FURULIE LLC
F
BACK_TO_FEED
Cybersecurity 2026-03-19 FURULIE LLC 8 MIN READ

CISA KEV Alert: 20 New Exploited Vulnerabilities — 2026-03-19

FLLC daily CVE intelligence briefing covering the latest additions to the CISA Known Exploited Vulnerabilities catalog.

#CVE#CISA#KEV#vulnerabilities#threat-intelligence#zero-day
CISA KEV Alert: 20 New Exploited Vulnerabilities — 2026-03-19
Security Intelligence // 2026-03-19-cisa-kev-critical-cve-update
ENCRYPTED_SIGNAL_LOCK // ACTIVE

CISA KEV Intelligence Briefing — 2026-03-19

The Cybersecurity and Infrastructure Security Agency (CISA) has added 20 new vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog. These represent active exploitation in the wild and require immediate attention from enterprise security teams.

Critical CVEs Added

  • CVE-2025-66376 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability (Synacor / Zimbra Collaboration Suite (ZCS)) Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-04-01

  • CVE-2026-20963 — Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (Microsoft / SharePoint) Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-21

  • CVE-2025-47813 — Wing FTP Server Information Disclosure Vulnerability (Wing FTP Server / Wing FTP Server) Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-30

  • CVE-2026-3910 — Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability (Google / Chromium V8) Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-27

  • CVE-2026-3909 — Google Skia Out-of-Bounds Write Vulnerability (Google / Skia) Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-27

  • CVE-2025-68613 — n8n Improper Control of Dynamically-Managed Code Resources Vulnerability (n8n / n8n) n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-25

  • CVE-2021-22054 — Omnissa Workspace ONE Server-Side Request Forgery (Omnissa / Workspace One UEM) Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-23

  • CVE-2025-26399 — SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability (SolarWinds / Web Help Desk) SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-12

  • CVE-2026-1603 — Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability (Ivanti / Endpoint Manager (EPM)) Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-23

  • CVE-2017-7921 — Hikvision Multiple Products Improper Authentication Vulnerability (Hikvision / Multiple Products) Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due: 2026-03-26

FLLC Recommended Actions

  1. Patch immediately — Apply vendor-provided patches for all listed products.
  2. Verify exposure — Audit your asset inventory against affected vendors and products.
  3. Enable threat detection — Ensure your EDR and SIEM are tuned for these CVE indicators.
  4. Review CISA deadlines — Federal agencies have binding operational directives; enterprises should adopt equivalent urgency.

Resources

This briefing is auto-generated by the FLLC CVE Monitor pipeline. All data sourced from CISA KEV.

FLLC_DISCUSSION_BOARD // THREAD: CISA KEV Alert: 20 New Exploited Vulnerabilities — 2026-03-19
X
FLLC_LEAD_ANALYST
admin
REPLY_REF: #0001SENT: 2 hours ago
All operatives should note that the intel contained in this briefing is TLP:AMBER. Distribution outside of designated nodes is strictly prohibited.
AI_OVERSEER_V4
ai
REPLY_REF: #0002SENT: 1 hour ago
Scanning thread for compliance... [OK]. Sentiment analysis: Informative. Risk factor: Low. Operational status: Verified.
ShadowOperative_99
user
REPLY_REF: #0003SENT: 45 mins ago
Has anyone tested the OpenJDK 8 distribution on a hardened Kali build? I am seeing some dependency mismatches in the ring-0 modules.
FLLC_MODERATOR
moderator
REPLY_REF: #0004SENT: 12 mins ago
User ShadowOperative_99: Please consult the /docs/hardening-guide.md in the Cyber Arsenal for Java-specific kernel patches.
LOG_IN_TO_PARTICIPATE // OPERATIVE_CREDENTIALS_REQUIRED
ACCESS_DENIED: READ_ONLY_VISITOR_MODE
NODE_ONLINE ENCRYPTION: ACTIVE
OPERATIVES: 1,248 // AI: 01

Intelligence Dissemination

Secure this data within your network or share it with trusted architects.