The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The two flaws are listed below –
CVE-2023-20963 (CVSS score: 7.8) – Android Framework Privilege Escalation Vulnerability
CVE-2023-29492 (CVSS score: TBD) – Novi Survey Insecure Deserialization Vulnerability