CVE Archives

Federal audit reveals NIST’s NVD is plagued by poor planning and duplication

A report from the Commerce Inspector General details how mismanagement allowed a backlog of 27,000 unprocessed security flaws to grow unchecked, while the agency duplicated work with…

5 days ago By Greg Otto

NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities

The National Vulnerability Database will now only analyze vulnerabilities in critical software, systems used in the federal government and those under active exploitation.

Apr 15, 2026 By Matt Kapko

GCVE launches as a decentralized system for tracking software vulnerabilities

The new system emerges after repeated funding crises exposed the fragility of the 25-year-old CVE program that cybersecurity defenders worldwide depend on.

Jan 21, 2026 By Greg Otto

CISA’s secure-software buying tool had a simple XSS vulnerability of its own

A researcher who discovered the vulnerability said it was fixed in December, after he first reported it to the agency in September.

Jan 15, 2026 By Tim Starks

Behind the struggle for control of the CVE program

Following a funding scare that nearly shuttered the CVE program, outside experts and CISA are positioning to take charge of the 25-year-old system before the next funding…

Oct 20, 2025 By Cynthia Brumfield

From left, Tanium’s Sam Kinch, GDIT’s Matt Hayden, the Commerce Department’s Ryan Higgins, and CISA’s Chris Butera take part in a panel discussion at a GDIT event on Sept. 4, 2025 in Washington, D.C. (Scoop News Group photo)

AI can help track an ever-growing body of vulnerabilities, CISA official says

Artificial intelligence was a recurring theme among federal leaders who spoke at a GDIT event held Thursday.

Sep 4, 2025 By Tim Starks

Fortinet office in Burnaby, BC, Canada, July 7, 2023. (Getty Images)

Fortinet SIEM issue coincides with spike in brute-force traffic against company’s SSL VPNs

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s…

Aug 13, 2025 By Matt Kapko

Citrix offices, California — Citrix offices in Santa Clara, California. (Getty Images)

CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe

The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.

Jul 14, 2025 By Matt Kapko

Dems want watchdog study of two troubled federally-funded vulnerability tracking initiatives

The CVE program publishes standardized information about known cyber vulnerabilities, while the NVD is a storehouse for vulnerability management data.

Jun 11, 2025 By Tim Starks

Future-ready cybersecurity: Lessons from the MITRE CVE crisis

The domino effect of CVE disruption is something all cybersecurity practitioners must be aware of, a Morphisec executive argues.

Jun 3, 2025 By Brad LaPorte