Tag: nvd
-
Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE
by
in SecurityNewsNo known exploits yet: Neither Endor Labs nor NIST’s NVD entry reported any exploit attempts using CVE-2025-30065 as of publication of this article. Apache silently pushed a fix with the release of 1.15.1 on March 16, 2025, with a GitHub redirect to changes made in the update.Endor Labs advised prompt patching of the vulnerability, which…
-
NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD
by
in SecurityNewsThe effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth. The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/nist-still-struggling-to-clear-vulnerability-submissions-backlog-in-nvd/
-
CVE-2025-24813: Apache Tomcat Vulnerable to RCE Attacks
by
in SecurityNewsIntroductionCVE-2025-24813 was originally published on March 10 with a medium severity score of 5.5, and Apache Tomcat released an update to fix it. On March 12, the first attack was detected in Poland by Wallarm researchers, even before a Proof-of-Concept (PoC) was made public. After the PoC was released on March 13 on GitHub and…
-
New Windows zero-day feared abused in widespread espionage for years
by
in SecurityNews.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Intruder Expands ‘Intel’ Vulnerability Intelligence Platform with AI-Generated CVE Descriptions
by
in SecurityNewsIntel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster. Intruder, a leader in attack surface management, has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, Intel. This new feature enhances cybersecurity professionals’ ability to quickly understand and assess vulnerabilities, addressing a…
-
NIST is chipping away at NVD backlog
by
in SecurityNewsThe National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/14/nist-nvd-backlog/
-
NVD Backlog Continues to Grow
by
in SecurityNewsDespite getting help, NIST is not keeping up with new vulnerability reports for the National Vulnerabilities Database, according to an analysis from F… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nvd-backlog-continues-to-grow
-
Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more
by
in SecurityNewsEssential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the n… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/making-sense-of-open-source-vulnerability-databases-nvd-osv-and-more/
-
93% of vulnerabilities unanalyzed by NVD since February
by
in SecurityNewsNew research from VulnCheck shows the NIST’s National Vulnerability Database has struggled to manage a growing number of reported vulnerabilities this… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366586172/93-of-vulnerabilities-unanalyzed-by-NVD-since-February
-
Rising exploitation in enterprise software: Key trends for CISOs
by
in SecurityNewsAction1 researchers found an alarming increase in the total number of vulnerabilities across all enterprise software categories. With the NVD’s delay … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/19/exploitation-enterprise-software/
-
NVD-Schwachstellendatenbank: NIST verpflichtet Unternehmen zur Mithilfe
by
in SecurityNewsFirst seen on heise.de Jump to article: www.heise.de/news/NVD-Schwachstellendatenbank-NIST-verpflichtet-Unternehmen-zur-Mithilfe-9756078.html
-
NIST Commits to Plan to Resume NVD Work
by
in SecurityNewsThe agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-commits-to-plan-resume-nvd-work
-
NVD Update: Help Has Arrived
by
in SecurityNewsThere’s hope yet for the world’s most beleaguered vulnerability database. The post hope yet for the world’s most beleaguered vulnerability database. T… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/nvd-update-help-has-arrived/
-
NIST says NVD will be back on track by September 2024
by
in SecurityNewsThe National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Com… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/30/nist-nvd-back-on-track/
-
NIST Getting Outside Help for National Vulnerability Database
by
in SecurityNewsNIST is receiving support to get the NVD and CVE processing back on track within the next few months. The post receiving support to get the NVD and CV… First seen on securityweek.com Jump to article: www.securityweek.com/nist-getting-outside-help-for-national-vulnerability-database/
-
NVD cutbacks hamper NIST’s vulnerability analysis
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/nvd-cutbacks-hamper-nists-vulnerability-analysis
-
NIST Struggles with NVD Backlog as 93% of Flaws Remain Unanalyzed
by
in SecurityNewsThe funding cutbacks announced in February have continued to hobble NIST’s ability to keep the government’s National Vulnerabilities Database (NVD) up… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/nist-struggles-with-nvd-backlog-as-93-of-flaws-remain-unanalyzed/
-
The private sector probably isn’t coming to save the NVD
by
in SecurityNews
Tags: nvdFirst seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/threat-source-newsletter-april-25-2024/
-
NVD Leaves Exploited Vulnerabilities Unchecked
by
in SecurityNewsOver half of CISA’s known exploited vulnerabilities disclosed since February 2024 have not yet been analyzed by NIST’s National Vulnerability Database… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nvd-exploited-vulnerabilities/
-
What’s the deal with the massive backlog of vulnerabilities at the NVD?
by
in SecurityNewsGiven the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what … First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/nvd-vulnerability-backlog-the-need-to-know/
-
NVD Update: More Problems, More Letters, Some Questions Answered
by
in SecurityNewsWe’re not saying the NVD is dead but it’s not looking good. The post t saying the NVD is dead but it’s not looking good. The post t saying the NVD is … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/nvd-update-more-problems-more-letters-some-questions-answered/
-
Experts Warn the NVD Backlog Is Reaching a Breaking Point
by
in SecurityNewsFederal Database Nears 10,000 Unanalyzed Vulnerabilities Amid Halt in Operations. The National Vulnerability Database is currently suffering from a ba… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/experts-warn-nvd-backlog-reaching-breaking-point-a-25191
-
RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-launches-vulnrichment-program/
-
#RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-launches-vulnrichment-program/
-
Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation
by
in SecurityNewsAn open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/open-letter-nist-restore-nvd/
-
NVD’s Backlog Triggers Public Response from Cybersec Leaders
by
in SecurityNewsThe National Vulnerability Database (NVD) has been experiencing a mounting backlog in enriching CVEs. Learn more about what’s happening. The post onal… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/nvds-backlog-triggers-public-response-from-cybersec-leaders/
-
NIST Wants Help Digging Out of Its NVD Backlog
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-needs-help-digging-out-of-its-vulnerability-backlog
-
NIST is working on longer-term solutions
by
in SecurityNewsThe recent conspicuous faltering of the National Vulnerability Database (NVD) is >>based on a variety of factors, including an increase in software an… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/03/nvd-nist-support-solutions/
-
Sicherheitslückendatenbank NVD: NIST sucht den Ausweg aus Analyserückstand
by
in SecurityNewsFirst seen on heise.de Jump to article: www.heise.de/news/Sicherheitslueckendatenbank-NVD-NIST-sucht-den-Ausweg-aus-Analyserueckstand-9673988.html