🚨 [CISA-2026:0506] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0506)

[CISA-2026:0506] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0506)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

️ CVE-2026-0300 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0300)
- Name: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Palo Alto Networks
- Product: PAN-OS
- Notes: https://security.paloaltonetworks.com/CVE-2026-0300 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0300

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260506 #cisa20260506 #cve_2026_0300 #cve20260300

[CISA-2026:0423] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0423)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

️ CVE-2026-39987 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39987)
- Name: Marimo Remote Code Execution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Marimo
- Product: Marimo
- Notes: https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc ; https://nvd.nist.gov/vuln/detail/CVE-2026-39987

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260423 #cisa20260423 #cve_2026_39987 #cve202639987

CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard

Total CVEs: 1192

Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59

Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241

Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23

Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105

Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)

[CISA-2026:0416] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0416)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

️ CVE-2026-34197 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- Name: Apache ActiveMQ Improper Input Validation Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apache
- Product: ActiveMQ
- Notes: https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260416 #cisa20260416 #cve_2026_34197 #cve202634197