InfoSecBulletin Cybersecurity for mankind
MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The nonprofit published its latest ranking of the Top 25 Most Dangerous Software Weaknesses on November 20, highlighting critical flaws from the Common Weakness Enumeration (CWEs) catalog between June 2023 and June 2024.
CWE is a list of common software weaknesses in code, design, or architecture that can lead to vulnerabilities, which are cataloged in the CVE database.
Sleeping Beauty
Researchers Bypassed CrowdStrike Falcon Sensor partially
CVE-2025-22224
41,500+ VMware ESXi Instances Vulnerable to Attacks
Register Now
AI Engineering Hackathon: Registration Open
Cisco alerts about a Webex flaw that exposes credentials
NVIDIA Issues Warning of Multiple Vulnerabilities
Update Now
Chrome 134 Released, Fixes 14 Vulnerabilities
Broadcom Patches 3 VMware Zero-Days Exploited In Attacks
Singapore issues new guidelines for data center and cloud services
Update Alert!
Google Warns of Critical Android Vulns Under Attack
CISA adds Cisco and Windows vulns as actively exploited
MITRE reviewed 31,770 CVEs from 2023 and 2024 to determine the criticality level of software weaknesses that needed re-mapping analysis.
MITRE assigned scores to each weakness based on severity and how often they are exploited, particularly focusing on security flaws in the CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Cross-site scripting, or CWE-79, ranked first this year with a score of 56.92 and three known exploited vulnerabilities. It replaced last year’s most dangerous CWE, ‘Out-of-bounds Write’ (CWE-787), which had 18 known exploited vulnerabilities and a score of 45.20.
SQL Injection, or ‘Improper Neutralization of Special Elements used in an SQL Command’ (CWE-89), ranks third with a score of 35.88 and has four known exploited vulnerabilities.
MITRE stated that the ranking is a useful resource for developers and security professionals and acts as a strategic guide for organizations looking to make informed decisions about software, security, and risk management investments.
“Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses in development and procurement processes helps prevent vulnerabilities at the core of the software lifecycle,” the organization added.
The nonprofit works with CISA on the CVE and CWE programs. CISA regularly issues alerts highlighting common software vulnerabilities, despite effective solutions being available.
