CISA adds four known exploited vulnerabilities to catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation:
CVE-2024-43468 Microsoft Configuration Manager SQL Injection Vulnerability, CVE-2025-15556 Notepad++ Download of Code Without Integrity Check Vulnerability, CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability, CVE-2026-20700 Apple Multiple Buffer Overflow Vulnerability.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.