Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
First reported
Last updated
Happening score
H score 58
1 unique sources, 1 articles

Summary

Hide ▲

CISA expanded its KEV catalog with four actively exploited flaws, signaling a live exploitation wave across Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video ActiveX Control. A GreyNoise-reported ~400-IP cluster was also tied to abuse of SSRF vulnerabilities, including CVE-2020-7796, against susceptible systems in multiple countries. FCEB agencies have a near-term remediation deadline of March 10, 2026.

Related Happenings

Pretalx stored XSS (CVE-2026-41241)

Vulnerability
First: 27.05.2026 17:30 Last: 27.05.2026 17:30 Sources 1

About this happening: A high-severity **stored XSS** in **Pretalx** tracked as **CVE-2026-41241** let registered speakers inject code that could run when an organizer searched a submission, creating **...

Open Happening

Microsoft SharePoint remote code execution (CVE-2026-45659)

Vulnerability
First: 26.05.2026 14:49 Last: 26.05.2026 14:49 Sources 1

About this happening: **Microsoft SharePoint** **CVE-2026-45659** is a **remote code execution** vulnerability that lets an **authenticated attacker** with **Site Member** permissions run code over the...

Open Happening

Ghost CMS CVE-2026-26980 ClickFix campaign

Campaign
First: 24.05.2026 17:12 Last: 24.05.2026 17:12 Sources 1

About this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...

Open Happening

Apex One on-premises server directory traversal zero-day (CVE-2026-34926)

Vulnerability
First: 22.05.2026 16:39 Last: 22.05.2026 16:39 Sources 1

About this happening: **CVE-2026-34926** is a **Trend Micro Apex One** **on-premises** directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected **agents...

Open Happening

Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)

Vulnerability
First: 22.05.2026 08:47 Last: 22.05.2026 08:47 Sources 1

About this happening: **CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...

Open Happening

Timeline

  1. 18.02.2026 08:52 2 articles · 3mo ago

    CISA adds four actively exploited flaws to KEV catalog

    Legal Policy Action Update

    CISA added CVE-2026-2441 in Google Chrome, CVE-2024-7694 in TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier, CVE-2020-7796 in Synacor Zimbra Collaboration Suite (ZCS), and CVE-2008-0015 in Microsoft Windows Video ActiveX Control to the Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation in the wild. CISA said Federal Civilian Executive Branch (FCEB) agencies should apply the necessary fixes by March 10, 2026, while Google said an exploit for CVE-2026-2441 exists in the wild and GreyNoise reported about 400 IP addresses abusing SSRF vulnerabilities, including CVE-2020-7796, against susceptible instances in multiple countries.

    Show sources
    Open in new tab