CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Five Vulnerabilities Added to CISA's Known Exploited Vulnerabilities Catalog

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Five new vulnerabilities have been added to the CISA Known Exploited Vulnerabilities (KEV) Catalog. These include a server-side request forgery (SSRF) flaw in Oracle E-Business Suite (EBS) and four other vulnerabilities affecting Microsoft Windows SMB Client, Kentico Xperience CMS, and Apple's JavaScriptCore. The SSRF vulnerability in Oracle EBS has been actively exploited in real-world attacks. The vulnerabilities affect widely used software and have varying CVSS scores, indicating different levels of severity. Federal Civilian Executive Branch (FCEB) agencies must remediate these vulnerabilities by November 10, 2025, to protect against active threats.

Timeline

  1. 20.10.2025 22:00 1 articles · 23h ago

    CISA Adds Five New Vulnerabilities to KEV Catalog

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These include a server-side request forgery (SSRF) flaw in Oracle E-Business Suite (EBS) and vulnerabilities in Microsoft Windows SMB Client, Kentico Xperience CMS, and Apple's JavaScriptCore. The SSRF vulnerability in Oracle EBS (CVE-2025-61884) has been actively exploited in real-world attacks. Federal Civilian Executive Branch (FCEB) agencies must remediate these vulnerabilities by November 10, 2025, to protect against active threats.

    Show sources

Information Snippets