More results...
The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth.
The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek.
Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a m…
Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE Caldera MITRE Caldera is a platform built on the MITRE AT…
Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access.
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use it …
VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven…
CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects…
An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone of most of their applications, according to Azul. When including Java-based …
Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Decoding HTTP/2 Rapid Reset (CVE-2023-44487) In late August…
September has been a packed month of continuous updates. New operating systems were released from Apple and Microsoft, and several vulnerabilities exploited in web services resulted in a domino effect of zero-day releases for many vendors. If you haven…