현재 자주 악용되고 있는 취약점 목록으로, 취약한 버전의 SW를 사용 중인 경우 긴급 패치를 권고 드립니다. * 참조 링크 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog| cveID | vendorProject | vulnerabilityName | dateAdded | shortDescription | requiredAction | dueDate |
|---|
| CVE-2025-40536 | SolarWinds | SolarWinds Web Help Desk Security Control Bypass Vulnerability | 2026-02-12 | SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-02-15 |
|---|
| CVE-2025-15556 | Notepad++ | Notepad++ Download of Code Without Integrity Check Vulnerability | 2026-02-12 | Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-03-05 |
|---|
| CVE-2024-43468 | Microsoft | Microsoft Configuration Manager SQL Injection Vulnerability | 2026-02-12 | Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-03-05 |
|---|
| CVE-2026-20700 | Apple | Apple Multiple Buffer Overflow Vulnerability | 2026-02-12 | Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-03-05 |
|---|
|
|
로그인
보안공지