Known Exploited Vulnerabilities Catalog Archives

Pierluigi Paganini August 26, 2025

U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2024-8069 is a limited remote code execution with privilege […]

Pierluigi Paganini August 22, 2025

U.S. CISA adds Apple iOS, iPadOS, and macOS flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS, iPadOS, and macOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS, iPadOS, and macOS flaw, tracked as CVE-2025-43300, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and […]

Pierluigi Paganini August 19, 2025

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Trend Micro Apex One flaw, tracked as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) catalog. Early this month, Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and […]

Pierluigi Paganini August 06, 2025

U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational Directive (BOD) 22-01: […]

Pierluigi Paganini July 28, 2025

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Cisco confirmed attempted exploitation in […]

Pierluigi Paganini July 24, 2025

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week CrushFTP warned of a zero-day, tracked as CVE-2025-54309 (CVSS score of 9.0), […]

Pierluigi Paganini July 21, 2025

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft SharePoint flaw, tracked as CVE-2025-53770 (“ToolShell”) (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft released emergency SharePoint updates for two zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771, […]

Pierluigi Paganini July 20, 2025

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet FortiWeb flaw, tracked as CVE-2025-25257, to its Known Exploited Vulnerabilities (KEV) catalog. Hackers began exploiting the critical Fortinet FortiWeb flaw CVE-2025-25257 (CVSS score of 9.6) on the same day a proof-of-concept (PoC) exploit […]

Pierluigi Paganini July 16, 2025

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Wing FTP Server flaw, tracked as CVE-2025-47812, to its Known Exploited Vulnerabilities (KEV) catalog. Wing FTP Server is a secure and flexible file transfer solution that supports multiple protocols, including FTP, […]

Pierluigi Paganini July 08, 2025

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to […]