CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including a D-Link router Cross-Site Request Forgery vulnerability, an information disclosure vulnerability in another D-Link router, and an out-of-bounds memory write vulnerability in Google Chromium V8. These vulnerabilities are common targets for cyberattacks and are considered high risks for federal systems. To address these risks, Federal Civilian Executive Branch agencies are required to remediate these vulnerabilities by specific deadlines as outlined in the Binding Operational Directive (BOD) 22-01
Although the directive applies to FCEB agencies, CISA strongly recommends that all organizations prioritize timely vulnerability remediation to mitigate cyber threats. CISA will continue to update the catalog with vulnerabilities that meet the defined criteria. ```https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog