#cisa-kev
#cisa-kev
[ follow ]
Information security
fromThe Hacker News
4 weeks agoCISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
Meteobridge contains a command-injection vulnerability (CVE-2025-4008) allowing unauthenticated remote attackers to execute arbitrary commands as root; vulnerability is actively exploited and patched in version 6.
Information security
fromSecuritymagazine
1 month agoWhatsApp Flaw Added to CISA's Known Exploited Vulnerabilities Catalog
CISA added two actively exploited vulnerabilities—TP-Link TL-WA855RE missing authentication (CVE-2020-24363) and WhatsApp incorrect authorization (CVE-2025-55177)—to the KEV Catalog.
fromThe Hacker News
2 months agoCISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
CVE-2024-8068 (CVSS score: 5.1) - An improper privilege management vulnerability in Citrix Session Recording that could allow for privilege escalation to NetworkService Account access when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain CVE-2024-8069 (CVSS score: 5.1) - A deserialization of untrusted data vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService Account access when an attacker is an authenticated user on the same intranet as the session recording server
Information security
[ Load more ]