<p>CISA has added seven new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2008-4250" target="_blank">CVE-2008-4250</a> Microsoft Windows Buffer Overflow Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2009-1537" target="_blank">CVE-2009-1537</a> Microsoft DirectX NULL Byte Overwrite Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2009-3459" target="_blank">CVE-2009-3459</a> Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2010-0249" target="_blank">CVE-2010-0249</a> Microsoft Internet Explorer Use-After-Free Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2010-0806" target="_blank">CVE-2010-0806</a> Microsoft Internet Explorer Use-After-Free Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-41091" target="_blank">CVE-2026-41091</a> Microsoft Defender Elevation of Privilege Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-45498" target="_blank">CVE-2026-45498</a> Microsoft Defender Denial of Service Vulnerability</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https:

Read Full Article at US-CERT Alerts →