By The Hacker News
Publication Date: 2026-04-14 05:39:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows –
- CVE-2026-21643 (CVSS score: 9.1) – An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
- CVE-2020-9715 (CVSS score: 7.8) – A use-after-free vulnerability in Adobe Acrobat Reader that could result in remote code execution.
- CVE-2023-36424 (CVSS score: 7.8) – An out-of-bounds read vulnerability in Microsoft Windows Common Log File System Driver that could result in privilege escalation.
- CVE-2023-21529 (CVSS score: 8.8) – A deserialization of untrusted data in Microsoft Exchange Server that could allow an authenticated attacker to achieve…
