Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
"CISA Adds Six Known Exploited Vulnerabilities to Catalog" -- How much longer?
I get these alerts almost every day. Most of them don't affect me but I do scan them to see which vendors are frequently cited as being high security risks.
https://www.cisa.gov/news-events/alerts/2025/05/19/cisa-adds-six-known-exploited-vulnerabilities-catalog
Today:
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
CVE-2025-4428 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
CVE-2024-11182 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
CVE-2025-27920 Srimax Output Messenger Directory Traversal Vulnerability
CVE-2024-27443 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
CVE-2023-38950 ZKTeco BioTime Path Traversal Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Of course the putin/musk/trump operation is not interested in the US companies/federal agencies/public organizations in being able to defend themselves against the operation's agenda.
Thus, CISA and all other defensive organizations in the US federal/state and independent groups need to be undermined and disbanded.