Tag: kev
-
U.S. CISA adds FreeType flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added a FreeType flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. In mid-March, Metawarnedthat the out-of-bounds write vulnerabilityCVE-2025-27363may have been actively exploited in attacks. “An out…
-
Researcher Says Patched Commvault Bug Still Exploitable
CISA added CVE-2025-34028 to its catalog of known exploited vulnerabilities, citing active attacks in the wild. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/researcher-patched-commvault-bug-exploitable
-
U.S. CISA adds Langflow flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Langflow flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added a Langflow flaw, tracked as CVE-2025-3248 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Langflow is a popular tool used for building agentic AI workflows. CVE-2025-3248 is a…
-
Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
Tags: cisa, cve, cvss, cybersecurity, exploit, flaw, infrastructure, kev, open-source, vulnerabilityA recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation.The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0.”Langflow contains a missing First…
-
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed.The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions First…
-
U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws:…
-
CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221
The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding two vulnerabilities, CVE-2024-38475 and CVE-2023-44221, that are currently being actively exploited. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-adds-cve-2024-38475-and-cve-2023-44221/
-
CISA Confirms Exploitation of SonicWall Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency has added two flaws affecting SonicWall products to its catalog of Known Exploited Vulnerabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-exploitation-sonicwall/
-
U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws:…
-
U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added SAP NetWeaver flaw, tracked as CVE-2025-31324, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, researchers warned that a zero-day vulnerability, tracked asCVE-2025-31324(CVSS score of 10/10), in SAP NetWeaver is…
-
Brocade Fabric OS flaw could allow code injection attacks
Same KEV update included a Commvault flaw: CISA also added a high severity bugCVSS 8.7/10 affecting Commvault Web Server to its KEV Catalog, recommending patching under the same BOD directive.The flaw, tracked as CVE-2025-3928, is an unspecified vulnerability that can be exploited by a remote, authenticated attacker to execute webshells. All versions before 11.36.46, 11.32.89,…
-
Broadcom-backed SAN devices face code injection attacks via a critical Fabric OS bug
Same KEV update included a Commvault flaw: CISA also added a high severity bugCVSS 8.7/10 affecting Commvault Web Server to its KEV Catalog, recommending patching under the same BOD directive.The flaw, tracked as CVE-2025-3928, is an unspecified vulnerability that can be exploited by a remote, authenticated attacker to execute webshells. All versions before 11.36.46, 11.32.89,…
-
CISA warns about actively exploited Broadcom, Commvault vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/29/cisa-warns-about-actively-exploited-broadcom-commvault-vulnerabilities-cve-2025-1976-cve-2025-3928/
-
U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are…
-
CISA Adds Broadcom Brocade Fabric OS Flaw to Known Exploited Vulnerabilities List
Tags: advisory, cisa, cyber, cybersecurity, exploit, flaw, government, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory after adding a critical Broadcom Brocade Fabric OS vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw, tracked as CVE-2025-1976, affects Broadcom’s widely deployed Brocade Fabric OS and has drawn increased concern from government and enterprise security teams due to its…
-
CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerabilities in question are listed below -CVE-2025-1976 (CVSS score: 8.6) – A code injection flaw First…
-
159 CVEs Exploited in the Wild in Q1 2025, 8.3% Targeted Within 1-Day Vulnerabilities Exploited
VulnCheck’s latest report for Q1 2025 has identified 159 Common Vulnerabilities and Exposures (CVEs) publicly disclosed as exploited in the wild for the first time. Alarmingly, 28.3% of these Known Exploited Vulnerabilities (KEVs) saw evidence of exploitation within just one day of their CVE disclosure, underscoring the lightning-fast pace at which threat actors capitalize on…
-
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out”‘of”‘band…
-
CVE-2025-24054 Under Active Attack”, Steals NTLM Credentials on File Download
Tags: credentials, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, technology, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure First seen on…
-
Older SonicWall SMA100 vulnerability exploited in the wild
CISA added the high-severity flaw, initially disclosed in 2021, to its known exploited vulnerabilities catalog this week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/sonicwall-sma100-vulnerability-exploited/745637/
-
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an OS Command Injection Vulnerability in the SMA100 management interface. A…
-
CISA Issues Alert on SonicWall Flaw Being Actively Exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert after confirming active exploitation of a SonicWall vulnerability. The flaw, documented as CVE-2021-20035, targets SonicWall’s SMA100 series appliances and has been added to CISA’s Known Exploited Vulnerabilities Catalog. Overview of the Vulnerability This particular vulnerability lies within the SonicWall Secure Mobile Access (SMA)…
-
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, mobile, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection First seen…
-
Huntress Documents InWild Exploitation of Critical Gladinet Vulnerabilities
The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April. The post Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/huntress-documents-in-the-wild-exploitation-of-critical-gladinet-vulnerabilities/
-
U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Linux Kernel flaws, respectively tracked as CVE-2024-53197 and CVE-2024-53150, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2024-53197 (CVSS score of 7.8) resides in the Linux kernel’s ALSA USB-audio driver affecting Extigy…
-
CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days
CISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog. The post CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/
-
U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws, respectively tracked as CVE-2025-30406 and CVE-2025-29824, to its…
-
CISA Warns of CrushFTP Exploit Letting Attackers Bypass Authentication
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a new vulnerability to its Known Exploited Vulnerabilities Catalog. The vulnerability, identified as CVE-2025-31161, is an Authentication Bypass Vulnerability in CrushFTP, a widely used FTP server software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-adds-cve-2025-31161-to-kev-catalog/
-
CISA Warns of CrushFTP Vulnerability Exploitation in the Wild
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crushftp-vulnerability-cisa-kev/
-
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild.The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It…