Close Menu
    What's Hot

    Mass Protests Across Ukraine Oppose Ouster of Defense Minister

    Opinion | ICE Is Out of Control. Here’s What to Do About It.

    The Army Veteran Killed Outside His ‘Trump House’

    Facebook X (Twitter) Instagram
    Trending
    • Mass Protests Across Ukraine Oppose Ouster of Defense Minister
    • Opinion | ICE Is Out of Control. Here’s What to Do About It.
    • The Army Veteran Killed Outside His ‘Trump House’
    • Sam Neill’s Cause of Death Was Pneumonia, Actor’s Agent Confirms
    • What to Know About Mykhailo Fedorov, Ukraine’s Ousted Defense Minister
    • Astronomers Have Found a Sugar Molecule in Deep Space for the First Time Ever
    • US inflation fell more than expected to 3.5% in June as petrol prices tumbled
    • TSMC Adds $100 Billion to Its U.S. Spending Plan
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

    adminBy adminApril 21, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananApr 21, 2026Network Security / Threat Intelligence

    CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation.

    The list of vulnerabilities is as follows –

    • CVE-2023-27351 (CVSS score: 8.2) – An improper authentication vulnerability in PaperCut NG/MF that could allow an attacker to bypass authentication on affected installations via the SecurityRequestFilter class.
    • CVE-2024-27199 (CVSS score: 7.3) – A relative path traversal vulnerability in JetBrains TeamCity that could allow an attacker to perform limited admin actions.
    • CVE-2025-2749 (CVSS score: 7.2) – A path traversal vulnerability in Kentico Xperience that could allow an authenticated user’s Staging Sync Server to upload arbitrary data to path relative locations.
    • Cybersecurity
    • CVE-2025-32975 (CVSS score: 10.0) – An improper authentication vulnerability in Quest KACE Systems Management Appliance (SMA) that could allow an attacker to impersonate legitimate users without valid credentials. 
    • CVE-2025-48700 (CVSS score: 6.1) – A cross-site scripting vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow an attacker to execute arbitrary JavaScript within the user’s session, resulting in unauthorized access to sensitive information.
    • CVE-2026-20122 (CVSS score: 5.4) – An incorrect use of privileged APIs vulnerability in Cisco Catalyst SD-WAN Manager that could allow an attacker to upload and overwrite arbitrary files on the affected system and gain vmanage user privileges.
    • CVE-2026-20128 (CVSS score: 7.5) – A storing passwords in a recoverable format vulnerability in Cisco Catalyst SD-WAN Manager that could allow an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.
    • CVE-2026-20133 (CVSS score: 6.5) – An exposure of sensitive information to an unauthorized actor vulnerability in Cisco Catalyst SD-WAN Manager that could allow remote attackers to view sensitive information on affected systems.

    It’s worth noting that CISA added CVE-2024-27198, another flaw impacting on-premise versions of JetBrains TeamCity, to the KEV catalog in March 2024. It’s not known at this stage if both vulnerabilities are being exploited together and if the activity is the work of the same threat actor.

    The exploitation of CVE-2023-27351, on the other hand, was attributed to Lace Tempest in April 2023 in connection with attacks delivering Cl0p and LockBit ransomware families.

    Cybersecurity

    As for CVE-2025-32975, Arctic Wolf said it observed unknown threat actors weaponizing the bug to target unpatched SMA systems as late last month, although the exact end goals of the campaign remain unknown.

    Cisco, for its part, also said it became aware of the exploitation of CVE-2026-20122 and CVE-2026-20128 in March 2026. The company has yet to revise its advisory to reflect the in-the-wild abuse of CVE-2026-20133.

    In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies have been recommended to address the three Cisco vulnerabilities by April 23, 2026, and the rest by May 4, 2026.

    adds AprilMay CISA Deadlines Exploited Federal Flaws KEV sets
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleStop outsourcing your judgment: Brené Brown in conversation with leadership coach Aiko Bethea
    Next Article LinkedIn’s new Crosscheck feature lets premium subscribers test competing AI models for free
    admin
    • Website

    Related Posts

    TSMC Adds $100 Billion to Its U.S. Spending Plan

    July 16, 2026

    OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol

    July 16, 2026

    148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

    July 16, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Mass Protests Across Ukraine Oppose Ouster of Defense Minister

    Opinion | ICE Is Out of Control. Here’s What to Do About It.

    The Army Veteran Killed Outside His ‘Trump House’

    Sam Neill’s Cause of Death Was Pneumonia, Actor’s Agent Confirms

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by