CISA Warns of Plex Vulnerability Linked to LastPass Hack
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Plex Media Server and VMware products to its Known Exploited Vulnerabilities (KEV) catalog. The first vulnerability, CVE-2020-5741, is a high-severity deserialization issue in Plex Media Server that can be exploited to execute arbitrary Python code, remotely. The second vulnerability, CVE-2021-39144, is a remote code execution issue in XStream, which was recently seen being exploited in malicious attacks targeting VMware products. CVEs: CVE-2020-5741, CVE-2021-39144 [View Article](https://www.securityweek.com/cisa-warns-of-plex-vulnerability-linked-to-lastpass-hack/)