"CVE-2024-1708 is a path traversal vulnerability in ConnectWise ScreenConnect that could allow an attacker to execute remote code or directly impact confidential data and critical systems. It has a CVSS score of 8.4 and was fixed in February 2024."
"CVE-2026-32202 is a protection mechanism failure vulnerability in Microsoft Windows Shell, allowing unauthorized spoofing over a network. It has a CVSS score of 4.3 and was fixed in April 2026."
"The addition of CVE-2026-32202 to the KEV catalog follows Microsoft’s acknowledgment of its active exploitation, linked to an incomplete patch for CVE-2026-21510."
"CISA added CVE-2024-1709 to the KEV catalog on February 22, 2024, which has been exploited alongside CVE-2024-1708 by multiple threat actors, including a China-based group deploying Medusa ransomware."
CISA has included two vulnerabilities in its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. CVE-2024-1708, a path traversal vulnerability in ConnectWise ScreenConnect, has a CVSS score of 8.4 and allows remote code execution. CVE-2026-32202, with a CVSS score of 4.3, is a protection mechanism failure in Microsoft Windows Shell that permits network spoofing. Both vulnerabilities have been linked to ongoing attacks, with specific threat actors identified. Federal agencies must apply fixes by May 12, 2026.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]