With the extension of the CVE record format in GCVE, we added the related vulnerabilities for the "recent" telnetd. Very nifty for analyst. The edit functionality in vulnerability-lookup supports the BCP-05 extensions including relationships.
Thanks to @claudex for digging
#gcve #vulnerability #vulnerabilityManagement #cve #telnet #cybersecurity
Europäische #CVE-Alternative ist lanciert - inside-it.ch https://www.inside-it.ch/europaeische-cve-alternative-ist-lanciert-20260121 #GCVE #DigitalSovereignty
The GCVE vulnerability database, developed by Luxembourg’s CIRCL, is now publicly available and designed to remain CVE-compatible.
It aggregates advisories from 25+ centralized and decentralized sources, correlates naming conventions, and supports machine-based analysis for security teams and researchers.
The launch reflects ongoing conversations around redundancy, governance, and long-term stability in vulnerability disclosure frameworks.
How do you evaluate new vulnerability data sources before integrating them into your pipeline?
Source: https://www.inside-it.ch/europaeische-cve-alternative-ist-lanciert-20260121
Follow @technadu for objective cybersecurity reporting.
#GCVE #VulnerabilityManagement #ThreatIntel #CVE #SecurityResearch #EUInfosec
The last 5 days have been a bit wild for the GCVE.eu initiative.
What started as steady work suddenly picked up real momentum:
The public GCVE.eu database instance - https://db.gcve.eu/ - caught the attention of the media, sparking discussions well beyond our usual circles
We published updates to the GCVE KEV Assertion Standard Format (BCP-07), refining how known-exploited information can be asserted and shared
Vulnerability-Lookup 2.21.0 was released, bringing improvements aligned with the GCVE ecosystem
We received a lot of valuable feedback especially on the specs, the tooling, and the overall direction
New GNAs joined the GCVE directory, and new contributors stepped in to help shape both the specifications and the software
Seeing this level of engagement, critique, and contribution in such a short time is incredibly motivating. It reinforces why an open, decentralized, and collaborative approach to vulnerability identification and sharing matters.
Huge thanks to everyone who tested, commented, challenged assumptions, wrote code, improved text, or simply helped spread the word. This is very much a community effort and it’s only getting started. 💙
#GCVE #OpenSource #VulnerabilityManagement #CyberSecurity #Standards #Community
Don't hesitate to follow us at GCVE-EU - @gcve
GCVE BCP - https://gcve.eu/bcp/
GCVE DB - https://db.gcve.eu/recent
Vulnerability-Lookup - https://github.com/vulnerability-lookup/vulnerability-lookup
Want to help working on a future global vulnerability intelligence platform with us? Join our community meetings!
🇪🇺🤜🇺🇸 Європа запустила власну публічну базу даних для відстеження вразливостей програмного забезпечення під назвою #GCVE (Global Cybersecurity Vulnerability Enumeration). Метою ініціативи є зміцнення цифрової безпеки та створення децентралізованої альтернативи американським сервісам, що дозволить Європі самостійно ідентифікувати кіберзагрози та реагувати на них.
https://hackread.com/eu-launches-gcve-track-vulnerabilities-us/
A decentralized system to track software flaws and vulnerabilities.
by Deeba Ahmed
https://hackread.com/eu-launches-gcve-track-vulnerabilities-us/
New Security Vulnerability Database Launches In The EU
#Europe launches GCVE to track security vulnerabilities without relying on the US, creating a new independent platform for reporting security flaws in software.
Read: https://hackread.com/eu-launches-gcve-track-vulnerabilities-us/
Die #GCVE-Initiative hat mit db.gcve.eu eine frei zugängliche #Datenbank gestartet, die als zentrale Anlaufstelle für Informationen zu IT-#Schwachstellen dienen soll. Ziel ist es, Sicherheitsteams, Forschenden und Entwicklern das Auffinden und Nachverfolgen von Sicherheitsmeldungen über verschiedene Ökosysteme hinweg zu erleichtern.
Das #Opensource Projekt ist als Schritt hin zu einem dezentralen, föderierten Ansatz im #Schwachstellenmanagement gedacht:
We know we are late, but happy New Year everyone 🥳 . We have already been busy and are now a #GCVE Numbering Authority (GNA).
The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.
More information about GCVE: https://gcve.eu/
📢 GCVE lance db.gcve.eu, une base publique et ouverte d’avis de vulnérabilités
📝 Selon GCVE (annonce du 7 janvier 2026), le projet dévoile db.gcve.eu, une nouvelle base publique et gratuite d’avis de vulnérabilités destinée à agréger, normaliser et corr...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-10-gcve-lance-db-gcve-eu-une-base-publique-et-ouverte-davis-de-vulnerabilites/
🌐 source : https://gcve.eu/2026/01/07/gcve-db-announce/
#GCVE #base_de_données #Cyberveille
Luxembourg, 2026/01/07 - The GCVE initiative is proud to announce the public launch of db.gcve.eu , a new open and freely accessible vulnerability advisory database. The platform aggregates and correlates vulnerability information from more than 25 public sources, including GCVE GNA (Numbering Authority) sources and other established vulnerability databases.
🔗 For more details - https://gcve.eu/2026/01/07/gcve-db-announce/
🔗 https://db.gcve.eu/
#cve #gcve #cybersecurity #vulnerabilitymanagement #vulnerability
Transparent and Open BCP Development Process for GCVE
We have formalized the BCP development process to provide full visibility into our progress. Our goal is to ensure that everyone can track the evolution of each standard and understand exactly how to get involved.
Participation is entirely open: there are no membership requirements or fees. We welcome contributions from anyone interested in the process.
KEV Assertion Format – Draft Specification (potential BCP?)
This format describes a generic KEV (Known Exploited Vulnerability) assertion format.
The goal is to express who claims exploitation, when, based on what, where it was observed, and with which level of confidence, without turning KEV into full threat intelligence. A KEV assertion is usually very binary and lacking some meta-information. The format adds some information which could better capture details about the exploitation. A majority of the fields are optional except vulnerability, status and evidence.[].source which are recommended.
Feedback, ideas, comments more than welcome!
🔗 https://discourse.ossbase.org/t/kev-known-exploited-vulnerabilities-potential-format-bcp/744
GCVE in 8 Months: Building a Decentralized Vulnerability Identification System.
In less than a year, in practice, just eight months, the GCVE initiative went from concept to a fully operational, decentralized vulnerability identification and publication system.
This post summarizes what we built, why it matters, and where we stand today.
#gcve #vulnerability #vulnerabilitymanagement #cybersecurity #cve
We’ve updated the draft GCVE BCP-05 standard to introduce flexible record types, making it easier to extend, enrich, and structure security advisories.
Comments are more than welcome!
Always look at the credits in CVE records, they’re full of insightful details.
I particularly enjoyed this one. By the way, in Vulnerability Lookup we also have a nice display of the actual credits: finder, coordinator, and so on.
🔗 https://vulnerability.circl.lu/vuln/cve-2025-13658
"A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.
"
End-of-Year Threat Intelligence Sightings Forecast
This report presents an analysis of Threat Intelligence (TI) Sightings aggregated from several key data sources, including social platforms, code repositories, and specialized TI feeds. The primary objective is to visually track historical trends per source and provide a short-term adaptive forecast for a defined period (in days).
#opensource #vulnerability #forecasting #research #sarimax #gcve #cti #thre
atintel ks to @cedric for the continuous work and research on the topic.
https://www.vulnerability-lookup.org/2025/12/02/end-of-year-threat-intelligence-sightings-forecast/
GCVE-1337-2025-00000000000000000000000000000000000000000000000000111111111111111111111111000000000000000000000000000000000000000000000000000000011
Improper Neutralization of Special Elements used in an OS Command in the software HexStrike AI.
https://vulnerability.circl.lu/vuln/GCVE-1337-2025-00000000000000000000000000000000000000000000000000111111111111111111111111000000000000000000000000000000000000000000000000000000011
