CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2014-3931 Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
- CVE-2016-10033 PHPMailer Command Injection Vulnerability
- CVE-2019-5418 Rails Ruby on Rails Path Traversal Vulnerability
- CVE-2019-9621 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.