CISA added seven vulnerabilities to its Known Exploited Vulnerabilities catalog, including two Windows bugs, CVE-2023-36424 and CVE-2025-60710, both allowing privilege escalation. Patches for these vulnerabilities were released in November 2023 and 2025, respectively. Other vulnerabilities include CVE-2020-9715 in Adobe Acrobat, CVE-2023-21529 related to Exchange, and two zero-day flaws in Adobe and Fortinet products. CISA also highlighted CVE-2012-1854, a long-known vulnerability in Microsoft Visual Basic for Applications, which has been actively exploited. Federal agencies are urged to apply the necessary patches.
"CISA added CVE-2023-36424, a Windows flaw leading to privilege escalation, and CVE-2025-60710, a link-following vulnerability, to its KEV catalog."
"CVE-2020-9715, a use-after-free bug in Adobe Acrobat, has been publicly known for years and allows arbitrary code execution."
"CISA flagged CVE-2023-21529, an Exchange vulnerability, as exploited by the Medusa ransomware gang, emphasizing the need for immediate attention."
"CVE-2012-1854, an insecure library-loading vulnerability in Microsoft Visual Basic for Applications, has been targeted by attackers since its patch in 2012."
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]