CVE Program
-
Researchers warn of DOM-based extension clickjacking in password managers
Security researchers at DEF CON 33 revealed a DOM-based extension clickjacking flaw affecting popular password-manager browser extensions, capable of stealing credentials, 2FA codes, and more with a single click on a malicious page; Bitwarden has issued a fix, and others are in progress, with guidance to disable auto-fill until patches are deployed.
-
Significant Vulnerabilities Discovered in Tridium’s Niagara Framework
Researchers have discovered multiple critical vulnerabilities in Tridium’s Niagara Framework, a platform widely used in building management, which could allow attackers to compromise systems on the same network. These vulnerabilities have high CVSS scores and can lead to unauthorized access and operational disruptions.
-
Crisis in CVE Funding Sparks Urgent Rethink in Vulnerability Management
The funding crisis affecting the Common Vulnerabilities and Exposures (CVE) program has prompted urgent reassessments in how organizations manage vulnerabilities, highlighting the necessity for adapting security strategies amid a surge in disclosed vulnerabilities and evolving threats.
-
Cybersecurity Community Breathes a Sigh of Relief as CVE Database Funding Extended
The cybersecurity community expressed relief following an 11-month funding extension for the CVE database, which will continue operations after concerns of a shutdown. Industry leaders stress the importance of establishing a long-term plan for its future to maintain effective vulnerability management.
-
Future of CVE Program in Jeopardy: Cybersecurity Community Calls for Stability
The CVE Program faces potential instability as US government funding decreases, raising concerns within the cybersecurity community about future preparedness and response to vulnerabilities. Experts stress the importance of this critical program and call for stable governance to mitigate risks.
-
Exploitation of Vulnerabilities on the Rise: 159 CVEs Flagged in Q1 2025
A recent report reveals that 159 CVEs were flagged as exploited in Q1 2025, highlighting a growing trend in vulnerability exploitation within cybersecurity. Urgent actions are needed to mitigate such risks amid rising threats.
-
Future of CVE Program in Question Amid Funding Concerns
The Common Vulnerabilities and Exposures (CVE) Program is at a crossroads as funding concerns arise, prompting discussions on its future management and governance amidst a backdrop of rising vulnerabilities.
