Ddos 
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding eight high-impact flaws. The update comes following confirmed evidence of active exploitation by malicious actors, posing a direct threat to both federal enterprises and private sector organizations.
Several of the new additions target flaws in authentication mechanisms, allowing attackers to slip into systems without valid credentials.
- PaperCut NG/MF (CVE-2023-27351): A critical flaw in the Security RequestFilter class allows remote attackers to bypass authentication entirely on version 22.0.5. Exploitation requires no user interaction and stems from a poorly implemented authentication algorithm.
- Quest KACE SMA (CVE-2025-32975): A vulnerability in the Single Sign-On (SSO) handling mechanism allows attackers to impersonate legitimate users. This bypass can lead to a complete administrative takeover of the Systems Management Appliance.
Attackers are also leveraging path traversal and file upload vulnerabilities to execute arbitrary code on sensitive servers.
- Kentico Xperience (CVE-2025-2749): Impacting versions through 13.0.178, this vulnerability allows authenticated users to upload arbitrary data to relative path locations. This can result in server-side execution and full Remote Code Execution (RCE).
- JetBrains TeamCity (CVE-2024-27199): Versions prior to 2023.11.4 were found to be vulnerable to a relative path traversal flaw, enabling attackers to perform limited administrative actions.
Cisco’s management platform saw three distinct vulnerabilities added to the catalog, ranging from information leaks to privilege escalation.
| CVE Identifier | Vulnerability Type | Impact |
| CVE-2026-20122 | API Privilege Misuse |
Allows read-only users to upload malicious files and gain vmanage user privileges. |
| CVE-2026-20128 | Recoverable Passwords |
Attackers can read DCA user passwords via crafted HTTP requests to access other systems. |
| CVE-2026-20133 | Sensitive Info Exposure |
Insufficient access restrictions allow unauthenticated attackers to read sensitive OS-level info. |
Finally, CVE-2025-48700 highlights a Cross-Site Scripting (XSS) flaw in the Zimbra Classic UI. By simply viewing a crafted email, a user can trigger the execution of arbitrary JavaScript within their session. This vulnerability is caused by insufficient sanitization of HTML content, particularly involving the @import directive.
CISA warns that these types of vulnerabilities are “frequent attack vectors” for cybercriminals. Organizations utilizing any of these affected products—including PaperCut, TeamCity, Kentico, Quest KACE, Zimbra, or Cisco SD-WAN Manager—are urged to review the KEV Catalog and apply the necessary patches immediately to mitigate the risk of active exploitation.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
