Five new security flaws impacting Oracle, Microsoft, Apple, and Kentico offerings have been included in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the issues by Nov. 10, The Hacker News reports.

Leading the newly added vulnerabilities is the high-severity Oracle E-Business Suite server-side request forgery bug, tracked as CVE-2025-61884, which could be leveraged to compromise critical data even without authentication, according to CISA.

Such an Oracle EBS defect was discovered following the active exploitation of the critical bug, tracked as CVE-2025-61882, which had already been leveraged to breach dozens of organizations. Also included by CISA were the high-severity Windows SMB Client improper access control flaw, tracked as CVE-2025-33073, which could facilitate elevated privileges, and the high-severity Apple JavaScriptCore improper array index validation issue, tracked as CVE-2022-48503, which could be harnessed for arbitrary code execution.

CISA also added a pair of critical authentication bypass bugs in Kentico Xperience CMS, tracked as CVE-2025-2746 and CVE-2025-2747. More details on the exploitation of the four vulnerabilities were not provided.