All news with #cisa kev tag

⚠ CISA has added four vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The additions are CVE-2008-0015 (Microsoft Windows Video ActiveX remote code execution), CVE-2020-7796 (Synacor Zimbra SSRF), CVE-2024-7694 (TeamT5 ThreatSonar unrestricted upload of dangerous files), and CVE-2026-2441 (Google Chromium CSS use-after-free). BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV entries by the due date, and CISA strongly urges all organizations to prioritize timely remediation as part of vulnerability management.

⚠️ Google warns IT administrators that an exploit for a newly disclosed Chrome zero-day (CVE-2026-2441) is active in the wild. The issue is a use-after-free bug in the browser's CSS engine that can allow remote code execution in the renderer sandbox when a user visits a crafted page. Patches are available — update to 145.0.7632.75/76 on Windows/Mac or 144.0.7559.75 on Linux — and Google is limiting technical details until most users are updated. Administrators should prioritize deploying the fixes and monitor browser versions and endpoints closely.

🔒 Airleader GmbH's Airleader Master (<= 6.381) contains a critical file-upload vulnerability (CVE-2026-1358) that permits unauthenticated attackers to place dangerous files on high-privilege pages and potentially obtain remote code execution on the server. CISA assigns CVSS v3.1 9.8 (Critical). The vendor recommends upgrading to 6.386 or later and contacting Airleader for mitigation assistance. Operators should immediately reduce internet exposure and isolate control networks while planning patch deployment.

⚠️ CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. The new entries are CVE-2024-43468 (Microsoft Configuration Manager SQL injection), CVE-2025-15556 (Notepad++ download of code without integrity check), CVE-2025-40536 (SolarWinds Web Help Desk security control bypass), and CVE-2026-20700 (Apple multiple buffer overflow). CISA cites their frequent use by malicious actors and urges prioritized remediation under BOD 22-01 guidance.

🔒 Fortinet released guidance after disclosure of CVE-2026-24858, an authentication bypass in FortiCloud single sign-on (SSO) that can allow an attacker with a FortiCloud account to access devices registered to other users. The flaw affects multiple products including FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer. Fortinet temporarily disabled FortiCloud SSO on Jan. 26, 2026 and restored the service with mitigations on Jan. 27; CISA added the CVE to its KEV Catalog and urges operators to check for indicators of compromise and apply vendor updates immediately.

⚠️ CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation, affecting Linux Kernel, SmarterMail, Microsoft Office, and GNU InetUtils. The newly listed CVEs are CVE-2018-14634, CVE-2025-52691, CVE-2026-21509, CVE-2026-23760, and CVE-2026-24061 and represent frequent attack vectors that pose significant risks to federal and enterprise environments. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by required due dates, and CISA urges all organizations to prioritize timely remediation as part of vulnerability management.

⚠️ CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, including a high-severity PHP remote file inclusion in Zimbra (CVE-2025-68645) and an authentication bypass in Versa Concerto (CVE-2025-34026). One entry describes a supply-chain compromise that trojanized eslint-config-prettier and six related npm packages to deliver a malicious DLL. Federal agencies are required to remediate under BOD 22-01 by February 12, 2026.

⚠️ CISA has added CVE-2024-37079, an out-of-bounds write in VMware vCenter Server (Broadcom), to the Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. This class of memory-corruption flaw is a common attacker vector and poses significant risk to the federal enterprise. Under BOD 22-01, FCEB agencies must remediate cataloged vulnerabilities by the required due date; CISA urges all organizations to prioritize timely remediation and to reduce exposure to active threats.

⚠️ CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The entries include CVE-2025-31125 (Vite improper access control), CVE-2025-34026 (Versa Concerto improper authentication), CVE-2025-54313 (Prettier eslint-config-prettier embedded malicious code), and CVE-2025-68645 (Synacor Zimbra Collaboration Suite PHP remote file inclusion). CISA urges organizations to prioritize remediation and follow BOD 22-01 guidance to reduce exposure to active threats.

🔔 CISA has added CVE-2026-20045, a code injection vulnerability affecting Cisco Unified Communications products, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The agency warns that code injection is a frequent attack vector and poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by the required deadlines. CISA strongly urges all organizations to prioritize timely remediation as part of vulnerability management.

⚠️ CISA has added a high-severity flaw in Gogs to its Known Exploited Vulnerabilities list after active attacks were observed. Tracked as CVE-2025-8110 (CVSS v4.0 8.7), the issue stems from improper handling of symbolic links in the PutContents API and allows authenticated users to overwrite files outside repositories, potentially enabling remote code execution. Wiz reported hundreds of compromises and Censys shows over 1,600 exposed instances; no official patch is yet available, so administrators should apply immediate mitigations such as disabling open registration and restricting access.

⚠️ CISA has added CVE-2025-8110 to its Known Exploited Vulnerabilities catalog after reports of active exploitation targeting Gogs. The high-severity (CVSS 8.7) flaw is a path traversal in the repository file editor's PutContents API that mishandles symbolic links and can lead to remote code execution. There is not yet an official upstream patch, though GitHub pull requests show fixes have been merged and maintainers say new images will include the correction once built. Until patched, users should disable default open-registration, restrict server access behind VPNs or allow-lists, and apply other access controls; FCEB agencies must implement mitigations by Feb 2, 2026.

⚠️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a high-severity remote code execution flaw in Gogs tracked as CVE-2025-8110. The issue is a path traversal weakness in the PutContents API that lets authenticated attackers overwrite files outside repositories via symbolic links, enabling arbitrary command execution. Patches released last week add symlink-aware path validation; agencies must remediate by February 2, 2026. Administrators are advised to disable default open registration and restrict server access.

🔐 CISA has formally closed ten Emergency Directives issued between 2019 and 2024 after finding their objectives were met and required remediations implemented across federal civilian agencies. The agency said many issues were absorbed into Binding Operational Directive 22-01 and are now tracked via the known exploited vulnerabilities (KEV) catalog. A subset of directives were closed because requirements no longer matched current risk posture, while Emergency Directives remain available for urgent threats.

🛡️ CISA announced the retirement of ten Emergency Directives issued between 2019 and 2024 after required mitigations were implemented or their coverage was incorporated into BOD 22‑01 and CISA’s Known Exploited Vulnerabilities catalog. The closures include directives tied to specific CVEs and high‑profile incidents such as SolarWinds and Exchange. CISA said the action reflects strengthened federal remediation, operational collaboration, and continued emphasis on Secure by Design principles.

🚨 CISA has added a maximum-severity vulnerability in HPE OneView (CVE-2025-37164) to its catalog of flaws actively exploited in the wild. Reported by Nguyen Quoc Khanh (brocked200) and patched by HPE in mid-December, the bug affects all OneView releases before v11.00 and enables unauthenticated code-injection attacks leading to remote code execution. There are no known mitigations or workarounds; HPE and CISA urge immediate upgrades, and federal agencies must remediate by January 28 under BOD 22-01.

⚠️ CISA added two vulnerabilities — in Microsoft Office PowerPoint (CVE-2009-0556, CVSS 8.8) and HPE OneView (CVE-2025-37164, CVSS 10.0) — to its Known Exploited Vulnerabilities catalog after observing evidence of active exploitation. The HPE flaw permits unauthenticated remote code execution and affects versions prior to 11.00; HPE has released hotfixes for OneView 5.20 through 10. A proof-of-concept exploit for CVE-2025-37164 was disclosed publicly on December 23, 2025, prompting eSentire to urge immediate patching. Federal agencies subject to BOD 22-01 are instructed to remediate by January 28, 2026.

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2009-0556 (Microsoft Office PowerPoint code injection) and CVE-2025-37164 (HPE OneView code injection). CISA notes evidence of active exploitation and highlights that these vulnerability types are frequent attack vectors posing significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV entries by the specified due date. CISA strongly urges all organizations to prioritize timely remediation as part of sound vulnerability management.

⚠️ CISA has added CVE-2025-14847, an MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency vulnerability, to the KEV Catalog after evidence of active exploitation. The designation signals a significant risk to the federal enterprise under BOD 22-01, which requires Federal Civilian Executive Branch agencies to remediate listed vulnerabilities by their due dates. Although BOD 22-01 applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management and will continue adding qualifying CVEs to the catalog.

⚠️ CISA has added CVE-2023-52163 — a missing authorization flaw in Digiever DS-2105 Pro — to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate cataloged vulnerabilities by specified due dates, and CISA emphasizes this entry represents a common and significant attack vector. While the binding directive applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation and incorporate this KEV into their vulnerability management processes.