Security News > 2024 > January > CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack
2024-01-10 04:50
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.
News URL
https://thehackernews.com/2024/01/cisa-flags-6-vulnerabilities-apple.html
Related news
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- CISA warns about actively exploited Broadcom, Commvault vulnerabilities (source)
- CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks (source)
- Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-24 | CVE-2023-27524 | Insecure Default Initialization of Resource vulnerability in Apache Superset Session Validation attacks in Apache Superset versions up to and including 2.0.1. | 9.8 |