All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

CISA Adds Three Actively Exploited Vulnerabilities to Known Exploited Vulnerabilities Catalog

22h ago· 2 min readenNews
Bagel score 75 of 100
75/100
Toasty
Bagelometer

Reliable enough to start your morning with. Toast it again tomorrow.

Score75TypenewsSentimentnegative

Summary

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerabilities affect Arista Extensible Operating System (CVE-2026-7473), Google Chromium V8 (CVE-2026-11645), and Cisco Catalyst SD-WAN Manager (CVE-2026-20245). These flaws are described as frequent attack vectors for malicious cyber actors and pose significant risks to federal enterprise systems.

Key quotes

· 2 pulled
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.
Snippet from the RSS feed
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

You might also wanna read

Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution

Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr

redis.io·8mo ago

Early Exploitation of React2Shell Vulnerability (CVE-2025-55182) Targets Critical Infrastructure

The article details early exploitation activity following the public disclosure of the critical React2Shell vulnerability (CVE-2025-55182).

blog.cloudflare.com·6mo ago

Technical Analysis of CVE-2025-53149: Heap-based Buffer Overflow in Windows Kernel Streaming Driver

Researchers discovered CVE-2025-53149, a heap-based buffer overflow vulnerability in the Windows Kernel Streaming WOW Thunk Service Driver (

crowdfense.com·9mo ago

Technical Analysis of CVE-2025-10035: A CVSS 10.0 Vulnerability in Fortra GoAnywhere MFT

watchTowr Labs analyzes CVE-2025-10035, a critical CVSS 10.0 vulnerability in Fortra's GoAnywhere MFT (managed file transfer) solution. The

labs.watchtowr.com·8mo ago

Cisco discloses actively exploited zero-day affecting up to 2 million IOS and IOS XE devices

Cisco disclosed an actively exploited zero-day vulnerability (CVE-2025-20352) affecting all supported versions of Cisco IOS and IOS XE, pote

arstechnica.com·8mo ago

CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1

A security vulnerability (CVE-2026-48800 bypass) has been discovered in Notepad++ v8.9.6.1, the latest patched version. The vulnerability in

github.com·9h ago