The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Tuesday added 4 security flaws to its Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation within the wild.
The listing of vulnerabilities is as follows –
- CVE-2026-2441 (CVSS rating: 8.8) – A use-after-free vulnerability in Google Chrome that might permit a distant attacker to probably exploit heap corruption by way of a crafted HTML web page.
- CVE-2024-7694 (CVSS rating: 7.2) – An arbitrary file add vulnerability in TeamT5 ThreatSonar Anti-Ransomware variations 3.4.5 and earlier that might permit an attacker to add malicious recordsdata and obtain arbitrary system command execution on the server.
- CVE-2020-7796 (CVSS rating: 9.8) – A server-side request forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that might permit an attacker to ship a crafted HTTP request to a distant host and procure unauthorized entry to delicate info.
- CVE-2008-0015 (CVSS rating: 8.8) – A stack-based buffer overflow vulnerability in Microsoft Home windows Video ActiveX Management that might permit an attacker to attain distant code execution by organising a specifically crafted internet web page.
The addition of CVE-2026-2441 to the KEV catalog comes days after Google acknowledged that “an exploit for CVE-2026-2441 exists within the wild.” It is at the moment not recognized how the vulnerability is being weaponized, however such info is often withheld till a majority of the customers are up to date with a repair in order to stop different menace actors from becoming a member of the exploitation bandwagon.
As for CVE-2020-7796, a report printed by menace intelligence agency GreyNoise in March 2025 revealed {that a} cluster of about 400 IP addresses was actively exploiting a number of SSRF vulnerabilities, together with CVE-2020-7796, to focus on inclined cases within the U.S., Germany, Singapore, India, Lithuania, and Japan.
“When a consumer visits an internet web page containing an exploit detected as Exploit:JS/CVE-2008-0015, it might connect with a distant server and obtain different malware,” Microsoft notes in its menace encyclopedia. It additionally stated it is conscious of instances the place the exploit is used to obtain and execute Dogkild, a worm that propagates by way of detachable drives.
The worm comes with capabilities to retrieve and run extra binaries, overwrite sure system recordsdata, terminate a protracted listing of security-related processes, and even substitute the Home windows Hosts file in an try to stop customers from accessing web sites related to security applications.
It is presently unclear how the TeamT5 ThreatSonar Anti-Ransomware vulnerability is being exploited. Federal Civilian Government Department (FCEB) companies are really useful to use the mandatory fixes by March 10, 2026, for optimum safety.
