Despite the NVD (National Vulnerability Database) outage of the NIST (National Institute of Standards and Technology), Greenbone’s detection engine remains fully operational, offering reliable, vulnerability scanning without relying on missing CVE enrichment data. Since 1999 The MITRE Corporation’s Common Vulnerabilities and Exposures (CVE) has provided free public vulnerability intelligence by publishing and managing information about […]

CVE-2024-4577 (CVSS 9.8 Critical) is currently climbing the winners’ podium of the most malicious security vulnerabilities. Disclosed in early June 2024 by Devcore security researchers, weaponization began within a mere 48 hours. It is a PHP-CGI OS Command Injection vulnerability [CWE-78] impacting PHP for Windows. Attacks distributing “TellYouThePass” ransomware were immediately observed and the CVE […]

Trimble Cityworks, an enterprise asset management (EAM) and public works management software is actively under attack. The campaign began as an unknown (zero-day) vulnerability, but is now tracked as ​​CVE-2025-0994 with a CVSS of 8.6. The vulnerability is a deserialization flaw [CWE-502] that could allow an authenticated attacker to execute arbitrary code remotely (Remote Code […]

An actively exploited RCE (Remote Code Execution) with system privileges vulnerability that does not require user-interaction is as bad as it gets from a technical standpoint. When that CVE impacts software widely used by Fortune 500 companies, it is a ticking time bomb. And when advanced persistent threat actors jump on a software vulnerability such […]

Also in its 16th year, the Osnabrück-based expert and market leader in Open Source Vulnerability Management has kept growing, both in employees, customers, partners and last not least on this blog. After doubling our workforce over the last two years, we at Greenbone are looking proudly at 143 employees, most of them work remotely. This […]