CISA has added four known exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation of flaws affecting SimpleHelp, Samsung MagicINFO 9 Server and the D-Link DIR-823X series routers.
The entries are CVE-2024-57726 (CVSS 9.9) describing a missing authorisation vulnerability in SimpleHelp that could let low-privileged technicians create API keys with excessive permissions, and CVE-2024-57728 (CVSS 7.2) a path traversal issue in SimpleHelp enabling arbitrary file uploads via a crafted zip file.
Also listed is CVE-2024-7399 (CVSS 8.8) a path traversal vulnerability in Samsung MagicINFO 9 Server allowing an attacker to write arbitrary files as system authority, and CVE-2025-29635 (CVSS 7.5) a command injection vulnerability in end-of-life D-Link DIR-823X routers enabling remote command execution. To mitigate the threats, organisations are advised to apply the fixes or discontinue use of the affected appliance for CVE-2025-29635 by 8 May 2026, according to CISA.