Security News

The U.S. Cybersecurity and Infrastructure Security Agency has added a recently patched security flaw in Microsoft's.NET and Visual Studio products to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three security flaws to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. "In a cluster deployment, MinIO returns all environment variables, including MINIO SECRET KEY and MINIO ROOT PASSWORD, resulting in information disclosure," MinIO maintainers said in an advisory published on March 21, 2023.

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV catalog. Using these custom search queries, the researchers found 15 million instances vulnerable to 200 CVEs from the catalog.

The U.S. Cybersecurity and Infrastructure Security Agency has added three security flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The most critical of the three is CVE-2022-35914, which concerns a remote code execution vulnerability in the third-party library htmlawed present in Teclib GLPI, an open source asset and IT management software package.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday added three security flaws to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation.CVE-2022-47986 is described as a YAML deserialization flaw in the file transfer solution that could allow a remote attacker to execute code on the system.