Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

CISA expanded its KEV catalog with four actively exploited flaws, signaling a live exploitation wave across Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video ActiveX Control. A GreyNoise-reported ~400-IP cluster was also tied to abuse of SSRF vulnerabilities, including CVE-2020-7796, against susceptible systems in multiple countries. FCEB agencies have a near-term remediation deadline of March 10, 2026.

Related Happenings

Microsoft 365 Copilot Enterprise SearchLeak remote code execution flaw (CVE-2026-42824)

Vulnerability
H score34 First: 15.06.2026 16:00 Last: 15.06.2026 16:00 Sources 1

About this happening: **Microsoft 365 Copilot Enterprise Search** has a **critical** vulnerability chain, **SearchLeak**, that could let a user leak **emails, calendar details, MFA codes, and indexed f...

Everest Forms Pro plugin actively exploited RCE (CVE-2026-3300)

Vulnerability
H score87 First: 04.06.2026 19:15 Last: 04.06.2026 19:15 Sources 1

About this happening: **Everest Forms Pro** has an **actively exploited** critical **remote code execution** flaw, **CVE-2026-3300**, that lets unauthenticated attackers run **PHP** and take over **Wor...

Magento exploitation wave for CVE-2026-45247

Exploitation Wave
H score9 First: 04.06.2026 10:19 Last: 04.06.2026 10:19 Sources 1

About this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...

PAN-OS GlobalProtect CVE-2026-0257 exploitation wave

Exploitation Wave
H score18 First: 01.06.2026 11:30 Last: 01.06.2026 11:30 Sources 1

About this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...

Pretalx stored XSS (CVE-2026-41241)

Vulnerability
H score0 First: 27.05.2026 17:30 Last: 27.05.2026 17:30 Sources 1

About this happening: A high-severity **stored XSS** in **Pretalx** tracked as **CVE-2026-41241** let registered speakers inject code that could run when an organizer searched a submission, creating **...

Timeline

  1. 18.02.2026 08:52 2 articles · 4mo ago

    CISA adds four actively exploited flaws to KEV catalog

    Legal Policy Action Update

    CISA added CVE-2026-2441 in Google Chrome, CVE-2024-7694 in TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier, CVE-2020-7796 in Synacor Zimbra Collaboration Suite (ZCS), and CVE-2008-0015 in Microsoft Windows Video ActiveX Control to the Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation in the wild. CISA said Federal Civilian Executive Branch (FCEB) agencies should apply the necessary fixes by March 10, 2026, while Google said an exploit for CVE-2026-2441 exists in the wild and GreyNoise reported about 400 IP addresses abusing SSRF vulnerabilities, including CVE-2020-7796, against susceptible instances in multiple countries.

    Show sources