CISA released its latest update to the Known Exploited Vulnerabilities catalog, adding 13 new vulnerabilities. Nine of the vulnerabilities have a remediation date of February 1, and four of them have a remediation date of July 18.
The list includes an October CMS Improper Authentication, a System Information Library for node.js Command Injection vulnerability, an Oracle Corporate Business Intelligence Enterprise Edition Path Traversal vulnerability, an Apache Airflow Experimental API Authentication Bypass vulnerability, a Drupal Core Unrestricted Upload of File vulnerability, and three Nagios XI OS Command Injection vulnerabilities.
Neosec Vice President, Edward Roberts echoed that sentiment, adding that the volume of vulnerabilities involving APIs will continue to increase because there are more APIs being developed each day. Most organizations, he said, "don't even know how many APIs they have, let alone which ones have vulnerabilities, let alone consider how they are being defrauded by abusive behavior."