CISA adds five exploited vulnerabilities to its KEV catalog, including flaws in Cisco, Microsoft, and Progress software.