‼️CISA has added 2 vulnerabilities to the KEV Catalog https://t.co/9idGUAHIKd CVE-2025-66376: S...
CISA has added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-66376, a cross-site scripting flaw in Synacor Zimbra Collaboration Suite with a CVSS of 7.1, and CVE-2026-20963, a deserialization vulnerability in Microsoft SharePoint with a CVSS of 8.8. KEV catalog inclusion indicates these vulnerabilities are actively exploited in the wild and should be prioritized for patching.
Summary
CISA has added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-66376, a cross-site scripting flaw in Synacor Zimbra Collaboration Suite with a CVSS of 7.1, and CVE-2026-20963, a deserialization vulnerability in Microsoft SharePoint with a CVSS of 8.8. KEV catalog inclusion indicates these vulnerabilities are actively exploited in the wild and should be prioritized for patching.
Indicators of Compromise
- cve — CVE-2025-66376
- cve — CVE-2026-20963