"CVE-2026-2441 (CVSS score: 8.8) - A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2024-7694 (CVSS score: 7.2) - An arbitrary file upload vulnerability in TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier that could allow an attacker to upload malicious files and achieve arbitrary system command execution on the server."
"The addition of CVE-2026-2441 to the KEV catalog comes days after Google acknowledged that "an exploit for CVE-2026-2441 exists in the wild." It's currently not known how the vulnerability is being weaponized, but such information is typically withheld until a majority of the users are updated with a fix so as to prevent other threat actors from joining the exploitation bandwagon."
CISA added four vulnerabilities to the Known Exploited Vulnerabilities catalog due to evidence of active exploitation. CVE-2026-2441 (CVSS 8.8) is a Google Chrome use-after-free that can enable heap corruption via crafted HTML. CVE-2024-7694 (CVSS 7.2) is an arbitrary file upload flaw in TeamT5 ThreatSonar Anti-Ransomware allowing remote command execution on affected servers. CVE-2020-7796 (CVSS 9.8) is a Synacor Zimbra SSRF that permits crafted HTTP requests to access sensitive information. CVE-2008-0015 (CVSS 8.8) is a Windows Video ActiveX stack-based buffer overflow enabling remote code execution via a malicious web page. GreyNoise reported about 400 IPs exploiting SSRF instances across multiple countries.
#cisa-kev #google-chrome-cve-2026-2441 #synacor-zimbra-ssrf #teamt5-arbitrary-file-upload #windows-activex-rce
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]