Ddos 
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding seven high-risk flaws that are currently being weaponized by malicious actors in the wild.
The list ranges from a decade-old Microsoft legacy bug to fresh 2026 zero-days impacting industry giants like Adobe and Fortinet. For security teams, these additions represent a clear and present danger to network integrity.
CISA has included CVE-2012-1854, an untrusted search path vulnerability in Microsoft’s VBE6.dll. The affected products include Microsoft Office 2003, 2007, and 2010.
Local users can gain elevated privileges by placing a Trojan horse DLL in the same directory as a .docx file. Its continued inclusion in active attack cycles highlights the danger of maintaining legacy infrastructure.
Adobe’s ubiquitous PDF readers are facing two distinct exploitation vectors that can lead to total system compromise.
- The Use-After-Free (CVE-2020-9715): Impacting versions through early 2020, this flaw allows for arbitrary code execution.
- The Prototype Pollution (CVE-2026-34621): Affecting Acrobat Reader versions as recent as 26.001.21367, this flaw allows attackers to modify object attributes.
Exploiting these issues typically requires a user to open a malicious file, making social engineering a key component of the attack.
Microsoft faces three additional entries on the KEV list, spanning Exchange Server to core Windows OS components.
- Exchange Server (CVE-2023-21529): An authenticated attacker can trigger a “deserialization of untrusted data” to execute code in the context of the server account via network calls.
- Privilege Escalation (CVE-2023-36424 & CVE-2025-60710): These vulnerabilities allow attackers to climb the ladder from Medium to High Integrity levels or elevate privileges locally through “link following” in Windows Task processes.
Rounding out the list is a critical flaw in Fortinet FortiClientEMS (version 7.4.4), tracked as CVE-2026-21643.
Unlike many others on this list, this SQL injection vulnerability can be exploited by an unauthenticated remote attacker. By sending specifically crafted HTTP requests, attackers can execute unauthorized commands on the server.
CISA warns that these vulnerabilities are “frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise”. For organizations outside the government sector, the message is identical: audit your versions and apply security patches immediately to close these active windows of opportunity.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
