CISA

V8 in Chrome Vulnerable to Code Execution

CISA has added a vulnerability in Google Chrome's V8 engine to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability (CVE-2026-3910) allows remote code execution and requires federal agencies to patch by March 13, 2026.

Google Chrome Skia Out-of-Bounds Write Vulnerability

CISA has added a known exploited vulnerability, CVE-2026-3909, affecting Google Chrome versions prior to 146.0.7680.75. This vulnerability allows remote attackers to perform out-of-bounds memory access via a crafted HTML page. Agencies are directed to apply mitigations by March 13, 2026.

CISA Adds Two Exploited Vulnerabilities to KEV Catalog

CISA has added two new vulnerabilities, CVE-2026-3909 and CVE-2026-3910, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities per Binding Operational Directive (BOD) 22-01.

CISA: Ignition Software Vulnerable to Code Execution

CISA issued an advisory for Inductive Automation Ignition Software versions prior to 8.3.0, identifying a deserialization vulnerability (CVE-2025-13913) that could allow remote code execution. Users are recommended to upgrade to version 8.3.0 or later.

Apple Use-After-Free Vulnerability Fixed in iOS/iPadOS 17

CISA has added a use-after-free vulnerability (CVE-2023-41974) affecting Apple iOS and iPadOS to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, which could allow an app to execute arbitrary code with kernel privileges, has been fixed by Apple in iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7.

VMware Workspace ONE UEM SSRF Vulnerability CVE-2021-22054

CISA has added VMware Workspace ONE UEM console versions to the Known Exploited Vulnerabilities (KEV) catalog due to an SSRF vulnerability (CVE-2021-22054). This vulnerability may allow a malicious actor to gain access to sensitive information.

SolarWinds Web Help Desk RCE Vulnerability CVE-2025-26399

CISA has added CVE-2025-26399, a critical remote code execution vulnerability in SolarWinds Web Help Desk, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions 12.8.7 and below and allows unauthenticated attackers to run commands on the host machine.

Ivanti EPM Authentication Bypass Vulnerability

CISA has added a vulnerability (CVE-2026-1603) in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, an authentication bypass allowing credential data leakage, affects versions before 2024 SU5.

n8n RCE Vulnerability CVE-2025-68613

CISA has added CVE-2025-68613, a critical Remote Code Execution vulnerability in n8n's workflow evaluation system, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions prior to 1.120.4, 1.121.1, and 1.122.0 and allows authenticated attackers to execute arbitrary code.

Siemens SIDIS Prime Vulnerabilities Advisory

CISA has issued an advisory regarding multiple vulnerabilities in Siemens SIDIS Prime versions prior to V4.0.800, affecting components like OpenSSL, SQLite, and Node.js packages. Siemens recommends updating to the latest version to address these high-severity issues.