CISA KEV Catalog update

From Security Week – CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days

[[{"value":"CISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog. The post CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days appeared first on SecurityWeek."}]] Read…

Samir K April 9, 2025

Vulnerabilities

From Cybersecurity Help – Threat actors exploiting recent CrushFTP auth bypass flaw for persistent access

The vulnerability, now tracked as CVE-2025-31161, allows attackers to bypass authentication and gain unauthorized access to targeted systems. Read More

Samir K April 8, 2025

News

From The Hacker News – CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2019-9874 (CVSS score: 9.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF

shaikh Saqib March 27, 2025

News

From Cyber Security News – CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited vulnerability in Microsoft Windows Management Console (MMC), tracked as CVE-2025-26633. This improper neutralization flaw…

shaikh Saqib March 12, 2025

News

From The Hacker News – CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore

shaikh Saqib March 11, 2025

News

From Cyber Security News – CISA Adds 3 Ivanti Endpoint Manager Bugs to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) updated its KEV catalog on March 10, 2025, to include three newly identified vulnerabilities in Ivanti Endpoint Manager (EPM), a widely used enterprise…

shaikh Saqib March 11, 2025

News

From Security Week – CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability

[[{"value":"CISA has added CVE-2024-20953, an Oracle Agile PLM vulnerability patched in January 2024, to its KEV catalog. The post CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability appeared first…

shaikh Saqib February 25, 2025

News

From Security Week – Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls

[[{"value":"Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks. The post Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls…

shaikh Saqib February 21, 2025

News

From Cyber Security News – 7-Zip Vulnerability Actively Exploited in The Wild in Attacks – CISA Adds Its Catalog

A critical vulnerability in the popular file archiving tool 7-Zip (CVE-2025-0411) has been actively exploited in the wild, primarily targeting Ukrainian organizations, added to CISA’s known exploited vulnerability database. This…

shaikh Saqib February 7, 2025