Funding shortages and incomplete coverage in critical vulnerability databases are increasing the risk for defenders. Patrick ...

CVEs added to the NVD – May 13, 2024. Source: Jerry Gamblin, via CVE.ICU The CVE program, run by MITRE, is still running. Infosecurity has contacted NIST about the alleged CVE uploading halt. A NIST ...

The future demands a decentralized, resilient, & context-rich vulnerability intelligence infrastructure.  By Jonathan Sar Shalom ...

Google fixed CVE-2025-5419 in Chrome after detecting active exploitation, affecting all platforms using V8 engine.

It was patched in July last year. The NIST CVE database entry for the flaw says it can be exploited across a network by an ...

Google released a fresh Chrome 137 update to address three vulnerabilities, including a high-severity bug exploited in the ...

“We want to get away from needing any human analysis for CVE enrichment. Recent developments in AI could help,” Brewer insisted. Before VulnCon, many vulnerability researchers criticized NIST’s ...

“The current vulnerability ecosystem is fragile after seeing NIST NVD’s failure last year, and any impacts to the CVE Program could have detrimental impacts on defenders and the security communit ...

“Comparing Flashpoint’s VulnDB coverage to MITRE and NIST, CVE / NVD failed to report and detail 27.3 % of all known disclosed vulnerabilities in the first half of 2022,” the report sai ...

MITRE's troubles in keeping the CVE program funded come as NIST is also scrambling to clear a large backlog of CVEs that need enrichment for its National Vulnerability Database (NVD).

Then a couple of weeks ago, ESET noted that APT28 had leveraged cross-site scripting (XSS) vulnerabilities in various webmail servers such as Roundcube, Horde, MDaemon, and Zimbra to harvest ...

“We are assigning this status to older CVEs to indicate that we do not plan to prioritise updating NVD enrichment or initial NVD enrichment data due to the CVE’s age,” NIST said in a statemen ...