Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security feature bypass flaw.

The bug is described as a security bypass flaw: “Reliance on untrusted inputs in a security decision in Microsoft Office ...

By the time of CVE's launch, ISS (later acquired by IBM) maintained a fully public VDB, as of August 1997. A company I helped found, Repent Security Inc., also offered a commercial subscription to a ...

CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to ...

A new vulnerability database has launched in the EU, in a bid to reduce dependence on the U.S. program. Here's what you need ...

A new patch fixes six important GitLab flaws ...

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks ...

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM ...

The CVE security program used to track vulnerabilities in both hardware and software has had its federal funding removed with immediate effect. Apple is one of a number of tech giants who rely on the ...

CISA added VMware vCenter vulnerability CVE-2024-37079 to its KEV list after confirmed in-the-wild exploitation, urging ...

Forbes contributors publish independent expert analyses and insights. Kate O’Flaherty is a cybersecurity and privacy journalist. U.S. President Donald Trump has cut funding for the global database of ...

CVE funding gets last-minute funding reprieve A MITRE head told CVE board members that government funding is about to expire Some have called the move "reckless and ignorant" US government funding for ...