The CISA has added 95 vulnerabilities in actively exploited security flaws. This is one of the largest chunks of CVEs added to its Known Exploited Vulnerabilities Catalog since the issue of the binding operational directive in November last year.

The actively exploited flaws

According to the CISA, federal agencies are given around three weeks to patch the newly added 95 security flaws. Around eight of these flaws have high critical severity scores of 9.8.

The old security vulnerabilities

The list further includes bugs in old products that have already reached the end of life, such as Adobe Flash Player. According to the report, most organizations are still using such old software products, posing a risk of exploitation.


The cybersecurity agency recommends all entities fix the security issues added to its known vulnerabilities catalog. Moreover, applying security updates should be a priority for firms in both the public and private sectors. Doing so limits the exposure to cyberattacks and stops attackers from accessing a network.

Cyware Publisher