#cisa-kev
#cisa-kev
[ follow ]
#remote-code-execution #vmware-vcenter #cve-2024-37079 #cve-2025-33073 #smb-vulnerability #meteobridge
Information security
fromThe Hacker News
1 week agoCISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
CISA added four actively exploited vulnerabilities to its KEV catalog, including high-severity remote file inclusion, authentication bypass, access-control, and npm supply-chain compromise.
fromTheregister
2 weeks agoFed agencies urged to ditch Gogs as zero-day makes CISA list
CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the self-hosted Git service was added to its Known Exploited Vulnerabilities (KEV) catalog. The US cybersecurity agency added the path traversal flaw to the KEV list on Monday, triggering urgent remediation requirements for federal civilian executive branch (FCEB) agencies.
Information security
fromThe Hacker News
1 month agoCISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation
The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromise that could allow attackers to perform unintended actions. "Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise," according to a description of the flaw published in CVE.org. "The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected."
Information security
fromThe Hacker News
1 month agoCISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
Details of the six-year-old flaw were publicly shared by Cisco Talos in April 2019, describing it as an exploitable remote code execution vulnerability in the ACEManager "upload.cgi" function of Sierra Wireless AirLink ES450 firmware version 4.9.3. Talos reported the flaw to the Canadian company in December 2018. "This vulnerability exists in the file upload capability of templates within the AirLink 450," the company said. "When uploading template files, you can specify the name of the file that you are uploading."
Information security
Information security
fromThe Hacker News
3 months agoCISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
Meteobridge contains a command-injection vulnerability (CVE-2025-4008) allowing unauthenticated remote attackers to execute arbitrary commands as root; vulnerability is actively exploited and patched in version 6.
Information security
fromSecuritymagazine
4 months agoWhatsApp Flaw Added to CISA's Known Exploited Vulnerabilities Catalog
CISA added two actively exploited vulnerabilities—TP-Link TL-WA855RE missing authentication (CVE-2020-24363) and WhatsApp incorrect authorization (CVE-2025-55177)—to the KEV Catalog.
fromThe Hacker News
5 months agoCISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
CVE-2024-8068 (CVSS score: 5.1) - An improper privilege management vulnerability in Citrix Session Recording that could allow for privilege escalation to NetworkService Account access when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain CVE-2024-8069 (CVSS score: 5.1) - A deserialization of untrusted data vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService Account access when an attacker is an authenticated user on the same intranet as the session recording server
Information security
[ Load more ]