I'm in a mood today. #vulnerabilitymanagement #shitposting #infosec

TYPO3 is now a CVE Numbering Authority (CNA) assigning CVE IDs for TYPO3 open-source products only, including TYPO3 CMS core & 3rd party extensions for TYPO3
https://cve.org/Media/News/item/news/2025/07/15/TYPO3-Added-as-CNA

#cve #cna #vulnerability #vulnerabilitymanagement #opensource

Minutes from the CVE Board teleconference meeting on June 25 are now available

https://www.mail-archive.com/cve-editorial-board-list@mitre.org/msg00277.html

#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity

Minutes from the CVE Board teleconference meeting on June 11 are now available

https://www.mail-archive.com/cve-editorial-board-list@mitre.org/msg00279.html

#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity

Wrapped up an energising Vulnerability Lookup workshop during @circl’s Virtual Summer School 2025.

Video and slides are now available.

Big thanks to everyone who joined the discussions.

Video https://youtu.be/imkPqA-1mVE
Slides https://www.vulnerability-lookup.org/files/events/2025/VSS-2025-VulnerabilityLookup.pdf

#opensource #gcve #vulnerability #vulnerabilitymanagement

@gcve
@cedric
@rafi0t

638 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of June 30, 2025

https://www.cisa.gov/news-events/bulletins/sb25-188

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

Unauthenticated SQL injection in GUI in FortiWeb - CVE-2025-25257

#vulnerabilitymanagement #cybersecurity #fortinet #vulnerability

https://vulnerability.circl.lu/vuln/CVE-2025-25257#comments

Struggling to manage security findings from your scans? This webinar is for you. Discover how to leverage Anchore with DefectDojo to centralize, prioritize, and act on vulnerabilities effectively. Practical, open-source solutions for real-world DevSecOps challenges. Secure your spot:https://go.anchore.com/using-anchore-defectdojo-standup-devsecops.html #DevOps #SecurityTools #VulnerabilityManagement #OpenSource

EU startet eigene #Vulnerability Database um sich von eigenständiger aufzustellen. Ein guter Schritt in die richtige Richtung, um sich unabhängig von manipulierten Datenbanken anderer Länder wie USA und China zu machen. Denn dort findet man u.U. nicht alles. So werden möglicherweise Schwachstellen - die Geheimdienste nutzen könnten - nicht veröffentlicht.

#enisa #cve #vulnerabilitymanagement #vulnerabilitylookup #eu #sicherheit #sicherheitslucke #cybersecurity

https://www.security-insider.de/eu-startet-eigene-sicherheitsluecken-datenbank-euvd-vs-cve-a-33ae6052fffd0d493f2c42f70c7969cc/

Altium is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities in the following Altium products only: Altium Designer, A365, Octopart, & Altium Enterprise Server
https://cve.org/Media/News/item/news/2025/07/08/Altium-Added-as-CNA

#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity

VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification.

This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling faster and more consistent triage ahead of manual CVSS scoring. The model and dataset are open-source and integrated into the Vulnerability-Lookup service.

We ( @cedric and I) decided to make a paper to better document how VLAI is implemented. We hope it will give other ideas and improvements in such model.

#vulnerability #cybersecurity #vulnerabilitymanagement #ai #nlp #opensource

@circl

https://arxiv.org/abs/2507.03607

Exposure management is the answer to: “Am I working on the right things?” https://www.helpnetsecurity.com/2025/07/08/dan-decloss-plextrac-exposure-management-strategy/ #vulnerabilitymanagement #penetrationtesting #incidentresponse #cybersecurity #Don'tmiss #Features #Hotstuff #PlexTrac #strategy #News

Who is right with this sudo vulnerability? The CVSS reported or the VLAI severity model?

#sudo #vulnerability #vulnerabilitymanagement #threatintel

https://vulnerability.circl.lu/vuln/CVE-2025-32462#sightings

Exposed and unaware? Smart buildings need smarter risk controls https://www.helpnetsecurity.com/2025/07/04/building-management-systems-bms-risk/ #vulnerabilitymanagement #digitaltransformation #riskmanagement #smartbuilding #remediation #automation #Claroty #report #News #risk

746 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of June 23, 2025

https://www.cisa.gov/news-events/bulletins/sb25-181

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

CVE Program adds Researcher Working Group (RWG) for researcher and bug bounty CVE Numbering Authorities (CNAs)
https://www.cve.org/Media/News/item/news/2025/07/01/CVE-Program-Adds-Researcher-WG-for-CNAs

ICS[AP] Dashboards are updated with the 7 new CISA Advisories released on 7/1/25:

FESTO: 4 New
Voltronic Power, PowerShield: 1 New
Hitachi Energy: 2 New

www.icsadvisoryproject.com

#icssecurity
#otsecurity
#vulnerabilitymanagement

Fermax Technologies is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities discovered in the services & applications of the MeetMe & DuoxMe products

https://cve.org/Media/News/item/news/2025/07/01/Fermax-Added-as-CNA

#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity

Maritime Hacking Village is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities discovered by researchers in collaboration with Maritime Hacking Village that are not in another CNA’s scope

https://cve.org/Media/News/item/news/2025/07/01/Maritime-Hacking-Village-Added-as-CNA

#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity

1,054 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of June 16, 2025

https://www.cisa.gov/news-events/bulletins/sb25-174

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA