#cisa-kev

#cisa-kev

The Google Chromium issue, tracked as CVE-2026-2441, is a remote code execution (RCE) flaw arising from a use-after-free condition in which the application continues to point to a memory location after it has been freed. It is classed as a zero-day. Google said it was "aware" that an exploit for the flaw exists in the wild and has updated the Stable channel to 145.0.7632.75/76 for Windows and Macintosh, and 144.0.7559.75 for Linux.

CVE-2024-7694 is a high-severity arbitrary file-upload issue affecting TeamT5's ThreatSonar Anti-Ransomware product. The issue was patched in August 2024. "ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server," reads an advisory published at the time of patching by Taiwan's TWCERT/CC.

The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it. CISA's KEV Catalog, more commonly known as the KEV list, emerged with the issue of BOD 22-01 in November 2021. This catalog, currently a list of just over 1,500 vulnerabilities known to have been exploited in the wild, suggests a high value prioritization source for vulnerability remediation within industry.

CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the self-hosted Git service was added to its Known Exploited Vulnerabilities (KEV) catalog. The US cybersecurity agency added the path traversal flaw to the KEV list on Monday, triggering urgent remediation requirements for federal civilian executive branch (FCEB) agencies.

The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an "embedded malicious code vulnerability" introduced by means of a supply chain compromise that could allow attackers to perform unintended actions. "Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise," according to a description of the flaw published in CVE.org. "The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected."

Details of the six-year-old flaw were publicly shared by Cisco Talos in April 2019, describing it as an exploitable remote code execution vulnerability in the ACEManager "upload.cgi" function of Sierra Wireless AirLink ES450 firmware version 4.9.3. Talos reported the flaw to the Canadian company in December 2018. "This vulnerability exists in the file upload capability of templates within the AirLink 450," the company said. "When uploading template files, you can specify the name of the file that you are uploading."

CVE-2024-8068 (CVSS score: 5.1) - An improper privilege management vulnerability in Citrix Session Recording that could allow for privilege escalation to NetworkService Account access when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain CVE-2024-8069 (CVSS score: 5.1) - A deserialization of untrusted data vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService Account access when an attacker is an authenticated user on the same intranet as the session recording server