"CISA has expanded its Known Exploited Vulnerabilities catalog with eight new flaws, including CVE-2026-20133, a high-severity information disclosure bug in Cisco Catalyst SD-WAN Manager that was patched in February."
"The CVE-2025-2749 vulnerability in Kentico Xperience is described as a path traversal and arbitrary file upload issue that could allow attackers to execute content on the server remotely."
"The ZCS vulnerability, CVE-2025-48700, is an XSS bug in the Zimbra Classic UI that can be exploited to execute JavaScript code within the user's session."
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities catalog, including CVE-2026-20133, a high-severity bug in Cisco's SD-WAN Manager. This flaw allows unauthorized access to system information. Additionally, vulnerabilities in Kentico Xperience and Zimbra Collaboration Suite have been exploited, leading to remote code execution. The Kentico flaw involves path traversal and arbitrary file uploads, while the ZCS vulnerability allows JavaScript execution through insufficient HTML sanitization. These updates highlight ongoing security risks in widely used software products.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]