CISA has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, urging FCEB agencies to patch them by February 25, 2025. The flaws include CVE-2024-45195, a forced browsing issue in Apache OFBiz (fixed September 2024); CVE-2024-29059, an information disclosure bug in Microsoft .NET Framework (fixed March 2024); CVE-2018-9276, an OS command injection in Paessler PRTG Network Monitor (fixed April 2018); and CVE-2018-19410, a local file inclusion flaw in Paessler PRTG (fixed April 2018). While patches exist, no public reports detail real-world exploitation methods.

‍