The Cybersecurity & Infrastructure Security Agency (CISA) added 21 new vulnerabilities to its Known Exploited Vulnerabilities Catalog on May 23, 2022, due to active exploitation by cyber criminals. The vulnerabilities are a “frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.”

Although the alert is directed at federal agencies, CISA “strongly urges all organizations to reduce their exposure to cyber-attacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerabilities management practice.” The Catalog can be accessed here.