BleepingComputer reports that MITRE has regarded cross-site scripting flaws as the most common and severe software vulnerabilities this year, followed by out-of-bounds write, SQL injection, cross-site request forgery, and path traversal issues.
Out-of-bounds read, OS command injection, use after free, missing authorization, and unrestricted upload of file with dangerous type bugs rounded out the top 10 of MITRE's 25 most serious software flaws, which have been determined through a review of 31,770 vulnerabilities reported over a year-long period beginning June 2023. MITRE's list should be evaluated by organizations to better manage software security, according to the Cybersecurity and Infrastructure Security Agency. "Prioritizing these weaknesses in development and procurement processes helps prevent vulnerabilities at the core of the software lifecycle," said CISA, which has called for measures to avert SQLi and path traversal flaws in recent Secure By Design Alerts. Such a development comes a week after most of the heavily exploited flaws last year were reported by CISA, FBI, the National Security Agency, and Five Eyes cyber authorities to have been zero-days.
