"CVE-2026-21643, with a CVSS score of 9.1, is an SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests."
"CVE-2023-21529, rated at 8.8, is a deserialization of untrusted data vulnerability in Microsoft Exchange Server that could allow an authenticated attacker to achieve remote code execution."
"Defused Cyber detected exploitation attempts targeting CVE-2026-21643 since March 24, 2026, while Microsoft reported that threat actor Storm-1175 has weaponized CVE-2023-21529 to deliver Medusa ransomware."
"CVE-2012-1854, an insecure library loading vulnerability in Microsoft Visual Basic for Applications, could result in remote code execution, with Microsoft acknowledging limited, targeted attacks attempting to exploit it."
CISA has included six new vulnerabilities in its Known Exploited Vulnerabilities catalog, indicating active exploitation. Notable vulnerabilities include CVE-2026-21643, an SQL injection flaw in Fortinet FortiClient EMS, and CVE-2023-21529, a deserialization issue in Microsoft Exchange Server. Other vulnerabilities involve Adobe Acrobat Reader, Microsoft Windows, and Microsoft Visual Basic for Applications. Some vulnerabilities have been actively exploited, while others have limited reports of exploitation. The catalog aims to inform organizations about critical security risks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]