Minutes from the CVE Board teleconference meeting on June 25 are now available
https://www.mail-archive.com/cve-editorial-board-list@mitre.org/msg00277.html
#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity
Minutes from the CVE Board teleconference meeting on June 25 are now available
https://www.mail-archive.com/cve-editorial-board-list@mitre.org/msg00277.html
#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity
Minutes from the CVE Board teleconference meeting on June 11 are now available
https://www.mail-archive.com/cve-editorial-board-list@mitre.org/msg00279.html
#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity
Wrapped up an energising Vulnerability Lookup workshop during @circl’s Virtual Summer School 2025.
Video and slides are now available.
Big thanks to everyone who joined the discussions.
Video https://youtu.be/imkPqA-1mVE
Slides https://www.vulnerability-lookup.org/files/events/2025/VSS-2025-VulnerabilityLookup.pdf
NEW on We
Open Source
Nigel Douglas explains why CVSS scores alone don’t cut it anymore. Learn how EPSS, VEX, SSVC & reachability analysis provide real-world prioritization.
Read more: https://allthingsopen.org/articles/vulnerability-prioritization-beyond-cvss
638 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of June 30, 2025
https://www.cisa.gov/news-events/bulletins/sb25-188
#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA
Unauthenticated SQL injection in GUI in FortiWeb - CVE-2025-25257
#vulnerabilitymanagement #cybersecurity #fortinet #vulnerability
ICS[AP] Dashboards are updated with the 10 new & 3 updated CISA Advisory released on 7/10/25:
Siemens: 6 New
Delta Electronics: 1 New
Advantech: 1 New
KUNBUS: 1 New | 1 Update
End-of-Train and Head-of-Train remote linking protocol: 1 New
ECOVACS: 1 Update
IDEC Corporation: 1 Update
www.icsadvisoryproject.com
Struggling to manage security findings from your scans? This webinar is for you. Discover how to leverage Anchore with DefectDojo to centralize, prioritize, and act on vulnerabilities effectively. Practical, open-source solutions for real-world DevSecOps challenges. Secure your spot:https://go.anchore.com/using-anchore-defectdojo-standup-devsecops.html #DevOps #SecurityTools #VulnerabilityManagement #OpenSource
Good Morning, Afternoon, or Evening, Everyone. CISA ICS Advisories Master File for 7/8/25 & the following year's CSV are updated:
CISA_ICS_ADV_2025_07_08.csv
Available @ ICS Advisory Project GitHub: https://github.com/icsadvprj
EU startet eigene #Vulnerability Database um sich von eigenständiger aufzustellen. Ein guter Schritt in die richtige Richtung, um sich unabhängig von manipulierten Datenbanken anderer Länder wie USA und China zu machen. Denn dort findet man u.U. nicht alles. So werden möglicherweise Schwachstellen - die Geheimdienste nutzen könnten - nicht veröffentlicht.
#enisa #cve #vulnerabilitymanagement #vulnerabilitylookup #eu #sicherheit #sicherheitslucke #cybersecurity
Altium is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities in the following Altium products only: Altium Designer, A365, Octopart, & Altium Enterprise Server
https://cve.org/Media/News/item/news/2025/07/08/Altium-Added-as-CNA
#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity
VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification.
This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling faster and more consistent triage ahead of manual CVSS scoring. The model and dataset are open-source and integrated into the Vulnerability-Lookup service.
We ( @cedric and I) decided to make a paper to better document how VLAI is implemented. We hope it will give other ideas and improvements in such model.
#vulnerability #cybersecurity #vulnerabilitymanagement #ai #nlp #opensource
Exposure management is the answer to: “Am I working on the right things?” https://www.helpnetsecurity.com/2025/07/08/dan-decloss-plextrac-exposure-management-strategy/ #vulnerabilitymanagement #penetrationtesting #incidentresponse #cybersecurity #Don'tmiss #Features #Hotstuff #PlexTrac #strategy #News
Who is right with this sudo vulnerability? The CVSS reported or the VLAI severity model?
#sudo #vulnerability #vulnerabilitymanagement #threatintel
https://vulnerability.circl.lu/vuln/CVE-2025-32462#sightings
Exposed and unaware? Smart buildings need smarter risk controls https://www.helpnetsecurity.com/2025/07/04/building-management-systems-bms-risk/ #vulnerabilitymanagement #digitaltransformation #riskmanagement #smartbuilding #remediation #automation #Claroty #report #News #risk
ICS[AP] Dashboards are updated with the 4 new CISA Advisories released on 7/3/25:
Hitachi Energy: 2 New
Mitsubishi Electric: 2 New
ICS Advisory Project identified One KEV Catalog CVE correlated with CVE in ICSA-25-184-03 –> CVE-2025-0411 Affecting Mitsubishi Electric - MELSOFT Update Manager. CVE-2025-0411 is a 7-Zip Mark of the Web Bypass Vulnerability.
www.icsadvisoryproject.com
746 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of June 23, 2025
https://www.cisa.gov/news-events/bulletins/sb25-181
#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA
CVE Program adds Researcher Working Group (RWG) for researcher and bug bounty CVE Numbering Authorities (CNAs)
https://www.cve.org/Media/News/item/news/2025/07/01/CVE-Program-Adds-Researcher-WG-for-CNAs
ICS[AP] Dashboards are updated with the 7 new CISA Advisories released on 7/1/25:
FESTO: 4 New
Voltronic Power, PowerShield: 1 New
Hitachi Energy: 2 New
www.icsadvisoryproject.com
Fermax Technologies is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities discovered in the services & applications of the MeetMe & DuoxMe products
https://cve.org/Media/News/item/news/2025/07/01/Fermax-Added-as-CNA
#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity