ZEN SecDB4d ago

🚨 [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)

CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854

⚠️ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715

⚠️ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529

⚠️ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424

⚠️ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710

⚠️ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643

⚠️ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621

[CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog - Advisory | ZEN SecDB Portal

CISA-2026:0413 - CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types...

ZEN SecDB Portal
OPSEC Cybersecurity News LiveFeb 14, 2023
Microsoft Patch Tuesday, February 2023 Edition

https://krebsonsecurity.com/2023/02/microsoft-patch-tuesday-february-2023-edition/

#MicrosoftPatchTuesdayFebruary2023 #TrendMicroZeroDayInitiative #sansinternetstormcenter #InternetExplorer11 #JohannesUllrich #MicrosoftOffice #LatestWarnings #SecurityTools #ImmersiveLabs #CVE202321529 #CVE202321706 #CVE202321707 #CVE202321715 #CVE202321716 #CVE202321823 #CVE202323376 #DustinChilds #TimetoPatch #KevinBreen #Mandiant
Microsoft Patch Tuesday, February 2023 Edition – Krebs on Security