CVE Archives

Infosec pros: We need CVSS, warts and all

The Common Vulnerability Scoring System has a lot of critics, but experts say it’s still the best unified way to share the severity of cybersecurity flaws.

Feb 5, 2025 By Cynthia Brumfield

Android patches several vulnerabilities in first security update of 2025

The bulletin identifies five critical remote code execution (RCE) vulnerabilities affecting the core components of Android’s system.

Jan 7, 2025 By Greg Otto

Industrial networking manufacturer Moxa reports ‘critical’ router bugs

Moxa says the flaws can be used to bypass user authentication, escalate privileges and gain root access to devices.

Jan 6, 2025 By Derek B. Johnson

A digitally generated image of yellow data server discs organized into circular pattern is seen against on beige background. (Andriy Onufriyenko via GettyImages)

Plan to resuscitate beleaguered vulnerability database draws criticism

The National Vulnerability Database has ceased some of its work, but some experts fear the formation of a consortium to address its problems lacks sufficient urgency.

Mar 28, 2024 By Tim Starks

Tesla CEO Elon Musk smiles as he addresses guests at the Offshore Northern Seas 2022 (ONS) meeting in Stavanger, Norway on August 29, 2022. (Photo by CARINA JOHANSEN/NTB/AFP via Getty Images)

Twitter’s recommendation algorithm opens platform to manipulation, bot attacks, researcher finds

Twitter's source code apparently revealed how it's possible to game the company's software to reduce access to specific accounts.

Apr 4, 2023 By AJ Vicens

How CISA’s list of ‘must-patch’ vulnerabilities has expanded both in size, and who’s using it

While CISA says the catalog is catching on, some think it needs improvement.

Jun 9, 2022 By Tim Starks

Tim Rudolph, Air Force Life Cycle Management Center chief technology officer, moderates a panel discussion titled “It’s Raining Data Centers” at the MITRE Corporation complex in Bedford, Mass., in 2014. MITRE is under pressure from Congress to change the way it handles the CVE process. (U.S. Air Force / Jerry Saslav)

House panel rips CVE contracting and oversight policies

The industry-wide program for naming and documenting vulnerabilities suffers from fluctuating funding and insufficient oversight, according to a House panel.

Aug 27, 2018 By Sean Lyngaas

China’s vulnerability disclosure system twice as fast as U.S. version

China’s National Vulnerability Database works more than twice as fast on average as its U.S. counterpart, according to new research.

Oct 23, 2017 By Shaun Waterman

Government’s software vulnerability repository is slow to add new cyberthreats, report says

There is a median lag time of approximately seven days between when someone discovers an exploitable software vulnerability and its eventual release on NIST's National Vulnerability Database,…

Jun 7, 2017 By Chris Bing

Software flaw that allowed Stuxnet virus to spread was the most exploited in 2016

Software updates aren’t the cybersecurity silver bullet that some computer experts make them out to be.

Apr 21, 2017 By Chris Bing