InfoSecBulletin Cybersecurity for mankind
CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog on Monday due to evidence of active exploitation.
The list of flaws is as follows:
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the WildÂ
AI-designed First ‘universal vaccine’ tested in humans
China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%
Hacker now exploits recently patched SolarWinds Serv-U flaw
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
CVE-2026-20230
Cisco Patches in Unified CM as Exploit Code Goes Public
1-Click GitHub Token Flaw Allows Attackers Steal Users’ OAuth Tokens
CVE-2014-3931 (CVSS score: 9.8) A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory write and memory corruption.
CVE-2016-10033 (CVSS score: 9.8) A command injection vulnerability in PHPMailer that could allow an attacker to execute arbitrary code within the context of the application or result in a denial-of-service (DoS) condition.
CVE-2019-5418 (CVSS score: 7.5) A path traversal vulnerability in Ruby on Rails’ Action View that could cause contents of arbitrary files on the target system’s file system to be exposed
CVE-2019-9621 (CVSS score: 7.5) A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could result in unauthorized access to internal resources and remote code execution.
No public reports exist on the exploitation of the first three vulnerabilities in real attacks. However, Trend Micro linked the exploitation of CVE-2019-9621 to a Chinese threat actor named Earth Lusca in September 2023, who used it to deploy web shells and Cobalt Strike.
