Blog
What's new in SecDB 24.12
This new version of SecDB brings new features and improvements. Added support for CISA Vulnrichment and SSVC The CISA Vulnrichment project is the public repository of CISA's enrichment of public CVE records through CISA's ADP (Authorized Data Publisher) container. SecDB uses data from the Vulnric...
# SecDB # Security Advisory # CVE # SSVC # STIX # Badges # Charts
2024 CWE Top 25 Most Dangerous Software Weaknesses
MITRE has published the 2024 CWE Top 25 Most Dangerous Software Weaknesses list (aka CWE™ Top 25), based on an analysis of 31,770 CVEs published in this year’s dataset. This year’s dataset included 31,770 CVE Records for vulnerabilities published between June 1, 2023 and June 1, 2024. Data was ini...
# CWE # Weakness # Top25
What's new in SecDB 24.8
This new version of SecDB brings new features and improvements. Added CVSS v4.0 support Last November 2023, the final specifications for CVSS v4.0 were released by FIRST and organizations and vendors began adopting the new standard for determining vulnerability severity. In late June 2024, NIST...
# SecDB # CVSS # Utility # Calculator # Docs # API # TelegramBot
CWE 4.14 is available
MITRE has released version 4.14 of the Common Weakness Enumeration (CWE) with a new weakness for "Hardware Micro Architectures", a view for "ISA/IEC 62443 Requirements", and new demonstrative examples from "HACK@DAC". Changes in 4.14 New Waknesses: CWE-1420: Exposure of Sensitive Information du...
# CWE # Weakness
What's new in SecDB 24.2
This new version of SecDB brings new features and improvements. Polished UI, improved support for EPSS, Web & Social references (from Reddit and Mastodon) in CVEs, new Security Advisories and sections (NASL & NVT and Packages), and much more. Improved the EPSS (Exploit Prediction Scoring System) s...
# SecDB
What's new in SecDB 22.11 - EPSS, Packages & Software, new Security Advisory feeds... and more!
Notable changes in SecDB Introduced the Exploit Prediction Scoring System (EPSS) Added the Exploit Prediction Scoring System (EPSS) score in all tables and CVE pages. The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a sof...
# SecDB # EPSS # CVE # Security Advisory
2022 CWE Top 25 Most Dangerous Software Weaknesses
MITRE has published the 2022 CWE Top 25 Most Dangerous Software Weaknesses list (aka CWE™ Top 25), based on an analysis of 38000 CVEs published from the previous two years. To create the list, the CWE Team leveraged Common Vulnerabilities and Exposures (CVE®) data found within the National Institu...
# CWE # Weakness # Top25
CISA Adds 34 Known Exploited Vulnerabilities to Catalog
Cybersecurity & Infrastructure Security Agency (CISA) has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. https://www.cisa.gov/uscert/ncas/current-activity/2022/05/25/cisa-adds-34-known-exploited-vulnerabilities-catalog ...
# CISA
CISA Adds 20 Known Exploited Vulnerabilities to Catalog
Cybersecurity & Infrastructure Security Agency (CISA) has added 20 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. https://www.cisa.gov/uscert/ncas/current-activity/2022/05/24/cisa-adds-20-known-exploited-vulnerabilities-catalog ...
# CISA
CSIRT Publish 71 known vulnerabilities based on evidence of active exploitation
Computer Security Incident Response Team - Italia (CSIRT) has published 71 known vulnerabilities based on evidence of active exploitation. https://www.csirt.gov.it/contenuti/analisi-delle-principali-vulnerabilita-sfruttate-in-campagne-cyber-pubblicamente-attribuite-ad-attori-di-matrice-russa-e-rela...
# CSIRT # ACN
Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)
tl;dr nmap-log4shell (https://github.com/giterlizzi/nmap-log4shell) is a NSE script for discovery Apache Log4j RCE (CVE-2021-44228) vulnerability across the network. The script is able to inject the log4shell exploit payload via HTTP Headers (default) or via TCP/UDP socket. Vulnerability CVE-2021...
# Nmap # NSE # Log4Shell # Vulnerability # CVE-2021-44228