CISA added a Microsoft SharePoint RCE flaw to its exploited bugs catalog after confirming active attacks on unpatched servers.