The U.S. Cybersecurity and Infrastructure Security Company (CISA) has added 6 security flaws to its Identified Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
This consists of CVE-2023-27524 (CVSS rating: 8.9), a superior-severity vulnerability impacting the Apache Superset open-source knowledge visualization software package that could enable remote code execution. It was mounted in version 2.1.
Details of the issue to start with arrived to gentle in April 2023, with Horizon3.ai’s Naveen Sunkavally describing it as a “risky default configuration in Apache Superset that enables an unauthenticated attacker to acquire remote code execution, harvest credentials, and compromise details.”

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
It is really at this time not known how the vulnerability is getting exploited in the wild. Also added by CISA are five other flaws –
- CVE-2023-38203 (CVSS score: 9.8) – Adobe ColdFusion Deserialization of Untrusted Details Vulnerability
- CVE-2023-29300 (CVSS score: 9.8) – Adobe ColdFusion Deserialization of Untrusted Information Vulnerability
- CVE-2023-41990 (CVSS rating: 7.8) – Apple Multiple Merchandise Code Execution Vulnerability
- CVE-2016-20017 (CVSS rating: 9.8) – D-Website link DSL-2750B Gadgets Command Injection Vulnerability
- CVE-2023-23752 (CVSS rating: 5.3) – Joomla! Poor Accessibility Management Vulnerability
It is really worth noting that CVE-2023-41990, patched by Apple in iOS 15.7.8 and iOS 16.3, was made use of by mysterious actors as portion of Operation Triangulation adware attacks to realize remote code execution when processing a specially crafted iMessage PDF attachment.
Federal Civilian Executive Department (FCEB) businesses have been advised to use fixes for the aforementioned bugs by January 29, 2024, to safe their networks towards lively threats.
Located this article attention-grabbing? Follow us on Twitter and LinkedIn to read through much more unique written content we publish.
Some elements of this posting are sourced from:
thehackernews.com