CP
cyberpings

Cisco, Kentico, Zimbra Vulnerabilities - Exploited Flaws Alert

CISA has flagged eight new vulnerabilities, including serious flaws in Cisco, Kentico, and Zimbra. These flaws are being actively exploited, putting organizations at risk. Immediate action is required to patch these vulnerabilities and protect sensitive data.

VulnerabilitiesHIGHUpdated: Published:
Featured image for Cisco, Kentico, Zimbra Vulnerabilities - Exploited Flaws Alert

Original Reporting

SWSecurityWeek·Ionut Arghire

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, CISA found serious security flaws in popular software that hackers are already using.

The Flaw

Recently, the US Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog by adding eight new flaws. Among these are significant vulnerabilities in Cisco, Kentico, and Zimbra products that have already been exploited in the wild. These flaws could allow attackers to gain unauthorized access or execute malicious code.

What's at Risk

The newly flagged vulnerabilities include:

⚠️

CVE-2026-20133

A high-severity information disclosure bug in **Cisco Catalyst SD-WAN Manager**. This flaw allows attackers to access the API and read sensitive information from the operating system.

🔓

CVE-2025-2749

A path traversal vulnerability in **Kentico Xperience** that can lead to remote code execution (RCE). Attackers can upload arbitrary files to the server, potentially compromising the system.

📤

CVE-2025-48700

An XSS vulnerability in **Zimbra Collaboration Suite** that allows attackers to execute JavaScript within a user's session by exploiting insufficient HTML sanitization.

Patch Status

CISA has urged federal agencies to patch these vulnerabilities promptly. The deadline for patching the Cisco and Zimbra flaws is April 23, while other vulnerabilities must be addressed by May 4. This highlights the urgency for organizations to remain vigilant and proactive in their cybersecurity measures.

Immediate Actions

Organizations using affected products should:

Containment

  • 1.Update Software: Ensure that all systems are updated with the latest patches from vendors.
  • 2.Monitor Systems: Keep an eye on logs for any suspicious activity that may indicate exploitation attempts.

Conclusion

The exploitation of these vulnerabilities emphasizes the critical need for timely updates and robust security practices. Organizations must prioritize patching to mitigate risks associated with these flaws. Failure to act could result in significant data breaches and operational disruptions.

🔒 Pro Insight

🔒 Pro insight: The rapid exploitation of these vulnerabilities underscores the necessity for organizations to implement continuous monitoring and timely patch management strategies.

Share

Related Pings

Preview image for iTerm2 Vulnerability - SSH Integration Allows Code Execution
Vulnerabilities
HIGH

iTerm2 Vulnerability - SSH Integration Allows Code Execution

A newly discovered flaw in iTerm2 allows attackers to execute code by simply viewing a malicious text file. This vulnerability affects macOS users, posing a significant risk. Caution is advised when handling untrusted files or SSH connections until a fix is available.

CSCyber Security News
Read PingRead Source
Preview image for SGLang CVE-2026-5760 - Critical RCE Vulnerability Disclosed
Vulnerabilities
CRITICAL

SGLang CVE-2026-5760 - Critical RCE Vulnerability Disclosed

A critical vulnerability in SGLang (CVE-2026-5760) allows remote code execution via malicious GGUF model files. Immediate action is needed to secure affected systems as hackers could weaponize these models to compromise servers.

THThe Hacker News+1 more
Read PingRead Source
Preview image for Progress Security Advisory - Critical Vulnerabilities Found
Vulnerabilities
HIGH

Progress Security Advisory - Critical Vulnerabilities Found

Progress has issued a security advisory for critical vulnerabilities in Kemp LoadMaster and MOVEit WAF products. Users must apply updates to mitigate risks. This affects multiple versions.

CCCanadian Cyber Centre Alerts
Read PingRead Source
Preview image for Lovable AI App Builder - Critical API Flaw Exposes Data, Legacy Projects at Risk
Vulnerabilities Widely Reported (3 sources)
HIGH

Lovable AI App Builder - Critical API Flaw Exposes Data, Legacy Projects at Risk

A critical API flaw in Lovable exposes sensitive data from thousands of projects. Unauthorized users can access source code and customer information. Immediate action is needed to mitigate risks.

CSCyber Security News+2 more
Read PingRead Source
Preview image for Serial-to-IP Converter Vulnerabilities Expose OT Systems
Vulnerabilities
HIGH

Serial-to-IP Converter Vulnerabilities Expose OT Systems

Forescout discovered 20 vulnerabilities in serial-to-IP converters, exposing OT and healthcare systems to remote hacking. Organizations must act quickly to patch these flaws and safeguard critical infrastructure.

SWSecurityWeek+1 more
Read PingRead Source
Preview image for Enterprise Remediation Benchmark - Compare Your Organization
Vulnerabilities
HIGH

Enterprise Remediation Benchmark - Compare Your Organization

In the last year, enterprises deployed millions of patches, yet many remain exposed due to delays in remediation. Discover how your organization compares to global benchmarks and improve your patch management strategy.

QLQualys Blog
Read PingRead Source