The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows –
- CVE-2026-21643 (CVSS score: 9.1) – An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
- CVE-2020-9715 (CVSS score: 7.8) – A use-after-free vulnerability in Adobe Acrobat Reader that could result in remote code execution.
- CVE-2023-36424 (CVSS score: 7.8) – An out-of-bounds read vulnerability in Microsoft Windows Common Log File System Driver that could result in privilege escalation.
- CVE-2023-21529 (CVSS score: 8.8) – A deserialization of untrusted data in Microsoft Exchange Server that could allow an authenticated attacker to achieve remote code execution.
- CVE-2025-60710 (CVSS score: 7.8) – An improper link resolution before file access vulnerability in Host Process for Windows Tasks that could allow an authorized attacker to elevate privileges locally.
- CVE-2012-1854 (CVSS score: 7.8) – An insecure library loading vulnerability in Microsoft Visual Basic for Applications (VBA) that could result in remote code execution.
Leave a Reply