CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2018-4063 Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.    Binding Operational Directive

READ MORE →

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-14174 Google Chromium Out-of-Bounds Memory Access Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.    Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2, iSTAR Ultra LT Vulnerabilities: OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Grassroots Equipment: DICOM (GDCM) Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious DICOM file and, if opened, could crash the application resulting in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED

READ MORE →

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by the MITRE Corporation, has released the 2025 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical weaknesses adversaries exploit to compromise systems, steal data, or disrupt

READ MORE →

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack

READ MORE →

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Low attack complexity

READ MORE →

Today, CISA released updated Cross-Sector Cybersecurity Performance Goals (CPG 2.0) with measurable actions for critical infrastructure owners and operators to achieve a foundational level of cybersecurity.  This update incorporates lessons learned, aligns with the most recent National Institute of Standards and Technology Cybersecurity Framework revisions, and addresses the most common and impactful threats facing critical

READ MORE →

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-58360 OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.    Binding Operational Directive (BOD) 22-01:

READ MORE →

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack

READ MORE →