CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities catalog, including two Windows privilege escalation flaws from 2023 and 2025, and a five-year-old Adobe Acrobat bug that allows arbitrary code execution. The warning also covers recent zero-day exploits in Adobe Reader and Fortinet FortiClient, plus an Exchange vulnerability linked to the Medusa ransomware gang and a 2012 Visual Basic flaw that's seeing renewed exploitation. Federal agencies have two weeks to patch most of these vulnerabilities, with the Fortinet bug requiring immediate attention by mid-April.