GCVE: Global CVE Allocation System
Enhancing Flexibility, Scalability, Autonomy, and Resilience in Vulnerability
Identification
Slides presented at a CSIRT meeting are now online.
π Slides (PDF) https://gcve.eu/presentation/gcve-eu-paris-2025-06-16.pdf
Join Us at the FIRSTCON25 Hackathon: Advancing GCVE.eu Initiative
#firstcon25 #cybersecurity #opensource #gcve #cve #vulnerabilitymanagement
π https://gcve.eu/2025/06/19/gcve-first-org-hackathon-2025/
Learn about CWEβs most important problems and where they fit within the challenges faced by the broader #vulnerabilitymanagement / #softwaresecurity ecosystem in this video from #VULNCON25
https://youtu.be/RcR-EFSptnQ #CVE #CWE
Most #SBOM tools rely on declarations.
Finite State looks at whatβs actually on the device & how it behaves.
π½οΈ Catch this moment from our webinar to see how execution-aware analysis changes the game.
Vulnerability discovered in ASUS Armoury Crate
Vulnerability: improper verification of driver caller
Impact: can be exploited to bypass authorization and escalate privileges to SYSTEM on Windows
Remediation: Updated to latest version
Whether you're:
π¨βπ» a consultant in need of delivering high-quality reports faster
π’ an internal team scaling risk management
π‘ or an MSSP managing various client pipelines
...our integrations help you move quicker, reduce risk, and prove value β without manual overhead.
Pentest-Tools.com connects seamlessly with:
β
Jira β auto-create tickets for high-risk findings
β
Slack / Teams β notify your team only when it matters
β
GitHub Actions β trigger scans in CI/CD before pushing code
β
Vanta / Nucleus β automate compliance & findings management
β
Webhooks / API β build custom workflows with full control
and more
π Explore integrations that match your workflow β https://pentest-tools.com/features/integrations
CIRCL - Coordinated Vulnerability Disclosure (CVD) Policy
An updated coordinated vulnerability disclosure policy has been published including a new service to report online vulnerabilities.
#cvd #vulnerabilitymanagement #vulnerability #csirt #cert #nis2 #cybersecurity
π https://circl.lu/pub/coordinated-vulnerability-disclosure/
ICS[AP] Dashboards are updated with the 4 new & 1 updated CISA Advisories released on 6/17/25:
Siemens: 1 New | 1 Updated
LS Electric: 1 New
Fuji Electric: 1 New
Dover Fueling Solutions (DFS): 1 New
www.icsadvisoryproject.com
Good Morning, Afternoon, or Evening, Everyone. CISA ICS Advisories Master File for 6/17/25 & the following year's CSV are updated:
CISA_ICS_ADV_2025_06_17.csv
CISA_ICS_ADV_2024_6_17_25.csv
Available @ ICS Advisory Project GitHub: https://github.com/icsadvprj
Toreon is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities discovered by or reported to Toreon that are not in another CNAβs scope
https://cve.org/Media/News/item/news/2025/06/17/Toreon-Added-as-CNA
#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity
Minutes from the CVE Board teleconference meeting on May 28 are now available
https://cve.mitre.org/community/board/meeting_summaries/28_May_2025.pdf
#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity
New on the #CVE Blog:
Videos from βCVE/FIRST VulnCon 2025β Now Available
https://medium.com/@cve_program/videos-from-cve-first-vulncon-2025-now-available-ae43e3c20329
#vulnerabilitymanagement #vulnerability #informationsecurity #cybersecurity
Β« Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADCβ―and NetScaler Gateway Β»
Β« A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session. Β»
π https://vulnerability.circl.lu/cve/CVE-2025-5689#sightings
Visual overview of GCVE: Global CVE Allocation System.
#gcve #vulnerabilitymanagement #vulnerability #cve #vulnerability
GitLab has released software updates to address several vulnerabilities
Vulnerabilities: HTML injection; missing authorization; cross-site scripting
Vulnerability IDs: CVE-2025-4278, CVE-2025-5121, CVE-2025-2254
Impact: allows attackers to take over accounts; inject malicious jobs; act in the context of a legitimate user
Recommendation: update to version 18.0.2, 17.11.4, or 17.10.8
Adobe has released June 2025 software updates
The updates address 254 security flaws across Adobe's software portfolio, including Magento and Commerce
Administrators are advised to patch ASAP
#cybersecurity #Adobe #vulnerabilitymanagement
https://thehackernews.com/2025/06/adobe-releases-patch-fixing-254.html
854 CVE Records + severity scores when available in CISAβs Vulnerability Summary bulletin for the week of June 2, 2025
https://www.cisa.gov/news-events/bulletins/sb25-160
#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA
If you're already a GNA, we've created a set of logos you can use to show that you're a GCVE Numbering Authority (GNA).
π If you want to become a GNA https://gcve.eu/about/#eligibility-and-process-to-obtain-a-gna-id
ICS[AP] Dashboards are updated with the 10 new CISA Advisories released on 6/12/25:
Siemens: 6 New
AVEVA: 3 New
ValueHD, PTZOptics, multiCAM Systems, SMTAV: 1 New
www.icsadvisoryproject.com
