Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CISA — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting CISA. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Cybersecurity and Infrastructure Security Agency (CISA) serves as the nation's risk advisor for critical infrastructure protection, focusing on safeguarding essential systems from cyber threats. Historically, common vulnerabilities affecting CISA systems include remote code execution, cross-site scripting, and privilege escalation flaws, with 12 CVEs currently documented. While CISA maintains robust security protocols, notable incidents include the 2020 breach attributed to foreign actors compromising its networks. The agency continuously enhances its defensive posture to protect federal systems and provide cybersecurity guidance to public and private sectors, addressing evolving threats to national infrastructure security.

Top products by CISA: Thorium Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek Software Acquisition Guide Tool manage.get.gov
CVE IDTitleCVSSSeverityPublished
CVE-2026-43510 CISA manage.get.gov insecure portfolio administrative privileges — manage.get.govCWE-266 7.6 High2026-05-07
CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS — Software Acquisition Guide ToolCWE-79 4.4 Medium2025-12-12
CVE-2025-35436 CISA Thorium account verification email error handling — ThoriumCWE-248 5.3 Medium2025-09-17
CVE-2025-35435 CISA Thorium download stream divide by zero — ThoriumCWE-369 4.3 Medium2025-09-17
CVE-2025-35434 CISA Thorium does not validate TLS connections to Elasticsearch — ThoriumCWE-295 4.2 Medium2025-09-17
CVE-2025-35433 CISA Thorium does not properly invalidate previously used tokens — ThoriumCWE-613 5.0 Medium2025-09-17
CVE-2025-35432 CISA Thorium does not rate limit account verification email messages — ThoriumCWE-400 5.3 Medium2025-09-17
CVE-2025-35431 CISA Thorium LDAP injection — ThoriumCWE-90 5.4 Medium2025-09-17
CVE-2025-35430 CISA Thorium insecure downloaded file path validation — ThoriumCWE-22 5.0 Medium2025-09-17
CVE-2023-7242 Ethercat Zeek Plugin Out-of-bounds Read — Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for ZeekCWE-125 8.2 High2024-03-01
CVE-2023-7243 Ethercat Zeek Plugin Out-of-bounds Write — Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for ZeekCWE-787 9.8 Critical2024-03-01
CVE-2023-7244 Ethercat Zeek Plugin Out-of-bounds Write — Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for ZeekCWE-787 9.8 Critical2024-03-01

This page lists every published CVE security advisory associated with CISA. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.