#cve

[ follow ]
fromTheregister
1 day ago

CVE, CVSS scores need overhauling, argues Codific CEO

His analysis cites academic research published in August as part of the USENIX Security Symposium. The paper, "Confusing Value with Enumeration: Studying the Use of CVEs in Academia," (Moritz Schloegel et al.), reports that 34 percent of 1,803 CVEs cited in research papers over the past five years either have not been publicly confirmed or have been disputed by maintainers of the supposedly vulnerable software projects. The authors argue that CVEs should not be taken as a proxy for the real-world impact of claimed vulnerabilities.
Information security
fromTheregister
3 days ago

Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack

Spooky season is in full swing, and this extends to Microsoft's October Patch Tuesday with security updates for a frightful 175 Microsoft vulnerabilities, plus an additional 21 non-Microsoft CVEs. And even scarier than the sheer number of bugs: three are listed as under attack, with three others publicly known, and 17 deemed critical security holes. Let's start with the flaws that attackers already found and exploited before Redmond pushed patches.
Information security
Information security
fromThe Verge
2 weeks ago

Unity discloses a years-old security exploit and urges developers to update their games

Major Unity security vulnerability dating to 2017 requires developers who released Windows, Android, or macOS builds to update to patched Unity versions immediately.
fromSecurityWeek
1 month ago

Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities

iOS 26 and iPadOS 26 were released for the latest generation iPhone and iPad devices with fixes for 27 unique CVEs that could lead to memory corruption, information disclosure, crashes, and sandbox escapes. WebKit received the largest number of fixes, at five, for security defects that could lead to process crashes, Safari crashes, or could allow websites to access sensor information without consent.
Apple
Information security
fromTheregister
1 month ago

CISA attempts to assert control over CVE in vision outline

CISA aims to assert governmental control over the CVE program, transitioning it from a growth era to a government-led "quality era" beginning in 2025.
fromThe Hacker News
2 months ago

Google's August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6) by the chipmaker back in June 2025.
Privacy technologies
#cybersecurity
fromHackernoon
2 years ago
EU data protection

Attaxion Becomes The First EASM Platform To Integrate ENISA's EU Vulnerability Database (EUVD) | HackerNoon

Information security
fromDevOps.com
5 months ago

INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense - DevOps.com

Ongoing practical training with CVEs is essential for cybersecurity teams to transition from reactive to proactive readiness.
Information security
fromHackernoon
2 years ago

Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense | HackerNoon

Transforming security teams from reactive to proactive defenders is vital, requiring hands-on practice with real-world vulnerabilities.
fromHackernoon
2 years ago
EU data protection

Attaxion Becomes The First EASM Platform To Integrate ENISA's EU Vulnerability Database (EUVD) | HackerNoon

fromDevOps.com
5 months ago
Information security

INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense - DevOps.com

fromHackernoon
2 years ago
Information security

Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense | HackerNoon

fromTechzine Global
3 months ago

An average of 131 CVE reports per day

The number of CVE reports is projected to exceed 40,000 in 2025, with an average of 131 reports per day observed in early 2025.
Information security
Information security
fromTheregister
4 months ago

Salesforce fixes 5 bugs following spate of reported issues

Salesforce identified five significant vulnerabilities related to configuration weaknesses, urging customers to secure their setups.
fromZero Day Initiative
4 months ago

Zero Day Initiative - The June 2025 Security Update Review

Adobe's June 2025 updates address 254 CVEs across multiple products, prioritizing those in Commerce and introducing a substantial fix for Experience Manager, despite no known exploits.
Web frameworks
Node JS
fromThe Cyber Express
4 months ago

Multer Vulnerabilities Expose Node.js Apps To DoS Attacks

Two critical vulnerabilities in Multer could crash Node.js applications through malformed uploads, emphasizing the need for immediate updates.
Information security
fromThe Hacker News
5 months ago

SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models

Two significant security vulnerabilities in SonicWall's SMA100 appliances have been exploited, urging users to review their devices for unauthorized logins.
fromTheregister
6 months ago

The splintering of a standard bug tracking system has begun

"Dependence on the largesse of a single, and now volatile, government48;that's a serious flaw. The CVE funding fiasco is a wake-up call for the industry."
Privacy professionals
[ Load more ]