The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with a number of security vulnerabilities, indicating in-the-wild exploitation.
One of them is an Oracle WebLogic Server flaw, tracked as CVE-2024-21182, which is an improper input validation issue that allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. Since details of the vulnerability became public, several proof-of-concept (PoC) exploits have been released.
Another actively exploited flaw is CVE-2026-0257, a security restrictions bypass in Palo Alto Networks’ GlobalProtect portal, which can be abused to establish an unauthorized VPN connection.
CISA has also flagged as exploited CVE-2025-48595, an Android Framework integer overflow issue that allows a local application to escalate privileges on the device.
Last but not least, is an older bug in Linux kernel (CVE-2022-0492), which could allow for privilege escalation via the cgroups v1 release_agent feature.
CISA didn’t provide any details on the nature of the exploitation of the above-mentioned vulnerabilities.