"CISA added CVE-2023-36424, a Windows flaw leading to privilege escalation, and CVE-2025-60710, a link-following vulnerability, to its KEV catalog."
"CVE-2020-9715, a use-after-free bug in Adobe Acrobat, has been publicly known for years and allows arbitrary code execution."
"CISA flagged CVE-2023-21529, an Exchange vulnerability, as exploited by the Medusa ransomware gang, emphasizing the need for immediate attention."
"CVE-2012-1854, an insecure library-loading vulnerability in Microsoft Visual Basic for Applications, has been targeted by attackers since its patch in 2012."
CISA added seven vulnerabilities to its Known Exploited Vulnerabilities catalog, including two Windows bugs, CVE-2023-36424 and CVE-2025-60710, both allowing privilege escalation. Patches for these vulnerabilities were released in November 2023 and 2025, respectively. Other vulnerabilities include CVE-2020-9715 in Adobe Acrobat, CVE-2023-21529 related to Exchange, and two zero-day flaws in Adobe and Fortinet products. CISA also highlighted CVE-2012-1854, a long-known vulnerability in Microsoft Visual Basic for Applications, which has been actively exploited. Federal agencies are urged to apply the necessary patches.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]