The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about UnRAR and Windows Vulnerabilities that are exploited in the wild, based on evidence of active exploitation.
CISA also added them to its list of Known Exploited Vulnerabilities Catalogs.
For those unversed, the Known Exploited Vulnerabilities Catalog is a list of vulnerabilities that CISA has identified as being exploited, or that have been used by threat actors.
Both security Vulnerabilities have received a high-severity score and are directory traversal vulnerabilities that could help attackers plant malware on a target system.
The vulnerability was reported in late June by cybersecurity researcher Simon Scannell from SonarSource.
Exploit code has been added to the Metasploit penetration testing software earlier this month.
For both vulnerabilities, CISA and other federal agencies in the U.S. are expecting to apply the latest updates from the vendors by or before August 30.