The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities affecting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, indicating that the two flaws are being exploited in the wild.
The first issue, tracked as CVE-2009-0556, is a code injection vulnerability in Microsoft Office PowerPoint that can allow remote attackers to execute arbitrary code via memory corruption. The second issue, CVE-2025-37164, impacts HPE OneView, allowing unauthenticated remote code execution.
HPE disclosed last month that CVE-2025-37164 affects all versions of OneView prior to 11.00 and released hotfixes for versions 5.20 through 10.
At the time of writing, there are no confirmed public reports about attacks exploiting the above-mentioned vulnerabilities.
Separately, Cisco has issued updates to address a vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The flaw, tracked as CVE-2026-20029, exists due to insufficient validation of user-supplied XML input. A remote privileged user can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
The Cisco vulnerability affects ISE and ISE-PIC releases earlier than 3.2, versions 3.2 through Patch 8, 3.3 through Patch 8, and 3.4 through Patch 4, while Release 3.5 is not vulnerable. Cisco said there are no workarounds available and acknowledged the existence of public proof-of-concept exploit code, although there is currently no evidence that the flaw has been exploited in the wild.
