CISA adds Oracle WebLogic CVE-2024-21182 to KEV catalog
CISA added the two-year-old Oracle WebLogic auth-bypass CVE-2024-21182 to KEV on June 1, citing active exploitation. Federal agencies have until June 4 to patch.
Stories tagged: #cisa
CISA flags Langflow CVE-2025-34291: CORS chain yields RCE
CISA added CVE-2025-34291 to the KEV catalog on May 21. An overly permissive CORS plus a misconfigured refresh-token cookie chain to account takeover and code execution in Langflow ≤ 1.6.9.