CVE-2020-9715 - Vulnerability Analysis

Chris

@Chris

Apr 13, 2026

CISA Adds Seven Known Exploited Vulnerabilities to Catalog CVE-2012-1854 Visual Basic for Applications Insecure Library Loading CVE-2020-9715 Adobe Acrobat Use-After-Free CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted CVE-2023-36424 Microsoft Windows Out-of-Bounds Read CVE-2025-60710 Microsoft Windows Link Following CVE-2026-21643 Fortinet SQL Injection CVE-2026-34621 Adobe Acrobat Reader Prototype https://www.cisa.gov/news-events/alerts/2026/04/13/cisa-adds-seven-known-exploited-vulnerabilities-catalog #cybersecurity #cisa #adobe #microsoft

ZEN SecDB

@secdb

Apr 13, 2026

🚨 [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413) CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. ⚠️ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854) - Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Microsoft - Product: Visual Basic for Applications (VBA) - Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854 ⚠️ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715) - Name: Adobe Acrobat Use-After-Free Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Adobe - Product: Acrobat - Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715 ⚠️ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529) - Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Microsoft - Product: Exchange Server - Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529 ⚠️ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424) - Name: Microsoft Windows Out-of-Bounds Read Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Microsoft - Product: Windows - Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424 ⚠️ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710) - Name: Microsoft Windows Link Following Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Microsoft - Product: Windows - Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710 ⚠️ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643) - Name: Fortinet SQL Injection Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Fortinet - Product: FortiClient EMS - Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643 ⚠️ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621) - Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Adobe - Product: Acrobat and Reader - Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621 #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621

AA

@AAKL

Apr 13, 2026

CISA has updated the KEV catalogue: - CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621 - CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643 - CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715 - CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424 - CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529 - CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710 - CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability

CISA KEV Tracker

@cisakevtracker

Apr 13, 2026

CVE ID: CVE-2020-9715 Vendor: Adobe Product: Acrobat Date Added: 2026-04-13 CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-9715

ZEN SecDB

@secdb

Apr 13, 2026

🚨 [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413) CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. ⚠️ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854) - Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Microsoft - Product: Visual Basic for Applications (VBA) - Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854 ⚠️ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715) - Name: Adobe Acrobat Use-After-Free Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Adobe - Product: Acrobat - Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715 ⚠️ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529) - Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Microsoft - Product: Exchange Server - Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529 ⚠️ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424) - Name: Microsoft Windows Out-of-Bounds Read Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Microsoft - Product: Windows - Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424 ⚠️ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710) - Name: Microsoft Windows Link Following Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Microsoft - Product: Windows - Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710 ⚠️ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643) - Name: Fortinet SQL Injection Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Fortinet - Product: FortiClient EMS - Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643 ⚠️ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621) - Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Adobe - Product: Acrobat and Reader - Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621 #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621

AA

@AAKL

Apr 13, 2026

CISA has updated the KEV catalogue: - CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621 - CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643 - CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715 - CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424 - CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529 - CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710 - CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability

CISA KEV Tracker

@cisakevtracker

Apr 13, 2026

CVE ID: CVE-2020-9715 Vendor: Adobe Product: Acrobat Date Added: 2026-04-13 CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-9715