The US CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability
- CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability
- CVE-2020-13965 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
Advertisements
CISA given timeline until 17 July 2024 for federal and government agencies to remediate these vulnerabilities.
