CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation Wave
Summary
Hide ▲
Show ▼
CISA expanded its KEV catalog with four actively exploited flaws, signaling a live exploitation wave across Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video ActiveX Control. A GreyNoise-reported ~400-IP cluster was also tied to abuse of SSRF vulnerabilities, including CVE-2020-7796, against susceptible systems in multiple countries. FCEB agencies have a near-term remediation deadline of March 10, 2026.
Related Happenings
Microsoft 365 Copilot Enterprise SearchLeak remote code execution flaw (CVE-2026-42824)
Vulnerability
H score34
First: 15.06.2026 16:00
Last: 15.06.2026 16:00
Sources 1
About this happening:
**Microsoft 365 Copilot Enterprise Search** has a **critical** vulnerability chain, **SearchLeak**, that could let a user leak **emails, calendar details, MFA codes, and indexed f...
Microsoft 365 Copilot Enterprise SearchLeak remote code execution flaw (CVE-2026-42824)
VulnerabilityAbout this happening: **Microsoft 365 Copilot Enterprise Search** has a **critical** vulnerability chain, **SearchLeak**, that could let a user leak **emails, calendar details, MFA codes, and indexed f...
Everest Forms Pro plugin actively exploited RCE (CVE-2026-3300)
Vulnerability
H score87
First: 04.06.2026 19:15
Last: 04.06.2026 19:15
Sources 1
About this happening:
**Everest Forms Pro** has an **actively exploited** critical **remote code execution** flaw, **CVE-2026-3300**, that lets unauthenticated attackers run **PHP** and take over **Wor...
Everest Forms Pro plugin actively exploited RCE (CVE-2026-3300)
VulnerabilityAbout this happening: **Everest Forms Pro** has an **actively exploited** critical **remote code execution** flaw, **CVE-2026-3300**, that lets unauthenticated attackers run **PHP** and take over **Wor...
Magento exploitation wave for CVE-2026-45247
Exploitation Wave
H score9
First: 04.06.2026 10:19
Last: 04.06.2026 10:19
Sources 1
About this happening:
Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
Magento exploitation wave for CVE-2026-45247
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation Wave
H score18
First: 01.06.2026 11:30
Last: 01.06.2026 11:30
Sources 1
About this happening:
A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation WaveAbout this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
Pretalx stored XSS (CVE-2026-41241)
Vulnerability
H score0
First: 27.05.2026 17:30
Last: 27.05.2026 17:30
Sources 1
About this happening:
A high-severity **stored XSS** in **Pretalx** tracked as **CVE-2026-41241** let registered speakers inject code that could run when an organizer searched a submission, creating **...
Pretalx stored XSS (CVE-2026-41241)
VulnerabilityAbout this happening: A high-severity **stored XSS** in **Pretalx** tracked as **CVE-2026-41241** let registered speakers inject code that could run when an organizer searched a submission, creating **...
Timeline
-
18.02.2026 08:52 2 articles · 4mo ago
CISA adds four actively exploited flaws to KEV catalog
Legal Policy Action UpdateCISA added CVE-2026-2441 in Google Chrome, CVE-2024-7694 in TeamT5 ThreatSonar Anti-Ransomware versions 3.4.5 and earlier, CVE-2020-7796 in Synacor Zimbra Collaboration Suite (ZCS), and CVE-2008-0015 in Microsoft Windows Video ActiveX Control to the Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation in the wild. CISA said Federal Civilian Executive Branch (FCEB) agencies should apply the necessary fixes by March 10, 2026, while Google said an exploit for CVE-2026-2441 exists in the wild and GreyNoise reported about 400 IP addresses abusing SSRF vulnerabilities, including CVE-2020-7796, against susceptible instances in multiple countries.
Show sources
- CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update — thehackernews.com — 18.02.2026 08:52
- CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update — thehackernews.com — 18.02.2026 08:52