March 21, 2023

CISA released its latest update to the Known Exploited Vulnerabilities catalog, adding 13 new vulnerabilities. Nine of the vulnerabilities have a remediation date of February 1 and four of them have a remediation date of July 18. 

The list includes an October CMS Improper Authentication, a System Information Library for node.js Command Injection vulnerability, an Oracle Corporate Business Intelligence Enterprise Edition Path Traversal vulnerability, an Apache Airflow Experimental API Authentication Bypass vulnerability, a Drupal Core Unrestricted Upload of File vulnerability, and three Nagios XI OS Command Injection vulnerabilities.


The October CMS Improper Authentication CVE-2021-32648 was allegedly used during a  cyberattack on Ukrainian government systems last week. A patch was released in September 2021. 

Previously, earlier last month on a wake of Christmas holidays CISA has updated the Known exploitable list.

Leave a Reply

%d bloggers like this: