Tag: cve
-
Why MITRE’s CVE funding matters more than ever
First seen on scworld.com Jump to article: www.scworld.com/perspective/why-mitres-cve-funding-matters-more-than-ever
-
Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH
Security researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed… First seen on hackread.com Jump to article: hackread.com/researchers-cvss-severity-rce-vulnerability-erlang-otp-ssh/
-
Cybersicherheit Update – – USA setzen Finanzierung des CVE-Programms doch fort
Heute endet die zwischen der US-Regierung und MITRE geschlossene Finanzierung des CVE-Programms, was deutliche Auswirkungen haben könnte. First seen on computerbase.de Jump to article: www.computerbase.de/news/wirtschaft/cybersicherheit-usa-stellen-finanzierung-des-cve-programms-ein.92215
-
CVE Program Cuts Send the Cyber Sector Into Panic Mode
After threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute, extending its government contract for another 11 months. After that, it looks like it’s up to the private sector to find the cash to keep it going. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cve-program-cuts-cyber-sector
-
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/windows-ntlm-vulnerability-exploited-in-multiple-attack-campaigns-cve-2025-24054/
-
CVE-Finanzierung weiterhin gesichert
Tags: cisa, cve, cyber, cybersecurity, docker, google, governance, government, infrastructure, mitre, open-source, technology, tool, usa, vulnerabilityExperten warnten, dass ohne CVE ein Koordinationschaos in der IT-Sicherheit droht. Die CISA scheint sie erhört zu haben.Am 16. April 2025 hatte die Trump-Regierung kurzfristig ein Ende der Finanzierung des weltweit bedeutenden CVE-Programms (Common Vulnerabilities and Exposures), das seit 25 Jahren eine zentrale Rolle in der Cybersicherheitslandschaft spielt, verkündet. Die gemeinnützige Organisation MITRE, die das…
-
Apple released emergency updates for actively exploited flaws
Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out”‘of”‘band security updates to address two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, impacting iOS, iPadOS & macOS. The company confirmed that the flaws have been exploited in a small number of “extremely sophisticated” attacks against iOS targets.…
-
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an OS Command Injection Vulnerability in the SMA100 management interface. A…
-
Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
-
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.”The vulnerability allows an attacker with network access to an Erlang/OTP SSH First…
-
Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
-
CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension
MITRE will be able to keep running the CVE program for at least the next 11 months First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-cve-program-mitre-contract/
-
CVE-2025-31200: Apple Patches Two Actively Exploited Zero-Days
Apple has rolled out critical security updates across its ecosystem, including iOS, iPadOS, macOS Sequoia, tvOS, and visionOS, to address two newly discovered zero-day vulnerabilities that are currently being exploited in real-world attacks. Two Actively Exploited Zero-Day Flaws Patched The… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-31200-zero-days-apple/
-
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, mobile, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection First seen…
-
Finanzierung gestoppt – Das CVE-Programm steht vor dem Aus
Tags: cveFirst seen on security-insider.de Jump to article: www.security-insider.de/us-heimatschutzministerium-cve-programm-finanzierung-ausgelaufen-a-0e6b11b55b78f639e707a1c934e23b52/
-
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.The vulnerabilities in question are listed below -CVE-2025-31200 (CVSS score: 7.5) – A memory corruption vulnerability in the Core Audio framework that could allow code execution…
-
MITRE CVE Program Uncertainty: Mend.io’s commitment to uninterrupted vulnerability protection
Mend.io continues to deliver uninterrupted, multi-source vulnerability protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/mitre-cve-program-uncertainty-mend-ios-commitment-to-uninterrupted-vulnerability-protection/
-
MITRE CVE Program: Einstellung der Finanzierung zum 16. April 2025
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/mitre-cve-program-einstellung-finanzierung-16-april-2025
-
Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal
Tags: advisory, attack, cisa, computer, cve, cybersecurity, data, exploit, government, incident response, infrastructure, mitre, nvd, open-source, risk, tactics, update, vulnerability, vulnerability-managementConcerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation. Background The Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding changes around the MITRE CVE Program. As…
-
CISA funds CVE program in the 11th hour of contract with MITRE
First seen on scworld.com Jump to article: www.scworld.com/news/cisa-funds-cve-program-in-the-11th-hour-of-contract-with-mitre
-
CISA Extends Funding for MITRE CVE Program Just as It was to Expire
First seen on scworld.com Jump to article: www.scworld.com/news/mitre-cve-program-to-shut-down-dealing-cyber-industry-another-blow
-
MITRE support expires for ‘pillar of cybersecurity industry,’ CVE program
First seen on scworld.com Jump to article: www.scworld.com/news/mitre-support-expires-for-pillar-of-cybersecurity-industry-cve-program
-
CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program
MITRE’s U.S.-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. U.S. government funding for MITRE ‘s CVE program, a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption. The 25-year-old program has assigned over 274,000 CVE IDs for public security…
-
Funding Crisis Averted: US Extends CVE Program Support Amid Outcry and Rising Concerns
Tags: cveThe U.S. extends CVE program funding hours before expiration, averting a crisis and prompting moves toward a more sustainable, community-led future. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cybersecurity/cve-program-extended-2025/
-
CISA extends Mitre CVE contract at last moment
The US Cybersecurity and Infrastructure Security Agency has ridden to the rescue of the under-threat Mitre CVE Programme, approving a last-minute, 11-month contract extension to preserve the project’s vital security vulnerability work First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622896/CISA-extends-MITRE-CVE-contract-at-last-moment
-
CVE Foundation pledges continuity after Mitre funding cut
With news that Mitre’s contract to run the world-renowned CVE Programme is abruptly terminating, a breakaway group is setting up a non-profit foundation to try to ensure the project’s continuity First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622835/CVE-Foundation-pledges-continuity-after-MITRE-funding-cut
-
‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program
The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it. First seen on wired.com Jump to article: www.wired.com/story/cve-program-cisa-funding-chaos/
-
CISA Extend Funding to MITRE to Keep CVE Program Running
The Cybersecurity and Infrastructure Security Agency (CISA) has extended funding to the MITRE Corporation, ensuring the continued operation of the Common Vulnerabilities and Exposures (CVE) program, a linchpin of global cybersecurity. Announced late on April 15, 2025, just hours before the program’s funding was set to expire, the 11-month extension averts a crisis that could…
-
CVE Program Almost Unfunded
Mitre’s CVE’s program”, which provides common naming and other informational resources about cybersecurity vulnerabilities”, was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces…