Ongoing active exploitation of two security vulnerabilities impacting Oracle's E-Business suite, tracked as CVE-2022-21587, and SugarCRM offerings, tracked as CVE-2023-22952, have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities Catalog, reports The Record, a news site by cybersecurity firm Recorded Future.