"CVE-2025-32975, with a CVSS score of 10.0, represents a critical vulnerability in Quest KACE Systems Management Appliance, allowing attackers to impersonate legitimate users without valid credentials."
"CVE-2023-27351 is an improper authentication vulnerability in PaperCut NG/MF that could enable attackers to bypass authentication on affected installations."
"CISA's addition of vulnerabilities to the KEV catalog underscores the urgency for organizations to address these security flaws to prevent potential exploitation."
"The vulnerabilities in Cisco Catalyst SD-WAN Manager, including CVE-2026-20122 and CVE-2026-20128, could allow attackers to gain unauthorized access and escalate privileges."
CISA has identified eight new vulnerabilities for its Known Exploited Vulnerabilities catalog, highlighting active exploitation risks. Notable vulnerabilities include CVE-2025-32975, with a CVSS score of 10.0, allowing attackers to impersonate users without credentials. Other vulnerabilities include CVE-2023-27351 in PaperCut NG/MF, CVE-2024-27199 in JetBrains TeamCity, and multiple flaws in Cisco Catalyst SD-WAN Manager, which could lead to unauthorized access and privilege escalation. The vulnerabilities pose significant risks to affected systems and require immediate attention from organizations.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]