1,736 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of December 8, 2025

https://cisa.gov/news-events/bulletins/sb25-349

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

GPT-5.2-Codex: nowy standard w programowaniu – bezpieczeństwo i jakość w kodzie

Czy model, który pisze kod szybciej niż junior po kawie, nauczył się wreszcie mówić „nie” wtedy, kiedy trzeba? OpenAI dorzuciło addendum do karty systemowej GPT-5.

Czytaj dalej:
https://pressmind.org/gpt-52-codex-nowy-standard-w-programowaniu-bezpieczenstwo-i-jakosc-w-kodzie/

#PressMindLabs #asystentprogramisty #bezpieczenstwokodu #codeql #cwe #gpt52codex

816 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of December 1, 2025

https://www.cisa.gov/news-events/bulletins/sb25-342

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

#CWE 4.19 is now available! This latest release includes 1 new view to support the release of the “2021 CWE Top 25 Most Dangerous Software Weaknesses,” 1 new view for the “OWASP Top Ten 2025,” + continued CWE content usability improvements

https://cwe.mitre.org/news/archives/news2025.html#december11_CWE_Version_4_19_Now_Available

The 2025 #CWE Top 25 Most Dangerous #Software Weaknesses list is now available!

See the the most severe and prevalent weaknesses behind the 39,080 #CVE Records in this year’s dataset. Take a look and share your thoughts!

https://cwe.mitre.org/top25/

468 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of November 24, 2025

https://www.cisa.gov/news-events/bulletins/sb25-335

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

“CNA Enrichment Recognition” - 256 CNAs on the list for December 1, 2025

Published monthly, this list recognizes those CVE Numbering Authorities (#CNAs) actively providing #CVSS and #CWE vulnerability data in their #CVE Records

https://medium.com/@cve_program/vulnerability-data-enrichment-for-cve-records-256-cnas-on-the-enrichment-recognition-list-for-2e488b7c9062

733 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of November 17, 2025

https://cisa.gov/news-events/bulletins/sb25-328

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

#CWE User Experience Working Group (UEWG) members — Reminder that our next meeting is Wednesday, 11/19/2025, at 12:00-1:00PM EST

Topic:
- CWE Corpus Completeness

Join CWE UEWG: https://bit.ly/3CIylfz

Hardware #CWE SIG members—Reminder that our next meeting is Friday, 11/14/2025, at 12:30-1:30 PM EST (16:30 – 17:30 UTC)

Topic:
- Review: “Formation of RTL Weakness Ad-Hoc Working Group”

Join #HW SIG: http://bit.ly/3SCkqyk

“CNA Enrichment Recognition” - 252 CNAs on the list for November 3, 2025

Published monthly, this list recognizes those CVE Numbering Authorities (#CNAs) actively providing #CVSS and #CWE vulnerability data in their #CVE Records

https://medium.com/@cve_program/vulnerability-data-enrichment-for-cve-records-252-cnas-on-the-enrichment-recognition-list-for-7f91233b7b6b

“CNA Enrichment Recognition” - 252 CNAs on the list for October 6, 2025

Published monthly, this list recognizes those CVE Numbering Authorities (#CNAs) actively providing #CVSS and #CWE vulnerability data in their #CVE Records

https://medium.com/@cve_program/vulnerability-data-enrichment-for-cve-records-252-cnas-on-the-enrichment-recognition-list-for-db09abac48ac

Hardware #CWE SIG members—Reminder that our next meeting is Friday, 10/10/2025, at 12:30-1:30 PM EDT (16:30 – 17:30 UTC)

Topic:
- Review HW submission: “Improper Request Propagation before Data Reception in Write Transactions in a Bus Architecture”

Join #HW SIG: http://bit.ly/3SCkqyk

New on the #CWE Blog:
“2025 CWE™ Most Important Hardware Weaknesses” Now Available

https://medium.com/@CWE_CAPEC/2025-cwe-most-important-hardware-weaknesses-now-available-2bbe29f85b1a

#hardware #hw #informationtechnology #informationsecurity #cybersecurity

1,064 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of September 22, 2025

https://cisa.gov/news-events/bulletins/sb25-272

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

1,214 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of September 15, 2025

https://www.cisa.gov/news-events/bulletins/sb25-265

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

840 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of September 8, 2025

https://cisa.gov/news-events/bulletins/sb25-258

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

OWASP Top Ten 2021 через простые примеры на Java. И немного про SAST

В этой статье мы расскажем про категории OWASP Top Ten 2021 через призму срабатываний Java анализатора PVS-Studio. Так что, если у вас есть желание посмотреть на возможные паттерны уязвимостей в Java коде или узнать, что из себя представляют категории OWASP Top Ten, приятного чтения!

https://habr.com/ru/companies/pvs-studio/articles/947332/

#owasp_top10 #pvsstudio #статистический_анализ #java #примеры_кода #информационная_безопасность #cwe #cve #owasp #sast

„#FileUpload done.“ Wirklich? Doch was ist mit Path Traversal, unsicheren temp files & #Logging? @svenruppert zeigt, wie #Java Uploads mit #Vaadin Flow & NIO sicher werden - gegen CWE-22 #CWE-377 & CWE-778.

Lese: https://javapro.io/de/erstellen-einer-einfachen-datei-up-download-anwendung-mit-vaadin-flow/

#SecureCoding #WebDev #DevSecOps @vaadin

994 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of September 1, 2025

https://www.cisa.gov/news-events/bulletins/sb25-251

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA