Filter
Exclude
Time range
-
Near
Loginsoft
 @Loginsoft_Inc
May 11
๐—ก๐—œ๐—ฆ๐—ง ๐—ท๐˜‚๐˜€๐˜ ๐—ฐ๐—ต๐—ฎ๐—ป๐—ด๐—ฒ๐—ฑ ๐˜๐—ต๐—ฒ ๐—ฟ๐˜‚๐—น๐—ฒ๐˜€ ๐—ผ๐—ป ๐—ก๐—ฉ๐—— ๐—ฒ๐—ป๐—ฟ๐—ถ๐—ฐ๐—ต๐—บ๐—ฒ๐—ป๐˜. Here's what it means for your vulnerability management. As of April 15, NIST will only fully enrich CVEs in three categories: CISA KEV entries, federal government software, and critical software under EO 14028. ๐—˜๐˜ƒ๐—ฒ๐—ฟ๐˜†๐˜๐—ต๐—ถ๐—ป๐—ด ๐—ฒ๐—น๐˜€๐—ฒ? ๐— ๐—ฎ๐—ฟ๐—ธ๐—ฒ๐—ฑ "๐—ก๐—ผ๐˜ ๐—ฆ๐—ฐ๐—ต๐—ฒ๐—ฑ๐˜‚๐—น๐—ฒ๐—ฑ." Including the ๐—ฒ๐—ป๐˜๐—ถ๐—ฟ๐—ฒ ๐—ฝ๐—ฟ๐—ฒ-๐— ๐—ฎ๐—ฟ๐—ฐ๐—ต ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ ๐—ฏ๐—ฎ๐—ฐ๐—ธ๐—น๐—ผ๐—ด. The numbers tell the story: โ†’ ๐—–๐—ฉ๐—˜ ๐˜€๐˜‚๐—ฏ๐—บ๐—ถ๐˜€๐˜€๐—ถ๐—ผ๐—ป๐˜€ ๐˜‚๐—ฝ ๐Ÿฎ๐Ÿฒ๐Ÿฏ% since 2020 โ†’ ๐Ÿฐ๐Ÿฎ,๐Ÿฌ๐Ÿฌ๐Ÿฌ ๐—–๐—ฉ๐—˜๐˜€ ๐—ฒ๐—ป๐—ฟ๐—ถ๐—ฐ๐—ต๐—ฒ๐—ฑ ๐—น๐—ฎ๐˜€๐˜ ๐˜†๐—ฒ๐—ฎ๐—ฟ a record and still not enough โ†’ ๐—ค๐Ÿญ ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ ๐—ฎ๐—น๐—ฟ๐—ฒ๐—ฎ๐—ฑ๐˜† ๐—ฟ๐˜‚๐—ป๐—ป๐—ถ๐—ป๐—ด ๐Ÿฏ๐Ÿฏ% ๐—ฎ๐—ต๐—ฒ๐—ฎ๐—ฑ of last year If your vulnerability management was built assuming comprehensive NVD enrichment, you now have a blind spot. An unenriched CVE is just a number with ๐—ป๐—ผ ๐—–๐—ฉ๐—ฆ๐—ฆ ๐˜€๐—ฐ๐—ผ๐—ฟ๐—ฒ, ๐—ป๐—ผ ๐—–๐—ฃ๐—˜ ๐—บ๐—ฎ๐—ฝ๐—ฝ๐—ถ๐—ป๐—ด, ๐—ฎ๐—ป๐—ฑ ๐—ป๐—ผ ๐˜„๐—ฎ๐˜† ๐˜๐—ผ ๐—ฎ๐˜‚๐˜๐—ผ๐—บ๐—ฎ๐˜๐—ถ๐—ฐ๐—ฎ๐—น๐—น๐˜† ๐—ฎ๐˜€๐˜€๐—ฒ๐˜€๐˜€ ๐—ฟ๐—ถ๐˜€๐—ธ. At ๐—Ÿ๐—ผ๐—ด๐—ถ๐—ป๐˜€๐—ผ๐—ณ๐˜, we've spent 18 years building deep cybersecurity expertise and proprietary vulnerability intelligence from first principles. ๐—Ÿ๐—ข๐—ฉ๐—œ ๐—ฒ๐—ป๐—ฟ๐—ถ๐—ฐ๐—ต๐—ฒ๐˜€ ๐—–๐—ฉ๐—˜ ๐—ฑ๐—ฎ๐˜๐—ฎ ๐˜„๐—ถ๐˜๐—ต ๐—”๐—œ-๐—ฝ๐—ผ๐˜„๐—ฒ๐—ฟ๐—ฒ๐—ฑ ๐˜๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐˜€๐—ฐ๐—ผ๐—ฟ๐—ฒ๐˜€, ๐—˜๐—ฃ๐—ฆ๐—ฆ ๐—ฐ๐—ผ๐—ฟ๐—ฟ๐—ฒ๐—น๐—ฎ๐˜๐—ถ๐—ผ๐—ป, ๐—ฒ๐˜…๐—ฝ๐—น๐—ผ๐—ถ๐˜ ๐—บ๐—ฎ๐˜๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ฎ๐—ป๐—ฎ๐—น๐˜†๐˜€๐—ถ๐˜€, ๐—ฎ๐—ป๐—ฑ ๐—ฝ๐—ฟ๐—ฒ-๐—ก๐—ฉ๐—— ๐—ถ๐—ป๐˜€๐—ถ๐—ด๐—ต๐˜๐˜€ independent of whether NIST gets to it or not. The era of relying on a single source of truth is over. Your security stack shouldn't have to wait for enrichment that may never come. ๐—ฆ๐˜๐—ฎ๐—ฟ๐˜ ๐˜†๐—ผ๐˜‚๐—ฟ ๐—™๐—ฟ๐—ฒ๐—ฒ ๐—ง๐—ฟ๐—ถ๐—ฎ๐—น ๐—ก๐—ผ๐˜„: vi.loginsoft.com/sign-up #Cybersecurity #NVD #NIST #CVE #NVDEnrichment #CVEBacklog #NVD2026 #CISAKEV #LOVI #VulnerabilityManagement #Loginsoft #VulnerabilityIntelligence #CVSSScore #PatchPrioritization #NotScheduled #CVEEnrichment
2
3
61
El Mapache @trashp4ndasec
21 Sep 2024
Iโ€™m gonna submit this #CVE: If an attacker can gain physical access to the device they will be able to install a small explosive device and use it to cause a denial of service. AV:P/AC:H/PR:N/UI:N/C:N/I:N/A:H #CVSSscore 4.2 #CVSS3.0
1
4
128
Tarnkappe.info @tarnkappe_info
30 Aug 2022
๐Ÿ“ฌ Bitbucket: Kritische Sicherheitslรผcke gefรคhrdet Unternehmen #Hacking #Malware #Softwareentwicklung #Atlassian #BitbucketDataCenter #BitbucketMesh #BitbucketServer #CVSSScore #รถffentlicheRepositories #TheGrandPew tarnkappe.info/softwareentwiโ€ฆ
1
Greg Slabodkin @Slabodkin
9 Mar 2022
FDA warns of #cybersecurityvulnerabilities in #medicaldevice #software components. #CISA has given several of the vulnerabilities a #CVSSscore of 9.8 out of 10 (critical severity). bit.ly/3tHtMNN #medtech #medicaldevices #cybersecurity #cyber #Access7 #IoT #IoMT #CVSS
1
1
Taslet Security @TasletCom
5 Jul 2020
The #vulnerability, #CVE20205902 , rated as critical, #CVSSscore of 10 out of 10, let remote #attackers take complete control of the targeted systems, eventually gaining #surveillance over the #application data they manage #F5 #BigIP #ApplicationSecurity thehackernews.com/2020/07/f5โ€ฆ
1
Florian Hansemann @CyberWarship
1 Jul 2019
Show me your first CVE! Format: %CVE; %Software; %CVSSScore: %shortDescription %nvdLink #infosec #CVE #research
4
4
13
Load more