Actively abused security issues newly included by the Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities catalog reached 185 this year, compared with 187 in 2023, bringing the total of flaws added by the agency since the catalog's inception over two years ago to 1,238, The Cyber Express reports.
Newly emergent vulnerabilities accounted for the majority of flaws added to the KEV catalog this year but 60 to 70 of the fresh entries were years-old bugs, the oldest of which is the Internet Explorer use-after-free issue, tracked as CVE-2012-4792, an analysis of the CISA's KEV catalog revealed.
Meanwhile, OS command injection vulnerabilities enabling unauthorized control were the most prevalent flaw type, followed by deserialization of untrusted data, use-after-free, path traversal, and improper authentication bugs.
Additional findings showed Microsoft to have the highest number of newly added flaws in the KEV this year, followed by Ivanti, Google Chrome, Adobe, and Apple.
