EU Vulnerability Database (#EUVD) launches this week. And not a moment too soon.

The EU Agency for Cybersecurity (#ENISA) has brought EUVD out of beta. Born from a 2022 EU law, EUVD will work alongside MITRE’s Common Vulnerabilities and Exposures database (#CVE)—the future of which is still hazy after last month’s last-minute funding reprieve.

ENISA executive director Juhan Lepassaar (pictured) is keen to get on with the job. In #SBBlogwatch, we take this kiss throughout the world.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/05/euvd-launch-cve-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Seems we got our own thing now

#euvd #cve #eupol

https://euvd.enisa.europa.eu/

RSS feed for CISA KEV vulnerabilities, powered by Vulnerability-Lookup:

https://www.vulnerability-lookup.org/user-manual/feed-syndication/#most-recent-entries-from-known-exploited-vulnerabilities

EU Vulnerability Database Officially Launches Amid CVE Program Concerns https://thecyberexpress.com/eu-vulnerability-database-officially-launches-amid-cve-program-concerns/ #TheCyberExpressNews #TheCyberExpress #Vulnerabilities #FirewallDaily #cybersecurity #CyberNews #ENISA #MITRE #CISA #CVE #NVD #EU

Oh, the US government wouldn’t consider turning off the #CVE databse! It’s critical cybersecurity infrastructure!

#NOAA has entered the chat: https://www.cnn.com/2025/05/08/climate/noaa-ends-disaster-database

Don’t think it can’t happen here, too.

Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟭 - 𝗧𝗵𝗼𝘂𝗴𝗵𝘁𝘀 𝗔𝗳𝘁𝗲𝗿 𝗖𝗼𝗺𝗺𝗲𝗻𝘁𝘀 to the 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗝𝗮𝗶𝗹𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 article.

https://vermaden.wordpress.com/2025/04/11/freebsd-jails-security/

Make sure to update your Meshtastic devices to at least 2.6.2 or newer!

"This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel."

https://www.cvedetails.com/cve/CVE-2025-24797/

Seven new GNAs have been registered on GCVE.EU !

We're glad to see the community grow and are open to new GNA applications

JSON https://gcve.eu/dist/gcve.json
Why and How to become a GNA https://gcve.eu/about/#eligibility-and-process-to-obtain-a-gna-id

glibc (2.41-7) unstable; urgency=medium

Starting with glibc 2.41, shared libraries requiring an executable stack
cannot be dynamically loaded through the #dlopen mechanism from a binary that
does not require an executable stack. This change aims to improve security,
as the previous behavior was used as a vector for RCE (#CVE-2023-38408).
Attempting to do so will result in the following error:

cannot enable executable stack as shared object requires: Invalid argument

While most libraries generated in the past 20 years do not require an
executable stack, some third-party software still need this capability. Many
vendors have already updated their binaries to address this.

If you need to run a program that requires an executable stack through
dynamic loaded shared libraries, you can use the glibc.rtld.execstack
tunable:

Glibc6_TUNABLES=glibc.rtld.execstack=2 ./program

-- Aurelien Jarno <aurel32@debian.org> Sun, 13 Apr 2025 14:41:11 +0200

The OVR Foundation website is live!
We were founded after the U.S. government’s 2025 threat to cut funding for the CVE program — a crucial piece of the cybersecurity landscape. Now, we’re working to create a decentralized, resilient standard for global vulnerability coordination.

Small updates will follow in the next few days.
Visit us: https://ovr-foundation.org
#CyberSecurity #OVR #Infosec #Decentralization #OpenStandard #CVE

This week in #FDroid (TWIF) is live:

* #NLNet funds more projects
* #ElementX fixes a #CVE
* #GadgetBridge offline #GPX maps & headphones
* #Linphone #SIP build fix
* v8 #Mindustry beta
* more #KeyMapper features
* #WikiReader improvements
* #OpenCamera preview shots, lens selector, #UltraHDR
+ 15 new apps
+ 199 updates

Drop by https://f-droid.org/2025/04/24/twif.html

Interesting, Debian detected two required firmware patches for my (prior) Win10 machine, with critical CVEs... Windows 10 never prompted or attempted an upgrade #firmware #vulnerability #cve

I wrote a Discord bot to monitor for CVEs being mentioned in chat, and then it will fetch the details and post it back to chat.

It also has a feature to monitor for new KEV notifications and send them to a dedicated channel

Collab with me. Use it. Abuse it. What ever ya want!

https://github.com/mauvehed/kevvy

Great writeup of CVE-2025-21204, the one that resulted in that bizarre C:\inetpub folder. Comes with a PoC that seems legit:

https://cyberdom.blog/abusing-the-windows-update-stack-to-gain-system-access-cve-2025-21204/

I did some digging this evening into a few of the things that have emerged to fill the #CVE gap. It was much less inspiring than I had hoped it would be

https://opensourcesecurity.io/2025/04-can-we-trust-cve/

#CVE fallout: The splintering of the standard #vulnerability tracking system has begun
Earlier this week, CVE program faced doom as the #US #government discontinued funding for #MITRE, the non-profit that operates the program. Uncle Sam U-turned at the very last minute.
Meanwhile, the #EU is rolling its own. #EuropeanUnion Agency for #Cybersecurity (#ENISA) developed and maintains this alternative, which is known as the #EUVD, or the European Union Vulnerability Database.
https://www.theregister.com/2025/04/18/splintering_cve_bug_tracking/

CISA extends funding to ensure 'no lapse in critical CVE services' | @BleepingComputer

"The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."

https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/

Pensez à mettre vos machines à jour si jamais ^^
*reboot dans son coin*
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0333/
#debian #ubuntu #cve #security