Skip to content
Brand Logo

CIRCLE WITH A DOT
  • secdb@infosec.exchangeS

    🚨 [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)

    Uncategorized secdb infosec cve cisakev cisa20260320
    1
    0 Votes
    1 Posts
    0 Views
    secdb@infosec.exchangeS
    [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)- Name: Apple Multiple Products Buffer Overflow Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Apple- Product: Multiple Products- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277️ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)- Name: Craft CMS Code Injection Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Craft CMS- Product: Craft CMS- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432️ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)- Name: Apple Multiple Products Improper Locking Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Apple- Product: Multiple Products- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510️ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Apple- Product: Multiple Products- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520️ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)- Name: Laravel Livewire Code Injection Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Laravel- Product: Livewire- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
  • secdb@infosec.exchangeS

    🚨 [CISA-2026:0318] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0318)

    Uncategorized secdb infosec cve cisakev cisa20260318
    1
    0 Votes
    1 Posts
    0 Views
    secdb@infosec.exchangeS
    [CISA-2026:0318] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0318)CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2025-66376 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-66376)- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Synacor- Product: Zimbra Collaboration Suite (ZCS)- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-66376#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260318 #cisa20260318 #cve_2025_66376 #cve202566376
  • secdb@infosec.exchangeS

    🚨 [CISA-2026:0225] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0225)

    Uncategorized secdb infosec cve cisakev cisa20260225
    1
    0 Votes
    1 Posts
    0 Views
    secdb@infosec.exchangeS
    [CISA-2026:0225] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0225)CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2022-20775 (https://secdb.nttzen.cloud/cve/detail/CVE-2022-20775)- Name: Cisco SD-WAN Path Traversal Vulnerability- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Cisco- Product: SD-WAN- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-sd-wan-priv-E6e8tEdF.html ; https://nvd.nist.gov/vuln/detail/CVE-2022-20775️ CVE-2026-20127 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)- Name: Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Cisco- Product: Catalyst SD-WAN Controller and Manager- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20127#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260225 #cisa20260225 #cve_2022_20775 #cve_2026_20127 #cve202220775 #cve202620127
  • secdb@infosec.exchangeS

    🚨 [CISA-2026:0224] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0224)

    Uncategorized secdb infosec cve cisakev cisa20260224
    1
    0 Votes
    1 Posts
    0 Views
    secdb@infosec.exchangeS
    [CISA-2026:0224] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0224)CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2026-25108 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)- Name: Soliton Systems K.K FileZen OS Command Injection Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Soliton Systems K.K- Product: FileZen- Notes: https://jvn.jp/en/jp/JVN84622767/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-25108#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260224 #cisa20260224 #cve_2026_25108 #cve202625108