CIRCL - Coordinated Vulnerability Disclosure (CVD) Policy

An updated coordinated vulnerability disclosure policy has been published including a new service to report online vulnerabilities.

#cvd #vulnerabilitymanagement #vulnerability #csirt #cert #nis2 #cybersecurity

https://circl.lu/pub/coordinated-vulnerability-disclosure/

ICS[AP] Dashboards are updated with the 4 new & 1 updated CISA Advisories released on 6/17/25:

Siemens: 1 New | 1 Updated
LS Electric: 1 New
Fuji Electric: 1 New
Dover Fueling Solutions (DFS): 1 New

www.icsadvisoryproject.com

#icssecurity
#otsecurity
#vulnerabilitymanagement

Good Morning, Afternoon, or Evening, Everyone. CISA ICS Advisories Master File for 6/17/25 & the following year's CSV are updated:

CISA_ICS_ADV_2025_06_17.csv
CISA_ICS_ADV_2024_6_17_25.csv

Available @ ICS Advisory Project GitHub: https://github.com/icsadvprj

#opensource
#vulnerabilitymanagement
#icssecurity

Toreon is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities discovered by or reported to Toreon that are not in another CNA’s scope

https://cve.org/Media/News/item/news/2025/06/17/Toreon-Added-as-CNA

#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity

Minutes from the CVE Board teleconference meeting on May 28 are now available

https://cve.mitre.org/community/board/meeting_summaries/28_May_2025.pdf

#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity

New on the #CVE Blog:
Videos from “CVE/FIRST VulnCon 2025” Now Available

https://medium.com/@cve_program/videos-from-cve-first-vulncon-2025-now-available-ae43e3c20329

#vulnerabilitymanagement #vulnerability #informationsecurity #cybersecurity

« Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway »

#citrix #vulnerabilitymanagement #vulnerability

https://vulnerability.circl.lu/vuln/CVE-2025-5777

« A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session. »

https://vulnerability.circl.lu/cve/CVE-2025-5689#sightings

Visual overview of GCVE: Global CVE Allocation System.

GitLab has released software updates to address several vulnerabilities

Vulnerabilities: HTML injection; missing authorization; cross-site scripting

Vulnerability IDs: CVE-2025-4278, CVE-2025-5121, CVE-2025-2254

Impact: allows attackers to take over accounts; inject malicious jobs; act in the context of a legitimate user

Recommendation: update to version 18.0.2, 17.11.4, or 17.10.8

#cybersecurity #vulnerabilitymanagement #GitLab

https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity-account-takeover-missing-auth-issues/

Adobe has released June 2025 software updates

The updates address 254 security flaws across Adobe's software portfolio, including Magento and Commerce

Administrators are advised to patch ASAP

#cybersecurity #Adobe #vulnerabilitymanagement

https://thehackernews.com/2025/06/adobe-releases-patch-fixing-254.html

854 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of June 2, 2025

https://www.cisa.gov/news-events/bulletins/sb25-160

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

If you're already a GNA, we've created a set of logos you can use to show that you're a GCVE Numbering Authority (GNA).

https://gcve.eu/logo/

If you want to become a GNA https://gcve.eu/about/#eligibility-and-process-to-obtain-a-gna-id

ICS[AP] Dashboards are updated with the 10 new CISA Advisories released on 6/12/25:

Siemens: 6 New
AVEVA: 3 New
ValueHD, PTZOptics, multiCAM Systems, SMTAV: 1 New

www.icsadvisoryproject.com

#icssecurity
#otsecurity
#vulnerabilitymanagement

Good Morning, Afternoon, or Evening, Everyone. CISA ICS Advisories Master File for 6/12/25 & the following year's CSV are updated:

CISA_ICS_ADV_2025_06_12.csv

Available @ ICS Advisory Project GitHub: https://github.com/icsadvprj

#opensource
#vulnerabilitymanagement
#icssecurity

Ivanti has released security updates to fix three vulnerabilities in its Workspace Control solution

Vulnerabilities: hard-coded key

Impact: Potential privilege escalation, and full system compromise

Vulnerability IDs: CVE-2025-5353, 2-25-22455, CVE-2025-22463

Recommendation: Upgrade to 10.19.10.0 or later

#cybersecurity #vulnerabilitymanagement #Ivanti

https://www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/

GitLab just squashed some critical bugs that could let hackers take over accounts and sneak malicious code into CI/CD pipelines. Are you updated?

https://thedefendopsdiaries.com/enhancing-gitlabs-security-addressing-vulnerabilities-and-strengthening-defenses/

#gitlabsecurity
#devsecops
#cybersecurity
#vulnerabilitymanagement
#securitypatches

External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.

https://vulnerability.circl.lu/vuln/CVE-2025-33053#sightings

#webdav #vulnerabilitymanagement #cve #vulnerability #cybersecurity

CVE-2025-33053