The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added new security flaws to its Known Exploited Vulnerabilities (KEV) catalog. The newly listed vulnerabilities affect Multi-Router Looking Glass (MRLG), PHPMailer, Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS).
Below are the key details of the vulnerabilities:
CVE-2014-3931 (CVSS score: 9.8): This buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) exists in the fastping.c component in versions prior to 5.5.0. It allows remote attackers to write to arbitrary memory locations, potentially causing memory corruption.
CVE-2016-10033 (CVSS score: 9.8): This PHPMailer vulnerability was discovered by security researcher Dawid Golunski of Legal Hackers. It can be exploited by unauthenticated remote attackers to execute arbitrary code within the context of the web server. All versions of PHPMailer before 5.2.18 are affected.
CVE-2019-5418 (CVSS score: 7.5): This path traversal vulnerability affects Action View, a core component of Ruby on Rails. It allows attackers to use specially crafted Accept headers to force the application to render arbitrary files from the server. This could expose sensitive files like configuration data or system password files.
CVE-2019-9621 (CVSS score: 7.5): This vulnerability impacts Zimbra Collaboration Suite (ZCS) in several versions before specific patches. It involves a server-side request forgery (SSRF) in the ProxyServlet component that could allow attackers to send unauthorized requests from the server.
In line with Binding Operational Directive (BOD) 22-01, federal civilian executive branch (FCEB) agencies are required to address these vulnerabilities by July 28, 2025, to secure their systems against active exploitation.
CISA also advises private sector organizations to review the KEV catalog and apply the necessary patches to reduce the risk to their networks.
These updates highlight the need for ongoing vigilance and timely remediation of known security threats, especially those that are actively being exploited in the wild.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
