The US Cybersecurity and Infrastructure Security Agency (CISA) has identified and added three new vulnerabilities to its Exploited Vulnerabilities Catalog (KEV). These vulnerabilities impact Mitel’s MiCollab unified communications platform and Oracle WebLogic Server. The bugs in MiCollab, tracked as CVE-2024-41713 and CVE-2024-55550, allow threat actors to gain unauthorized access and administrative privileges, potentially compromising user and network information. The third bug, CVE-2020-2883 in Oracle WebLogic Server, enables remote access to vulnerable endpoints. Federal agencies have until late January 2025 to patch these vulnerabilities to mitigate risks. CISA emphasized the importance of addressing such vulnerabilities promptly due to the significant risks they pose to the federal enterprise. Mitel’s MiCollab, a widely used platform, remains a prime target for cybercriminals, as evidenced by recent patches to fix zero-day vulnerabilities.