InfoSecBulletin Cybersecurity for mankind
MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The nonprofit published its latest ranking of the Top 25 Most Dangerous Software Weaknesses on November 20, highlighting critical flaws from the Common Weakness Enumeration (CWEs) catalog between June 2023 and June 2024.
CWE is a list of common software weaknesses in code, design, or architecture that can lead to vulnerabilities, which are cataloged in the CVE database.
New Ransomware Tactics Target VMware ESXi Via SSH Tunneling
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass
CISA Releases 6 ICS Advisories Detailing Security Issues
Account Credentials for Security Vendors Found on Dark Web: Cyble Report
Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns
GitLab Releases Patch (CVE-2025-0314) for XSS Exploit
CVE-2025-20156
Cisco Fixes Meeting Management Allowing Privilege Escalation
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
MITRE reviewed 31,770 CVEs from 2023 and 2024 to determine the criticality level of software weaknesses that needed re-mapping analysis.
MITRE assigned scores to each weakness based on severity and how often they are exploited, particularly focusing on security flaws in the CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Cross-site scripting, or CWE-79, ranked first this year with a score of 56.92 and three known exploited vulnerabilities. It replaced last year’s most dangerous CWE, ‘Out-of-bounds Write’ (CWE-787), which had 18 known exploited vulnerabilities and a score of 45.20.
SQL Injection, or ‘Improper Neutralization of Special Elements used in an SQL Command’ (CWE-89), ranks third with a score of 35.88 and has four known exploited vulnerabilities.
MITRE stated that the ranking is a useful resource for developers and security professionals and acts as a strategic guide for organizations looking to make informed decisions about software, security, and risk management investments.
“Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses in development and procurement processes helps prevent vulnerabilities at the core of the software lifecycle,” the organization added.
The nonprofit works with CISA on the CVE and CWE programs. CISA regularly issues alerts highlighting common software vulnerabilities, despite effective solutions being available.
