U.S. CISA Adds Vulnerabilities in Sitecore CMS, XP, and GitHub Actions to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities affecting Sitecore CMS and XP, as well as GitHub Actions to its catalog of known exploited vulnerabilities (KEV). Among the vulnerabilities added is CVE-2019-9875, a deserialization of untrusted data with a CVSS score of 8.8. These additions aim to inform organizations of potential risks and encourage the implementation of patches to strengthen the security of their systems.