
CISA Adds Actively Exploited iCagenda and Balbooa Forms RCE Flaws to KEV
The Cybersecurity and Infrastructure Security Agency (CISA) added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on July 10, 2026, citing confirmed evidence of in-the-wild exploitation. Both flaws affect widely used WordPress plugins and share a common root cause: unrestricted file upload, a vulnerability class that frequently enables remote code execution (RCE). […]
The post CISA Adds Actively Exploited iCagenda and Balbooa Forms RCE Flaws to KEV appeared first on Cyber Security News.