A Microsoft zero-day vulnerability has been added to the KEV catalogue alongside a SmarterTools SmarterMail authentication bypass bug and a Broadcom RCE flaw.