The U.S. Cybersecurity and Infrastructure Security Agency (CISA) hasaddedtwo vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below -
CVE-2023-20963(CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability CVE-2023-29492(CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability