Three actively exploited security flaws impacting TP-Link Archer AX-21 routers, the Apache Log4j2 logging library, and Oracle WebLogic Servers have been added by the Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities catalog, reports The Hacker News. Mirai botnet actors have been leveraging the command injection vulnerability in TP-Link Archer AX-21, tracked as CVE-2023-1389, in attacks seeking to achieve remote command execution since April 11, while up to 74 unique IP addresses were observed by GreyNoise to have been used to exploit the RCE flaw in Apache Log4j2, tracked as CVE-2021-45046, during the past month. Moreover, Oracle WebLogic is being impacted by an unspecified bug, tracked as CVE-2023-21839, which was found to have proof-of-concept exploits but no publicly reported exploitations. All of the newly added flaws should be addressed by federal agencies by May 22, according to CISA. Such a KEV catalog update follows a VulnCheck study revealing the absence of 42 abused flaws in the catalog, most of which were leveraged by Mirai-like botnets.