚Äės Endpoint Manager Mobile (EPMM, formerly MobileIron Core) vulnerability, tracked as CVE-2023-35081, to its¬†Known Exploited Vulnerabilities Catalog. “The Cybersecurity and Infrastructure Security […]

Pierluigi Paganini July 03, 2023
CISA adds Samsung and D-link bugs to its Known Exploited Vulnerabilities catalog

US CISA added actively exploited Samsung and D-Link vulnerabilities to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added six Samsung and two D-Link vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of flaws added to the catalog: The CVE-2019-17621 flaw is a¬†remote command execution flaw that resides in […]

Pierluigi Paganini June 23, 2023
CISA orders govt agencies to fix recently disclosed flaws in Apple devices

U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new security flaws to its ¬†Known Exploited Vulnerabilities Catalog. Below is the list of the issues added to the catalog: According to Binding Operational Directive (BOD) 22-01: Reducing the […]