Tag: nvd
-
NIST Declares Pre-2018 CVEs Will Be Labeled as ‘Deferred’
The National Institute of Standards and Technology (NIST) has announced that all Common Vulnerabilities and Exposures (CVEs) with a publication date before January 1, 2018, will now be marked with a >>Deferred
-
NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog
NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them. The post NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/nist-puts-pre-2018-cves-on-back-burner-as-it-works-to-clear-backlog/
-
Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE
No known exploits yet: Neither Endor Labs nor NIST’s NVD entry reported any exploit attempts using CVE-2025-30065 as of publication of this article. Apache silently pushed a fix with the release of 1.15.1 on March 16, 2025, with a GitHub redirect to changes made in the update.Endor Labs advised prompt patching of the vulnerability, which…
-
NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD
The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth. The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/nist-still-struggling-to-clear-vulnerability-submissions-backlog-in-nvd/
-
CVE-2025-24813: Apache Tomcat Vulnerable to RCE Attacks
IntroductionCVE-2025-24813 was originally published on March 10 with a medium severity score of 5.5, and Apache Tomcat released an update to fix it. On March 12, the first attack was detected in Poland by Wallarm researchers, even before a Proof-of-Concept (PoC) was made public. After the PoC was released on March 13 on GitHub and…
-
New Windows zero-day feared abused in widespread espionage for years
.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Intruder Expands ‘Intel’ Vulnerability Intelligence Platform with AI-Generated CVE Descriptions
Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster. Intruder, a leader in attack surface management, has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, Intel. This new feature enhances cybersecurity professionals’ ability to quickly understand and assess vulnerabilities, addressing a…
-
NIST is chipping away at NVD backlog
The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/14/nist-nvd-backlog/
-
NVD Backlog Continues to Grow
Despite getting help, NIST is not keeping up with new vulnerability reports for the National Vulnerabilities Database, according to an analysis from F… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nvd-backlog-continues-to-grow
-
Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more
Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the n… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/making-sense-of-open-source-vulnerability-databases-nvd-osv-and-more/
-
93% of vulnerabilities unanalyzed by NVD since February
New research from VulnCheck shows the NIST’s National Vulnerability Database has struggled to manage a growing number of reported vulnerabilities this… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366586172/93-of-vulnerabilities-unanalyzed-by-NVD-since-February
-
Rising exploitation in enterprise software: Key trends for CISOs
Action1 researchers found an alarming increase in the total number of vulnerabilities across all enterprise software categories. With the NVD’s delay … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/19/exploitation-enterprise-software/
-
NVD-Schwachstellendatenbank: NIST verpflichtet Unternehmen zur Mithilfe
First seen on heise.de Jump to article: www.heise.de/news/NVD-Schwachstellendatenbank-NIST-verpflichtet-Unternehmen-zur-Mithilfe-9756078.html
-
NIST Commits to Plan to Resume NVD Work
The agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-commits-to-plan-resume-nvd-work
-
NVD Update: Help Has Arrived
There’s hope yet for the world’s most beleaguered vulnerability database. The post hope yet for the world’s most beleaguered vulnerability database. T… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/nvd-update-help-has-arrived/
-
NIST says NVD will be back on track by September 2024
The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Com… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/30/nist-nvd-back-on-track/
-
NIST Getting Outside Help for National Vulnerability Database
NIST is receiving support to get the NVD and CVE processing back on track within the next few months. The post receiving support to get the NVD and CV… First seen on securityweek.com Jump to article: www.securityweek.com/nist-getting-outside-help-for-national-vulnerability-database/
-
NVD cutbacks hamper NIST’s vulnerability analysis
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/nvd-cutbacks-hamper-nists-vulnerability-analysis
-
NIST Struggles with NVD Backlog as 93% of Flaws Remain Unanalyzed
The funding cutbacks announced in February have continued to hobble NIST’s ability to keep the government’s National Vulnerabilities Database (NVD) up… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/nist-struggles-with-nvd-backlog-as-93-of-flaws-remain-unanalyzed/
-
The private sector probably isn’t coming to save the NVD
Tags: nvdFirst seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/threat-source-newsletter-april-25-2024/
-
NVD Leaves Exploited Vulnerabilities Unchecked
Over half of CISA’s known exploited vulnerabilities disclosed since February 2024 have not yet been analyzed by NIST’s National Vulnerability Database… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nvd-exploited-vulnerabilities/
-
What’s the deal with the massive backlog of vulnerabilities at the NVD?
Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what … First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/nvd-vulnerability-backlog-the-need-to-know/
-
NVD Update: More Problems, More Letters, Some Questions Answered
We’re not saying the NVD is dead but it’s not looking good. The post t saying the NVD is dead but it’s not looking good. The post t saying the NVD is … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/nvd-update-more-problems-more-letters-some-questions-answered/
-
Experts Warn the NVD Backlog Is Reaching a Breaking Point
Federal Database Nears 10,000 Unanalyzed Vulnerabilities Amid Halt in Operations. The National Vulnerability Database is currently suffering from a ba… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/experts-warn-nvd-backlog-reaching-breaking-point-a-25191
-
RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-launches-vulnrichment-program/
-
#RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-launches-vulnrichment-program/
-
Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation
An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/open-letter-nist-restore-nvd/
-
NVD’s Backlog Triggers Public Response from Cybersec Leaders
The National Vulnerability Database (NVD) has been experiencing a mounting backlog in enriching CVEs. Learn more about what’s happening. The post onal… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/nvds-backlog-triggers-public-response-from-cybersec-leaders/
-
NIST Wants Help Digging Out of Its NVD Backlog
First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-needs-help-digging-out-of-its-vulnerability-backlog