CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2023-1389 TP-Link Archer AX-21 Command Injection Vulnerability
- CVE-2021-45046 Apache Log4j2 Deserialization of Untrusted Data Vulnerability
Source: U.S. Cybersecurity and Infrastructure Security Agency
- Related story: CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans
- Related story: CISA Releases One Industrial Control Systems Medical Advisory