By Pieter Arntz
Publication Date: 2026-01-08 14:29:00
The US Cybersecurity and Infrastructure Security Agency (CISA) aggregate both a newly discovered flaw and a much older one in its catalog of known exploited vulnerabilities (KEV).
The KEV catalog provides Federal Civil Executive Branch (FCEB) agencies with a list of vulnerabilities known to be exploited in the wild, along with timelines for fixing them. In both cases, the expiration date is January 28, 2026.
But CISA alerts aren’t just for government agencies. They also provide guidance to businesses and end users on which vulnerabilities should be fixed first, based on real-world exploitation.
A critical flaw in HPE OneView
The recently found vulnerability, tracked as CVE-2025-37164wears a CVSS score 10 out of 10 and allows remote code execution. The flaw affects HPE OneView, a platform used to manage IT infrastructure, and a The patch was released on December 17, 2025..
This critical vulnerability allows remote, unauthenticated access…
