The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation.
The list of vulnerabilities is as follows –
- CVE-2023-27351 (CVSS score: 8.2) – An improper authentication vulnerability in PaperCut NG/MF that could allow an attacker to bypass authentication on affected installations via the SecurityRequestFilter class.
- CVE-2024-27199 (CVSS score: 7.3) – A relative path traversal vulnerability in JetBrains TeamCity that could allow an attacker to perform limited admin actions.
- CVE-2025-2749 (CVSS score: 7.2) – A path traversal vulnerability in Kentico Xperience that could allow an authenticated user’s Staging Sync Server to upload arbitrary data to path relative locations.
- CVE-2025-32975 (CVSS score: 10.0) – An improper authentication vulnerability in Quest KACE Systems Management Appliance (SMA) that could allow an attacker to impersonate legitimate users without valid credentials.Â
- CVE-2025-48700 (CVSS score: 6.1) – A cross-site scripting vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow an attacker to execute arbitrary JavaScript within the user’s session, resulting in unauthorized access to sensitive information.
- CVE-2026-20122 (CVSS score: 5.4) – An incorrect use of privileged APIs vulnerability in Cisco Catalyst SD-WAN Manager that could allow an attacker to upload and overwrite arbitrary files on the affected system and gain vmanage user privileges.
- CVE-2026-20128 (CVSS score: 7.5) – A storing passwords in a recoverable format vulnerability in Cisco Catalyst SD-WAN Manager that could allow an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.
- CVE-2026-20133 (CVSS score: 6.5) – An exposure of sensitive information to an unauthorized actor vulnerability in Cisco Catalyst SD-WAN Manager that could allow remote attackers to view sensitive information on affected systems.
It’s worth noting that CISA added CVE-2024-27198, another flaw impacting on-premise versions of JetBrains TeamCity, to the KEV catalog in March 2024. It’s not known at this stage if both vulnerabilities are being exploited together and if the activity is the work of the same threat actor.
The exploitation of CVE-2023-27351, on the other hand, was attributed to Lace Tempest in April 2023 in connection with attacks delivering Cl0p and LockBit ransomware families.
As for CVE-2025-32975, Arctic Wolf said it observed unknown threat actors weaponizing the bug to target unpatched SMA systems as late last month, although the exact end goals of the campaign remain unknown.
Cisco, for its part, also said it became aware of the exploitation of CVE-2026-20122 and CVE-2026-20128 in March 2026….
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
