cveID | vendorProject | vulnerabilityName | dateAdded | shortDescription | requiredAction | dueDate |
CVE-2026-2441 | Google | Google Chromium CSS Use-After-Free Vulnerability | 2026-02-17 | Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-03-10 |
CVE-2008-0015 | Microsoft | Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability | 2026-02-17 | Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-03-10 |
CVE-2024-7694 | TeamT5 | TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability | 2026-02-17 | TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system commands on the server. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-03-10 |
CVE-2020-7796 | Synacor | Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability | 2026-02-17 | Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-03-10 |
확인 시간 : 2026-02-18 06:15
KISA 보안취약점 정보포털 진흥원 : 취약점 정보 공유 > 보안공지
[게시판] https://knvd.krcert.or.kr/securityNotice.do
[게시글] https://knvd.krcert.or.kr/detailSecNo.do?IDX=6697
제목 : 美 CISA 발표 주요 Exploit 정보공유(Update. 2026-02-17)
* 참조 링크 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog
cveID
vendorProject
vulnerabilityName
dateAdded
shortDescription
requiredAction
dueDate
CVE-2026-2441
Google
Google Chromium CSS Use-After-Free Vulnerability
2026-02-17
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
2026-03-10
CVE-2008-0015
Microsoft
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
2026-02-17
Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
2026-03-10
CVE-2024-7694
TeamT5
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
2026-02-17
TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system commands on the server.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
2026-03-10
CVE-2020-7796
Synacor
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
2026-02-17
Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
2026-03-10