CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA Current Activity·20. Mai 2026, 12:00

Originalartikel lesen bei CISA Current Activity

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Microsoft DirectX NULL Byte Overwrite Vulnerability CVE-2009-3459 Adobe Acrobat and...

MITRE ATT&CK Kill Chain (1 Techniken)

Resource Development

T1588.006

Vulnerabilities

Vollständigen Artikel lesen bei CISA Current Activity

8 Quellen berichten

Primärquellen

CISA Adds One Known Exploited Vulnerability to Catalog
CISA Current Activity · vor 12 Tagen
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Current Activity · vor 5 Tagen

Weitere Quellen

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
The Hacker News · vor 12 Tagen
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
BleepingComputer · vor 12 Tagen
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The Hacker News · vor 12 Tagen
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
SecurityWeek · vor 12 Tagen
TrendAI Patches Apex One Zero-Day Exploited in the Wild
SecurityWeek · vor 5 Tagen

Erwähnte CVEs (7)

CVE-2008-4250CRITICAL(9.8)

KEVEPSS 92%

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

Details NVD

CVE-2009-1537HIGH(8.8)

KEVEPSS 53%

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."

Details NVD

CVE-2009-3459HIGH(8.8)

KEVEPSS 88%

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.

Details NVD

CVE-2010-0249HIGH(8.8)

KEVEPSS 89%

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."

Details NVD

CVE-2010-0806HIGH(8.8)

KEVEPSS 87%

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

Details NVD

CVE-2026-41091

Nicht in lokaler DB — siehe NVD

NVD

CVE-2026-45498

Nicht in lokaler DB — siehe NVD

NVD

MITRE ATT&CK Kill Chain (1 Techniken)

Verwandte Artikel