CISA Adds Four Known Exploited Vulnerabilities to Catalog

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability

CVE-2024-57726 SimpleHelp Missing Authorization Vulnerability

CVE-2024-57728 SimpleHelp Path Traversal Vulnerability

CVE-2025-29635 D-Link DIR-823X Command Injection Vulnerability 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabi...