CISA Updates Vulnerability Catalog with New Flaws in Chrome, Zimbra, Windows, and ThreatSonar
US CISA Updates Catalog of Known Exploited Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog of Known Exploited Vulnerabilities (KEV) to include four new flaws affecting popular software applications.
Newly Added Vulnerabilities
- Google Chrome: high-severity use-after-free bug (CVE-2026-2441)
- TeamT5 ThreatSonar Anti-Ransomware: high-severity vulnerability (CVE-2024-7694)
- Zimbra Collaboration Suite: critical server-side request forgery defect (CVE-2008-0015)
- Microsoft Windows Video ActiveX Control: high-severity vulnerability (CVE-2020-7796)
According to CISA, the KEV catalog is a list of vulnerabilities that are known to be exploited by threat actors. The catalog is intended to help organizations prioritize their patching efforts and reduce the risk of exploitation.
“The KEV catalog is a list of vulnerabilities that are known to be exploited by threat actors. The catalog is intended to help organizations prioritize their patching efforts and reduce the risk of exploitation.”
Google has confirmed that the vulnerability in Google Chrome (CVE-2026-2441) is being actively exploited. Researchers have not yet determined how the vulnerability in TeamT5 ThreatSonar Anti-Ransomware (CVE-2024-7694) is being used in attacks.
Nearly 400 IP addresses have been observed exploiting the vulnerability in Microsoft Windows Video ActiveX Control (CVE-2020-7796) across multiple countries. Microsoft has warned that this older flaw can be leveraged by attackers.
About Author
English