The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.

This release of Vulnerability-Lookup includes new features, better monitoring, improvements and fixes.

What's New

Centralized monitoring service

This feature adds log and process heartbeat reporting to a Valkey datastore, enabling centralized monitoring of Vulnerability-Lookup’s system health and its various components.
(#106)

This new feature is essential for monitoring our expanding suite of tools used to collect vulnerability-related information.

![Feeders monitoring](https://lazysoci.al/api/v3/image_proxy?url=https%3A%2F%2Flemmy.ml%2Fapi%2Fv3%2Fimage_proxy%3Furl%3Dhttps%253A%252F%252Fwww.vulnerability-lookup.org%252Fimages%252Fnews%252F2025%252F02%252F2

cross-posted from: https://lemmy.ml/post/25836770

Just wanted to share my Pixelfed account: @[email protected]

I like so much this network. A lot of awesome artists are sharing their work there. fan of the accounts @[email protected], @[email protected], @[email protected], @[email protected], @[email protected], and so much more!

Just wanted to share my Pixelfed account: @[email protected]

I like so much this network. A lot of awesome artists are sharing their work there. fan of the accounts @[email protected], @[email protected], @[email protected], @[email protected], @[email protected], and so much more!

We're excited to share the latest features designed to make vulnerability tracking even more efficient.

🚀 What's New

🆕 Email Notifications (Product Watch List)

Stay ahead with hourly, daily, or weekly alerts for new or updated vulnerabilities affecting the vendors and products you care about. Notifications come in both HTML and plain text, with CSV attachments detailing vulnerabilities, sightings, and comments. (#101)

The notification management interface

Future releases will allow users to create notifications by specifying just a vendor, o

We are glad to announce the immediate availability of vulnerability-related observations from The Shadowserver Foundation within Vulnerability-Lookup.

This milestone wouldn’t have been possible without Piotr Kijewski. We developed a new sighting client, ShadowSight. This new client gathers vulnerability-related data directly from The Shadowserver Foundation, then reports the collected data to the Vulnerability-Lookup API as sightings.

ShadowSight leverages insights on common vulnerabilities and exploited vulnerabilities from Shadowserver’s honeypot source. Source code of ShadowSight is available:

👉 https://github.com/CIRCL/ShadowSight

Explore our sightings collected from this source:

• Exploited vulnerabilities (type: exploited):
  https://vulnerability.circl.lu/sightings/?query=honeypot%2Fexploited-vulnerabilities
• Common vulnerabilities (type: seen):
  https:/

We’re really thrilled to unveil Vulnerability-Lookup 2.4.0!

https://www.vulnerability-lookup.org/images/news/2025/2025-01-10-Vulnerability-Lookup-2.4.0.webm

This version includes new features, new importers, improvements and fixes. The key updates are highlighted below.

🔍 New Dashboard: Quickly access the top sighted vulnerabilities from the past month with a real-time, filterable interface.

📊 New Correlations Graph: Visualize relationships between sightings for deeper insights.

📥 New Importers:

• CSAF Microsoft Importer for streamlined CSAF data integration.
• FKIE NVD Importer to incorporate FKIE NVD datasets seamlessly.

📡 RSS/Atom Feeds for Sightings: Stay updated with feeds for specific CPE sightings, sorted and tailored for your needs.

👀 GitHub Gist Sighting Tool: Introducing GistSight for tracking vulnerabilities in GitHub Gists.

💡

Curious about the latest vulnerability trends, the year's first observations, or historical insights? Our enhanced home page on Vulnerability-Lookup (source code) now lets you filter and explore our growing dataset of sightings with ease. Simply pick the week you want and dive into the data.

Have ideas for improvements? Let us know! https://github.com/cve-search/vulnerability-lookup/issues

Of course you get these sightings via the API: https://vulnerability.circl.lu/api/

You can find various collected status here: https://vulnerability.circl.lu/sightings/?query=bsky.app

Amnesty International identified how Serbian authorities used Cellebrite to exploit a zero-day vulnerability (a software flaw which is not known to the original software developer and for which a software fix is not available) in Android devices to gain privileged access to an environmental activist’s phone. The vulnerability, identified in collaboration with security researchers at Google Project Zero and Threat Analysis Group, affected millions of Android devices worldwide that use the popular Qualcomm chipsets. An update fixing the security issue was released in the October 2024 Qualcomm Security Bulletin.

We’re delighted to announce the release of Vulnerability-Lookup 2.2.0, packed with enhancements, new features, and bug fixes.

What's New

• Identity:
  • Vulnerability-Lookup now has a beautiful new logo.
• New Statistics Namespace: The API now offers a dedicated namespace for statistics. Two new endpoints are currently available:
  • /api/stats/vulnerability/most_sighted
  • /api/stats/vulnerability/most_commented Both endpoints provide the option to return results in a Markdown table format. (7a2b8ed, [d95b49c](https://github.com/cve-search/vulnerability-lookup/commit/d95b49c6c421cf34a281

I am looking for active Lemmy accounts about software vulnerabilities, CVEs, etc. It could be specific to GHSA, CSAF, PySEC, GSD, Pypi or whatever.

I will use it in a software vulnerability lookup projects: https://github.com/cve-search/vulnerability-lookup/ in order to create Sightings about vulnerabilities.

(it's fine as well if you can provide me Mastodon accounts. I already follow CVE program)

thank you !

We released version 1.5.0 of the Vulnerability Lookup project! 🎉 (https://github.com/cve-search/vulnerability-lookup/)

This update brings significant new features, improvements, and fixes.

🆕 Notable Changes

We've integrated the Japan Database of Vulnerability Countermeasure Information (JVN DB), correlating security advisories from multiple sources (including NVD, GitHub, and CSAF, etc.) already available in Vulnerability Lookup.

You can now assign tags to comments directly on the website. These tags are stored in the c

Release 1.3.0 (26-07-2024)

Improvements

• Vulnerability Details Page Enhancements: We've significantly enhanced the vulnerabilities details page. It now presents more relevant information and the layout has been substantially improved for a better user experience.
• API Enhancements: Various improvements have been made to the API for better performance and functionality.
• UI Enhancements: Edition/action buttons are now hidden when not logged in (#57).
• Importer Improvements: Enhancements have been made to various importers (37d3a6d).

Fixes

• Custom Vulnerability Display Bug: Fixed an issue where custom vulnerabilities were not displayed correctly (#58).
• New Vulnerability Creation Issue: Resolved the problem where new vulnerabilities couldn't be creat

cross-posted from: https://lemmy.ml/post/18049618

Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources (NIST, GitHub, CSAF-Siemens, CSAF-CISCO, CSAF-CERT-Bund, PySec, VARIoT, etc.), independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability Lookup is also a collaborative platform where users can comment on security advisories and create bundles.

A Vulnerability Lookup instance operated by CIRCL is available at https://vulnerability.circl.lu/.

Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources (NIST, GitHub, CSAF-Siemens, CSAF-CISCO, CSAF-CERT-Bund, PySec, VARIoT, etc.), independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability Lookup is also a collaborative platform where users can comment on security advisories and create bundles.

A Vulnerability Lookup instance operated by CIRCL is available at https://vulnerability.circl.lu/.

cross-posted from: https://lemmy.ml/post/7283249

A HIDS (host-based intrusion detection system) for verifying the integrity of a system.

Features

• checks the integrity of system's files with a list of rules;
• checks the output of commands (iptables, ...);
• possibity to use RSA to sign to check the integrity of its database;
• alerts are written in the logs of the system;
• alerts can be sent via email to a list of users;
• alerts can be sent on IRC channels through the irker IRC client (which should be running as a daemon);
• verify files with Hashlookup, Pandora, MISP and YARA;
• possibility to export the database in a Bloom or a Cuckoo filter.

pyHIDS is under GPLv3 license.

Homepage: https://github.com/cedricbonhomme/pyHIDS