Reading view

↗️

How we set the standard for transparency and trust | Kaspersky official blog

✇Kaspersky official blog
By: Eugene Kaspersky

The life of a modern head of information security (also known as CISO – Chief Information Security Officer) is not just about fighting hackers. It’s also an endless quest that goes by the name of “compliance”. Regulators keep tightening the screws, standards pop up like mushrooms, and headaches only get worse; but wait… – there’s more: CISOs are responsible not only for their own perimeter, but what goes on outside it too: for their entire supply chain, all their contractors, and the whole hodge-podge of software their business processes run on. Though the logic here is solid, it’s also unfortunately ruthless: if a hole is found at your supplier, but the problems hit you, in the end it’s you who’s held accountable. This logic applies to security software too.

Back in the day, companies rarely thought about what was actually inside the security solutions and products they used. Now, however, businesses – especially large ones – want to know everything: what’s really inside the box? Who wrote the code? Is it going to break some critical function or could it even bring everything down? (We’ve seen such precedents; example: the Crowdstrike 2024 update incident.) Where and how is data processed? And these are the right questions to ask.

The problem lies in the fact that almost all customers trust their vendors to answer accurately when asked such questions – very often because they have no other choice. A more mature approach in today’s cyber-reality is to verify.

In corporate-speak this is called supply-chain trust, and trying to solve this puzzle on your own is a serious headache. You need help from vendors. A responsible vendor is ready to show what’s under the hood of its solutions, to open up the source code to partners and customers for review, and, in general, to earn trust not with nice slides but with solid, practical steps.

So who’s already doing this, and who’s still stuck in the past? A fresh, in-depth study from our colleagues in Europe has the answer. It was conducted by the respected testing lab AV-Comparatives, the Tyrol Chamber of Commerce (WKO), the MCI Entrepreneurial School, and the law firm Studio Legale Tremolada.

The main conclusion of the study is that the era of “black boxes” in cybersecurity is over. RIP. Amen. The future belongs to those who don’t hide their source code and vulnerability reports, and who give customers maximum choice when configuring their products. And the report clearly states who doesn’t just promise but actually delivers. Guess who!…

What a great guess! Yes – it’s us!

We give our customers something that is still, unfortunately, a rare and endangered species in the industry: transparency centers, source code reviews of our products, a detailed software bill of materials (SBOM), and the ability to check update history and control rollouts. And of course we provide everything that’s already become the industry standard. You can study all the details in the full “Transparency and Accountability in Cybersecurity” (TRACS) report, or in our summary. Below, I’ll walk through some of the most interesting bits.

Not mixing apples and oranges

TRACS reviewed 14 popular vendors and their EPP/EDR products – from Bitdefender and CrowdStrike to our EDR Optimum and WithSecure. The objective was to understand which vendors don’t just say “trust us”, but actually let you verify their claims. The study covered 60 criteria: from GDPR (General Data Protection Regulation – it’s a European study after all) compliance and ISO 27001 audits, to the ability to process all telemetry locally and access a product’s source code. But the authors decided not to give points for each category or form a single overall ranking.

Why? Because everyone has different threat models and risks. What is a feature for one may be a bug and a disaster for another. Take fast, fully automatic installation of updates. For a small business or a retail company with thousands of tiny independent branches, this is a blessing: they’d never have enough IT staff to manage all of that manually. But for a factory where a computer controls the conveyor it would be totally unacceptable. A defective update can bring a production line to a standstill, which in terms of business impact could be fatal (or at least worse than the recent Jaguar Land Rover cyberattack); here, every update needs to be tested first. It’s the same story with telemetry. A PR agency sends data from its computers to the vendor’s cloud to participate in detecting cyberthreats and get protection instantly. Perfect. A company that processes patients’ medical records or highly classified technical designs on its computers? Its telemetry settings would need to be reconsidered.

Ideally, each company should assign “weights” to every criterion, and calculate its own “compatibility rating” with EDR/EPP vendors. But one thing is obvious: whoever gives customers choices, wins.

Take file reputation analysis of suspicious files. It can work in two ways: through the vendor’s common cloud, or through a private micro-cloud within a single organization. Plus there’s the option to disable this analysis altogether and work completely offline. Very few vendors give customers all three options. For example, “on-premise” reputation analysis is available from only eight vendors in the test. It goes without saying we’re one of them.

Raising the bar

In every category of the test the situation is roughly the same as with the reputation service. Going carefully through all 45 pages of the report, we’re either ahead of our competitors or among the leaders. And we can proudly say that in roughly a third of the comparative categories we offer significantly better capabilities than most of our peers. See for yourself:

Visiting a transparency center and reviewing the source code? Verifying that the product binaries are built from this source code? Only three vendors in the test provide these things. And for one of them – it’s only for government customers. Our transparency centers are the most numerous and geographically spread out, and offer customers the widest range of options.

The opening of our first transparency center back in 2018

The opening of our first transparency center back in 2018

Downloading database updates and rechecking them? Only six players – including us – provide this.

Configuring multi-stage rollout of updates? This isn’t exactly rare, but it’s not widespread either – only seven vendors besides us support it.

Reading the results of an external security audit of the company? Only we and six other vendors are ready to share this with customers.

Breaking down a supply chain into separate links using an SBOM? This is rare too: you can request an SBOM from only three vendors. One of them is the green-colored company that happens to bear my name.

Of course, there are categories where everyone does well: all of them have successfully passed an ISO/IEC 27001 audit, comply with GDPR, follow secure development practices, and accept vulnerability reports.

Finally, there’s the matter of technical indicators. All products that work online send certain technical data about protected computers, and information about infected files. For many businesses this isn’t a problem, and they’re glad it improves effectiveness of protection. But for those seriously focused on minimizing data flows, AV-Comparatives measures those too – and we just so happen to collect the least amounts of telemetry compared to other vendors.

Practical conclusions

Thanks to the Austrian experts, CISOs and their teams now have a much simpler task ahead when checking their security vendors. And not just the 14 that were tested. The same framework can be applied to other security solution vendors and to software in general. But there are strategic conclusions too…

Transparency makes risk management easier. If you’re responsible for keeping a business running, you don’t want to guess whether your protection tool will become your weak point. You need predictability and accountability. The WKO and AV-Comparatives study confirms that our model reduces these risks and makes them manageable.

Evidence instead of slogans. In this business, it’s not enough to be able write “we are secure” on your website. You need audit mechanisms. The customer has to be able to drop by and verify things for themselves. We provide that. Others are still catching up.

Transparency and maturity go hand in hand. Vendors that are transparent for their customers usually also have more mature processes for product development, incident response, and vulnerability handling. Their products and services are more reliable.

Our approach to transparency (GTI) works. When we announced our initiative several years ago and opened Transparency Centers around the world, we heard all kinds of things from critics – like that it was a waste of money and that nobody needed it. Now independent European experts are saying that this is how a vendor should operate in 2025 and beyond.

It was a real pleasure reading this report. Not just because it praises us, but because the industry is finally turning in the right direction – toward transparency and accountability.

We started this trend, we’re leading it, and we’re going to keep pioneering within it. So, dear readers and users, don’t forget: trust is one thing; being able to fully verify is another.

  •  
  • ↗️
↗️

Why Effective CTEM Must be an Intelligence-Led Program

✇Threat Intelligence Blog | Flashpoint
By: Flashpoint

Blogs

Blog

Why Effective CTEM Must be an Intelligence-Led Program

Continuous Threat Exposure Management (CTEM) is a continuous program and operational framework, not a single pre-boxed platform. Flashpoint believes that effective CTEM must be intelligence-led, using curated threat intelligence as the operational core to prioritize risk and turn exposure data into defensible decisions.

SHARE THIS:
Default Author Image
January 6, 2026

Continuous Threat Exposure Management (CTEM) is Not a Product

Since Gartner’s introduction of CTEM as a framework in 2022, cybersecurity vendors have engaged in a rapid “productization” race. This has led to inconsistent market definitions, with a variety of vendors from vulnerability scanners to Attack Surface Management (ASM) providers now claiming to be an “exposure management” solution.

The current approach to productizing CTEM is flawed. There is no such thing as a single “exposure management platform.” The enterprise reality is that most enterprises buy three or more products just to approximate what CTEM promises in theory. Even with these technologies, organizations still require heavy lifting with people, process, and custom integrations to actually make it work.

The Exposure Stack: When One Platform Becomes Three (or More)

A functional CTEM approach typically requires multiple platforms or tools, including: 

  • Continuous Penetration/Exploitation Testing & Attack Path Analysis for continuous pentesting, attack path validation, and hands-on exposure validation.
  • Vulnerability and Exposure Management for vulnerability scanning, exposure scoring, and asset risk views.
  • Intelligence for deep, curated vulnerability, compromised credentials, card fraud, and other forms of intelligence that goes far beyond the scope of technology-based “management platforms”.

In some cases, organizations may also use an ASM vendor for shadow IT discovery, a CMDB for asset context, and ticketing integrations to drive remediation. This multi-platform model is the rule, not the exception. And that raises a hard truth: if you need three or more products, plus a dedicated team to implement CTEM, you need an intelligence-led CTEM program.

CTEM is an Operational Discipline, Not a Single Product

The narrative that CTEM can be packaged into a single product breaks down for three critical reasons:

1. CTEM is a Program, Not a Platform

You cannot buy a capability that requires full-stack asset visibility, contextualized threat actor data, real-world validation, and remediation orchestration from one tool. Each component spans a different domain of expertise and data. A vulnerability scanner, alone, cannot validate exploitability, a pentest service has a tough time scaling to daily monitoring, and generic threat intelligence feeds cannot provide critical business context.

However, CTEM requires orchestration of all these components in one operational loop. No single product delivers this comprehensively out of the box; this is why CTEM must be viewed as a continuous program, not a one-size-fits-all product.

2. Human Expertise is Irreplaceable

Vendors often advertise automation, however, key intelligence functions are still powered by and reliant on human analysis. Even with best-in-class AI tools in place, security teams are depending on human insights for:

  • Triaging noisy CVE lists
  • Cross-referencing exposure data with asset inventories
  • Manually validating if risks are real
  • Prioritizing based on threat intelligence and internal context
  • Writing custom logic and integrations to bridge platforms together

In other words, exposure management today still relies on human insights and expertise. So while vendors advertise “automation and intelligence,” what they’re really delivering is a starting point. Ultimately, AI is a force multiplier for threat analysts, not a replacement.

3. Risk Without Intelligence Is Just Data

Most platforms treat exposure like a math problem. But real risk isn’t just CVSS (Common Vulnerability Scoring System) scores or asset counts, it requires answering critical, intelligence-based questions:

  1. How likely is this vulnerability to be exploited, and what’s the impact if it is?
  2. How likely is this misconfiguration to be exploited, and what is its impact?
  3. How likely is this compromised credential to be used by a threat actor, and what is the potential impact?

These answers require intelligence, not just data. Best-in-class intelligence provides security teams with confirmed exploit activity in the wild, context around attacker usage in APT (Advanced Persistent Threat) campaigns, and detailed metadata for prioritization where CVSS fails. That is why Flashpoint intelligence is leveraged by over 800 organizations as the operational core of exposure management, turning exposure data into defensible decisions.

CTEM Productization vs. CTEM Reality

If your risk strategy requires continuous penetration and exploit testing, vulnerability management, threat intelligence, and manual prioritization and validation, you’re not buying CTEM; you’re building it. At Flashpoint, we’re helping organizations build CTEM the right way: driven by intelligence, and powered by integrations and AI.

The Intelligence-Led Future of Exposure Management

Flashpoint treats CTEM for what it really is, as a program that must be constructed intelligently, iteratively, and contextually.

That means:

  • Using threat and vulnerability intelligence to drive what actually gets prioritized
  • Treating scanners, ASM platforms, and pentesting as inputs, not outcomes
  • Building processes where intelligence, context, and validation inform exposure decisions, not just ticket creation
  • Investing in platform interconnectivity, not just feature checklists

Using Flashpoint’s intelligence collections, organizations can achieve intelligence-led exposure management, with threat and vulnerability intelligence working together to provide context and actionable insights in a continuous, prioritized loop. This empowers security teams to build and scale their own CTEM programs, which is the only realistic approach in a cybersecurity landscape where no single platform can do it all.

Achieve Elite Operation Control Over Your CTEM Program Using Flashpoint

If you’re evaluating exposure management tools, ask yourself:

  • What happens when we find a critical vulnerability and how do we know it matters?
  • Can this platform correlate attacker behavior with our asset landscape?
  • Does it validate risk or just report it?
  • How many other tools will we need to buy just to complete the picture?

The answers may surprise you. At Flashpoint, we’re helping organizations build CTEM the right way, driven by intelligence, powered by integration, and grounded in reality. Request a demo today and see how best-in-class intelligence is the key to achieving an effective CTEM program.

Request a demo today.

The post Why Effective CTEM Must be an Intelligence-Led Program appeared first on Flashpoint.

  •  
  • ↗️
↗️

Flashpoint Weekly Vulnerability Insights and Prioritization Report

✇Threat Intelligence Blog | Flashpoint
By: Flashpoint Intel Team

Blogs

Blog

Flashpoint Weekly Vulnerability Insights and Prioritization Report

Week of December 20 – December 26, 2025

Anticipate, contextualize, and prioritize vulnerabilities to effectively address threats to your organization.

SHARE THIS:
Default Author Image
December 31, 2025

Flashpoint’s VulnDB™ documents over 400,000 vulnerabilities and has over 6,000 entries in Flashpoint’s KEV database, making it a critical resource as vulnerability exploitation rises. However, if your organization is relying solely on CVE data, you may be missing critical vulnerability metadata and insights that hinder timely remediation. That’s why we created this weekly series—where we surface and analyze the most high priority vulnerabilities security teams need to know about.

Key Vulnerabilities:
Week of December 20 – December 26, 2025

Foundational Prioritization

Of the vulnerabilities Flashpoint published this week, there are 34 that you can take immediate action on. They each have a solution, a public exploit exists, and are remotely exploitable. As such, these vulnerabilities are a great place to begin your prioritization efforts.

Diving Deeper – Urgent Vulnerabilities

Of the vulnerabilities Flashpoint published last week, four are highlighted in this week’s Vulnerability Insights and Prioritization Report because they contain one or more of the following criteria:

  • Are in widely used products and are potentially enterprise-affecting
  • Are exploited in the wild or have exploits available
  • Allow full system compromise
  • Can be exploited via the network alone or in combination with other vulnerabilities
  • Have a solution to take action on

In addition, all of these vulnerabilities are easily discoverable and therefore should be investigated and fixed immediately.

To proactively address these vulnerabilities and ensure comprehensive coverage beyond publicly available sources on an ongoing basis, organizations can leverage Flashpoint Vulnerability Intelligence. Flashpoint provides comprehensive coverage encompassing IT, OT, IoT, CoTs, and open-source libraries and dependencies. It catalogs over 100,000 vulnerabilities that are not included in the NVD or lack a CVE ID, ensuring thorough coverage beyond publicly available sources. The vulnerabilities that are not covered by the NVD do not yet have CVE ID assigned and will be noted with a VulnDB ID.

CVE IDTitleCVSS Scores (v2, v3, v4)Exploit StatusExploit ConsequenceRansomware Likelihood ScoreSocial Risk ScoreSolution Availability
CVE-2025-33222NVIDIA Isaac Launchable Unspecified Hardcoded Credentials5.0
9.8
9.3		PrivateCredential DisclosureHighLowYes
CVE-2025-33223NVIDIA Isaac Launchable Unspecified Improper Execution Privileges Remote Code Execution10.0
9.8
9.3		PrivateRemote Code ExecutionHighLowYes
CVE-2025-68613n8n Package for Node.js packages/workflow/src/expression-evaluator-proxy.ts Workflow Expression Evaluation Remote Code Execution9.0
9.9
9.4		PublicRemote Code ExecutionHighHighYes
CVE-2025-14847MongoDB transport/message_compressor_zlib.cpp ZlibMessageCompressor::decompressData() Function Zlib Compressed Protocol Header Handling Remote Uninitialized Memory Disclosure (Mongobleed)10.0
9.8
9.3		PublicUninitialized Memory DisclosureHighHighYes
Scores as of: December 30, 2025

NOTES: The severity of a given vulnerability score can change whenever new information becomes available. Flashpoint maintains its vulnerability database with the most recent and relevant information available. Login to view more vulnerability metadata and for the most up-to-date information.

CVSS scores: Our analysts calculate, and if needed, adjust NVD’s original CVSS scores based on new information being available.

Social Risk Score: Flashpoint estimates how much attention a vulnerability receives on social media. Increased mentions and discussions elevate the Social Risk Score, indicating a higher likelihood of exploitation. The score considers factors like post volume and authors, and decreases as the vulnerability’s relevance diminishes.

Ransomware Likelihood: This score is a rating that estimates the similarity between a vulnerability and those known to be used in ransomware attacks. As we learn more information about a vulnerability (e.g. exploitation method, technology affected) and uncover additional vulnerabilities used in ransomware attacks, this rating can change.

Flashpoint Ignite lays all of these components out. Below is an example of what this vulnerability record for CVE-2025-33223 looks like.



This record provides additional metadata like affected product versions, MITRE ATT&CK mapping, analyst notes, solution description, classifications, vulnerability timeline and exposure metrics, exploit references and more.

Analyst Comments on the Notable Vulnerabilities

Below, Flashpoint analysts describe the five vulnerabilities highlighted above as vulnerabilities that should be of focus for remediation if your organization is exposed.

CVE-2025-33222

NVIDIA Isaac Launchable contains a flaw that is triggered by the use of unspecified hardcoded credentials. This may allow a remote attacker to trivially gain privileged access to the program.

CVE-2025-33223

NVIDIA Isaac Launchable contains an unspecified flaw that is triggered as certain activities are executed with unnecessary privileges. This may allow a remote attacker to potentially execute arbitrary code.

CVE-2025-68613

n8n Package for Node.js contains a flaw in packages/workflow/src/expression-evaluator-proxy.ts that is triggered as workflow expressions are evaluated in an improperly isolated execution context. This may allow an authenticated, remote attacker to execute arbitrary code with the privileges of the n8n process.

CVE-2025-14847

MongoDB contains a flaw in the ZlibMessageCompressor::decompressData() function in mongo/transport/message_compressor_zlib.cpp that is triggered when handling mismatched length fields in Zlib compressed protocol headers. This may allow a remote attacker to disclose uninitialized memory contents on the heap.

Previously Highlighted Vulnerabilities

CVE/VulnDB IDFlashpoint Published Date
CVE-2025-21218Week of January 15, 2025
CVE-2024-57811Week of January 15, 2025
CVE-2024-55591Week of January 15, 2025
CVE-2025-23006Week of January 22, 2025
CVE-2025-20156Week of January 22, 2025
CVE-2024-50664Week of January 22, 2025
CVE-2025-24085Week of January 29, 2025
CVE-2024-40890Week of January 29, 2025
CVE-2024-40891Week of January 29, 2025
VulnDB ID: 389414Week of January 29, 2025
CVE-2025-25181Week of February 5, 2025
CVE-2024-40890Week of February 5, 2025
CVE-2024-40891Week of February 5, 2025
CVE-2024-8266Week of February 12, 2025
CVE-2025-0108Week of February 12, 2025
CVE-2025-24472Week of February 12, 2025
CVE-2025-21355Week of February 24, 2025
CVE-2025-26613Week of February 24, 2025
CVE-2024-13789Week of February 24, 2025
CVE-2025-1539Week of February 24, 2025
CVE-2025-27364Week of March 3, 2025
CVE-2025-27140Week of March 3, 2025
CVE-2025-27135Week of March 3, 2025
CVE-2024-8420Week of March 3, 2025
CVE-2024-56196Week of March 10, 2025
CVE-2025-27554Week of March 10, 2025
CVE-2025-22224Week of March 10, 2025
CVE-2025-1393Week of March 10, 2025
CVE-2025-24201Week of March 17, 2025
CVE-2025-27363Week of March 17, 2025
CVE-2025-2000Week of March 17, 2025
CVE-2025-27636
CVE-2025-29891		Week of March 17, 2025
CVE-2025-1496
Week of March 24, 2025
CVE-2025-27781Week of March 24, 2025
CVE-2025-29913Week of March 24, 2025
CVE-2025-2746Week of March 24, 2025
CVE-2025-29927Week of March 24, 2025
CVE-2025-1974 CVE-2025-2787Week of March 31, 2025
CVE-2025-30259Week of March 31, 2025
CVE-2025-2783Week of March 31, 2025
CVE-2025-30216Week of March 31, 2025
CVE-2025-22457Week of April 2, 2025
CVE-2025-2071Week of April 2, 2025
CVE-2025-30356Week of April 2, 2025
CVE-2025-3015Week of April 2, 2025
CVE-2025-31129Week of April 2, 2025
CVE-2025-3248Week of April 7, 2025
CVE-2025-27797Week of April 7, 2025
CVE-2025-27690Week of April 7, 2025
CVE-2025-32375Week of April 7, 2025
VulnDB ID: 398725Week of April 7, 2025
CVE-2025-32433Week of April 12, 2025
CVE-2025-1980Week of April 12, 2025
CVE-2025-32068Week of April 12, 2025
CVE-2025-31201Week of April 12, 2025
CVE-2025-3495Week of April 12, 2025
CVE-2025-31324Week of April 17, 2025
CVE-2025-42599Week of April 17, 2025
CVE-2025-32445Week of April 17, 2025
VulnDB ID: 400516Week of April 17, 2025
CVE-2025-22372Week of April 17, 2025
CVE-2025-32432Week of April 29, 2025
CVE-2025-24522Week of April 29, 2025
CVE-2025-46348Week of April 29, 2025
CVE-2025-43858Week of April 29, 2025
CVE-2025-32444Week of April 29, 2025
CVE-2025-20188Week of May 3, 2025
CVE-2025-29972Week of May 3, 2025
CVE-2025-32819Week of May 3, 2025
CVE-2025-27007Week of May 3, 2025
VulnDB ID: 402907Week of May 3, 2025
VulnDB ID: 405228Week of May 17, 2025
CVE-2025-47277Week of May 17, 2025
CVE-2025-34027Week of May 17, 2025
CVE-2025-47646Week of May 17, 2025
VulnDB ID: 405269Week of May 17, 2025
VulnDB ID: 406046Week of May 19, 2025
CVE-2025-48926Week of May 19, 2025
CVE-2025-47282Week of May 19, 2025
CVE-2025-48054Week of May 19, 2025
CVE-2025-41651Week of May 19, 2025
CVE-2025-20289Week of June 3, 2025
CVE-2025-5597Week of June 3, 2025
CVE-2025-20674Week of June 3, 2025
CVE-2025-5622Week of June 3, 2025
CVE-2025-5419Week of June 3, 2025
CVE-2025-33053Week of June 7, 2025
CVE-2025-5353Week of June 7, 2025
CVE-2025-22455Week of June 7, 2025
CVE-2025-43200Week of June 7, 2025
CVE-2025-27819Week of June 7, 2025
CVE-2025-49132Week of June 13, 2025
CVE-2025-49136Week of June 13, 2025
CVE-2025-50201Week of June 13, 2025
CVE-2025-49125Week of June 13, 2025
CVE-2025-24288Week of June 13, 2025
CVE-2025-6543Week of June 21, 2025
CVE-2025-3699Week of June 21, 2025
CVE-2025-34046Week of June 21, 2025
CVE-2025-34036Week of June 21, 2025
CVE-2025-34044Week of June 21, 2025
CVE-2025-7503Week of July 12, 2025
CVE-2025-6558Week of July 12, 2025
VulnDB ID: 411705Week of July 12, 2025
VulnDB ID: 411704Week of July 12, 2025
CVE-2025-6222Week of July 12, 2025
CVE-2025-54309Week of July 18, 2025
CVE-2025-53771Week of July 18, 2025
CVE-2025-53770Week of July 18, 2025
CVE-2025-54122Week of July 18, 2025
CVE-2025-52166Week of July 18, 2025
CVE-2025-53942Week of July 25, 2025
CVE-2025-46811Week of July 25, 2025
CVE-2025-52452Week of July 25, 2025
CVE-2025-41680Week of July 25, 2025
CVE-2025-34143Week of July 25, 2025
CVE-2025-50454Week of August 1, 2025
CVE-2025-8875Week of August 1, 2025
CVE-2025-8876Week of August 1, 2025
CVE-2025-55150Week of August 1, 2025
CVE-2025-25256Week of August 1, 2025
CVE-2025-43300Week of August 16, 2025
CVE-2025-34153Week of August 16, 2025
CVE-2025-48148Week of August 16, 2025
VulnDB ID: 416058Week of August 16, 2025
CVE-2025-32992Week of August 16, 2025
CVE-2025-7775Week of August 24, 2025
CVE-2025-8424Week of August 24, 2025
CVE-2025-34159Week of August 24, 2025
CVE-2025-57819Week of August 24, 2025
CVE-2025-7426Week of August 24, 2025
CVE-2025-58367Week of September 1, 2025
CVE-2025-58159Week of September 1, 2025
CVE-2025-58048Week of September 1, 2025
CVE-2025-39247Week of September 1, 2025
CVE-2025-8857Week of September 1, 2025
CVE-2025-58321Week of September 8, 2025
CVE-2025-58366Week of September 8, 2025
CVE-2025-58371Week of September 8, 2025
CVE-2025-55728Week of September 8, 2025
CVE-2025-55190Week of September 8, 2025
VulnDB ID: 419253Week of September 13, 2025
CVE-2025-10035Week of September 13, 2025
CVE-2025-59346Week of September 13, 2025
CVE-2025-55727Week of September 13, 2025
CVE-2025-10159Week of September 13, 2025
CVE-2025-20363Week of September 20, 2025
CVE-2025-20333Week of September 20, 2025
CVE-2022-4980Week of September 20, 2025
VulnDB ID: 420451Week of September 20, 2025
CVE-2025-9900Week of September 20, 2025
CVE-2025-52906Week of September 27, 2025
CVE-2025-51495Week of September 27, 2025
CVE-2025-27224Week of September 27, 2025
CVE-2025-27223Week of September 27, 2025
CVE-2025-54875Week of September 27, 2025
CVE-2025-41244Week of September 27, 2025
CVE-2025-61928Week of October 6, 2025
CVE-2025-61882Week of October 6, 2025
CVE-2025-49844Week of October 6 2025
CVE-2025-57870Week of October 6, 2025
CVE-2025-34224Week of October 6, 2025
CVE-2025-34222Week of October 6, 2025
CVE-2025-40765Week of October 11, 2025
CVE-2025-59230Week of October 11, 2025
CVE-2025-24990Week of October 11, 2025
CVE-2025-61884Week of October 11, 2025
CVE-2025-41430Week of October 11, 2025
VulnDB ID: 424051Week of October 18, 2025
CVE-2025-62645Week of October 18, 2025
CVE-2025-61932Week of October 18, 2025
CVE-2025-59503Week of October 18, 2025
CVE-2025-43995Week of October 18, 2025
CVE-2025-62168Week of October 18, 2025
VulnDB ID: 425182Week of October 25, 2025
CVE-2025-62713Week of October 25, 2025
CVE-2025-54964Week of October 25, 2025
CVE-2024-58274Week of October 25, 2025
CVE-2025-41723Week of October 25, 2025
CVE-2025-20354Week of November 1, 2025
CVE-2025-11953Week of November 1, 2025
CVE-2025-60854Week of November 1, 2025
CVE-2025-64095Week of November 1, 2025
CVE-2025-11833Week of November 1, 2025
CVE-2025-64446Week of November 8, 2025
CVE-2025-36250Week of November 8, 2025
CVE-2025-64400Week of November 8, 2025
CVE-2025-12686Week of November 8, 2025
CVE-2025-59118Week of November 8, 2025
VulnDB ID: 426231Week of November 8, 2025
VulnDB ID: 427979Week of November 22, 2025
CVE-2025-55796Week of November 22, 2025
CVE-2025-64428Week of November 22, 2025
CVE-2025-62703Week of November 22, 2025
VulnDB ID: 428193Week of November 22, 2025
CVE-2025-65018Week of November 22, 2025
CVE-2025-54347Week of November 22, 2025
CVE-2025-55182Week of November 29, 2025
CVE-2024-14007Week of November 29, 2025
CVE-2025-66399Week of November 29, 2025
CVE-2022-35420Week of November 29, 2025
CVE-2025-66516Week of November 29, 2025
CVE-2025-59366Week of November 29, 2025
CVE-2025-14174Week of December 6, 2026
CVE-2025-43529Week of December 6, 2026
CVE-2025-8110Week of December 6, 2026
CVE-2025-59719Week of December 6, 2026
CVE-2025-59718Week of December 6, 2026
CVE-2025-14087Week of December 6, 2026
CVE-2025-62221Week of December 6, 2026

Transform Vulnerability Management with Flashpoint

Request a demo today to see how Flashpoint can transform your vulnerability intelligencevulnerability management, and exposure identification program.

Request a demo today.

  •  
  • ↗️
❌