CISA adds seven known exploited vulnerabilities to catalog
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation:
CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability, CVE-2009-1537 Microsoft DirectX NULL Byte Overwrite Vulnerability, CVE-2009-3459 Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability, CVE-2010-0249 Microsoft Internet Explorer Use-After-Free Vulnerability, CVE-2010-0806 Microsoft Internet Explorer Use-After-Free Vulnerability, CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability, and CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.