NIST prioritizes severity scoring for high-priority vulnerabilities amid record growth

NIST can't keep up with vulnerability submissions.
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

The cybersecurity company said the systemic vulnerability is baked into Anthropic's official MCP software development kit ...
ExecutiveGov

NIST Revamps Vulnerability Database Prioritization to Manage CVE Surge

NIST is focusing on enriching cybersecurity vulnerabilities and exposures that appear in CISA’s Known Exploited ...
SecurityWeek

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released patches that resolve high- and medium-severity vulnerabilities in Splunk Enterprise and MCP Server.

NIST limits vulnerability analysis as CVE backlog swells

The National Institute of Standards and Technology is changing how it analyzes newly disclosed vulnerabilities as it faces a ...

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Recently leaked Windows zero-days now exploited in attacks

Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or ...

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest ...
Forbes

CVE Program Funding Reinstated—What It Means And What To Do Next

Forbes contributors publish independent expert analyses and insights. Kate O’Flaherty is a cybersecurity and privacy journalist. U.S. President Donald Trump has cut funding for the global database of ...