Java services top the list at 59% with exploitable flaws, followed by .NET at 47% and Rust at 40%.
End-of-life (EOL) runtimes worsen risks; 10% of services use EOL versions, with Go at 23% and PHP at 13%. Services on EOL languages see 50% vulnerability rates versus 37% on supported ones.
Median dependencies lag 278 days behind the latest versions, up from 215 last year; Java lags 492 days. Less frequent deployments (under monthly) have 70% more outdated libraries than daily ones.
Newer libraries (2025) average 1.3 vulnerabilities, versus 3.8 in 2023, partly due to Spring Framework CVEs.
| CVE ID | Affected Component | CVSS Score | Description | Fixed Versions |
|---|---|---|---|---|
| CVE-2023-20861 | Spring Framework | 5.9 (Medium) | DoS via crafted SpEL expression | 6.0.7+, 5.3.26+, 5.2.23+ |
| CVE-2023-34034 | Spring WebFlux/Security | 9.8 (Critical) | Broken access control | Latest Spring Security |
| CVE-2025-30066 | tj-actions/changed-files | High | Supply chain attack leaking secrets wiz+1 | v46.0.1+ |
Datadog’s State of DevSecOps 2026 report reveals alarming security gaps in modern development.
50% of organizations use libraries within a day of release, risking malware like s1ngularity (Aug 2025) and Shai-Hulud npm worms. 12% grab public AMIs and 32% Docker images fast, enabling name confusion attacks.
Pinning by commit SHA, cooldowns (e.g., Yarn/pnpm), and trusted sources mitigate this.
All GitHub Actions users rely on marketplace actions, but 71% never pin hashes; 80% use unpinned third-party ones. 2% run past compromised actions like tj-actions. GitHub urges full SHA pinning to block auto-updates.
Only 18% of “critical” vulnerabilities remain so after context adjustment (runtime, exploits). .NET drops 98%, PHP holds 49%. Average high/critical vulns per app fell to 8 from 13.5. Focus on true risks cuts alert fatigue.
Follow us on Google News, LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post 87% of Organizations Exposed: Known Exploited Vulnerabilities Found in Active Software appeared first on Cyber Security News.
Four people were rescued from Storrs Lake on Friday, March 20, after their kayak overturned.
The Rockford Fire Department is investigating a house fire that significantly damaged the home and…
Star Wars projects are at an all-time high, with The Mandalorian and Grogu set to…
A new weekend has arrived, and today, you can save big on Castlevania: The Complete…
Mojang Studios has officially announced that Minecraft Dungeons 2 is in development with plans to…
Mojang Studios has unveiled more information about updates coming to Minecraft in 2026, including the…
This website uses cookies.