Oracle WebLogic Flaw Added to KEV; Critical RCEs Disclosed
CISA adds actively exploited Oracle WebLogic flaw to KEV; critical RCEs and credential exposure found in Progress, Cloud Foundry, and Android.

CISA has added Oracle WebLogic Server vulnerability CVE-2024-21182 to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation. This critical flaw allows unauthenticated attackers to easily exploit the Core component of Oracle Fusion Middleware. Versions 12.2.1.4.0 and 14.1.1.0.0 are affected. Organizations are urged to patch immediately to mitigate risks associated with this actively exploited vulnerability, as detailed by The Hacker News and BleepingComputer.
A significant number of critical vulnerabilities have been disclosed across various platforms. Progress Sitefinity faces multiple high-impact flaws, including CVE-2026-7312 and CVE-2026-7198, which allow for credential exposure and unauthorized access to sensitive content. Similarly, Cloud Foundry UAA is vulnerable to private key exposure via its public token endpoint in CVE-2026-40965. Android servers are also impacted by a missing permission check in CVE-2026-0072, potentially leading to local privilege escalation, as noted in Vypr Intelligence.
The industrial and embedded device sectors are not spared, with several critical vulnerabilities reported. Jinan USR IOT Technology Limited's USR-W610 converter contains hardcoded administrative credentials in its firmware, detailed in CISA advisory ICSA-26-148-02, making it vulnerable via CVE-2026-7786. Furthermore, multiple OS command injection vulnerabilities have been found in Waterfall WF-500 TX and RX Hosts (CVE-2025-41269, CVE-2025-41270, CVE-2025-41274, CVE-2025-41275, CVE-2025-41272, CVE-2025-41276, CVE-2025-41273), allowing remote attackers to execute arbitrary commands and bypass authentication, as highlighted by Nozomi Networks Labs.
Several other critical vulnerabilities have been disclosed, impacting a range of software and hardware. Dokploy, a self-hostable PaaS, has multiple critical flaws including OS command injection (CVE-2026-45629) and hardcoded secrets, as reported by Vypr Intelligence. FreePBX versions are susceptible to unauthorized access via hard-coded credentials in the User Control Panel (UCP) if not changed (CVE-2026-46376). Additionally, RAGFlow (CVE-2026-45312) and Arm Whois (CVE-2018-25427) have critical vulnerabilities related to command injection and buffer overflows, respectively.