From 7cf51a8417ff84f09d14547b873443f053af9dee Mon Sep 17 00:00:00 2001 From: Robert Roberge Date: Thu, 3 Apr 2025 09:58:12 -0400 Subject: [PATCH 1/2] #3520 Remove maintenance alert banner message (#3521) --- src/assets/data/NotificationBanner.json | 26 ------------------------- 1 file changed, 26 deletions(-) diff --git a/src/assets/data/NotificationBanner.json b/src/assets/data/NotificationBanner.json index 7de424ba..5740c565 100644 --- a/src/assets/data/NotificationBanner.json +++ b/src/assets/data/NotificationBanner.json @@ -19,32 +19,6 @@ { "contentType": "paragraph", "content": "." - }, - { - "contentType": "paragraph", - "content": "

" - }, - { - "contentType": "paragraph", - "content": "NOTICE —" - }, - - { - "contentType": "paragraph", - "content": "Due to routine maintenance, the " - }, - { - "contentType": "internalLink", - "link": "/", - "linkText": "CVE List on the CVE.ORG website" - }, - { - "contentType": "paragraph", - "content": "will be unavailable on April 2, 2025 between 1:00 PM and 5:00 PM EDT. As a result, searching CVE IDs and CVE Records on the CVE.ORG website will be unavailable during this time. We apologize for the inconvenience and thank you for your understanding." - }, - { - "contentType": "paragraph", - "content": "

" } ] } \ No newline at end of file From e2cfbcef6bb8b41659bd3791e9d730e7c95b2996 Mon Sep 17 00:00:00 2001 From: Robert Roberge Date: Tue, 8 Apr 2025 11:06:50 -0400 Subject: [PATCH 2/2] 4/8/25 release branch (#3530) * #3524 Update 1 Event * #3528 Update CVE Services page * #3529 Add link to Vulnogram User Guide PDF * #3527 Add 1 new News article * #3525 CNA Enrichment Recognition List for 4/7/2025 * #3523 Add 3 new CNAs + Update 2 CNA's info * #3526 Add 1 new Blog about VulnCon 2025 * #3523 Update info of 1 additional CNA * SEO: change canonical link to "www.cve.org"; remove disallows from robots.txt --------- Co-authored-by: Roy Lane --- index.html | 2 +- public/robots.txt | 8 +- src/assets/data/CNAsList.json | 184 +++++++++++++++++- src/assets/data/events.json | 2 +- src/assets/data/metrics.json | 2 +- src/assets/data/news.json | 177 ++++++++++++++++- src/views/About/Metrics.vue | 21 +- .../ReserveIDsPublishRecordsForCNAs.vue | 12 +- .../AllResources/CveServices.vue | 4 +- 9 files changed, 375 insertions(+), 37 deletions(-) diff --git a/index.html b/index.html index 36cf74b8..a81f271a 100644 --- a/index.html +++ b/index.html @@ -5,7 +5,7 @@ - + diff --git a/public/robots.txt b/public/robots.txt index 589f8fd7..eb053628 100644 --- a/public/robots.txt +++ b/public/robots.txt @@ -1,8 +1,2 @@ User-agent: * -Disallow: /*.pdf$ -Disallow: /*.jpg$ -Disallow: /*.png$ -Disallow: /*.svg$ -Disallow: /*.css$ -Disallow: /images/ -Disallow: /Resources/ +Disallow: diff --git a/src/assets/data/CNAsList.json b/src/assets/data/CNAsList.json index f5cf64ec..29932e70 100644 --- a/src/assets/data/CNAsList.json +++ b/src/assets/data/CNAsList.json @@ -1826,7 +1826,7 @@ "advisories": [ { "label": "Advisories", - "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice" + "url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/trustworthy" } ] }, @@ -3598,7 +3598,7 @@ "email": [ { "label": "Email", - "emailAddr": "psirt@hcl.com" + "emailAddr": "psirt@hcl-software.com" } ], "contact": [], @@ -3609,7 +3609,7 @@ { "label": "Policy", "language": "", - "url": "https://www.hcltech.com/software/psirt/hcl-software-vulnerability-disclosure-policy" + "url": "https://www.hcl-software.com/resources/psirt" } ], "securityAdvisories": { @@ -3617,7 +3617,7 @@ "advisories": [ { "label": "Advisories", - "url": "https://hclpnpsupport.hcltech.com/csm?id=search&spa=1&t=kb&q=Security%20Bulletin" + "url": "https://support.hcl-software.com/community?id=community_forum&sys_id=038a2b921b7bb34c77761fc58d4bcb0d" } ] }, @@ -20348,7 +20348,7 @@ { "label": "Policy", "language": "", - "url": "https://help.sonatype.com/repomanager3/product-information/repository-security-vulnerabilities" + "url": "https://help.sonatype.com/en/responsible-disclosure.html" } ], "securityAdvisories": { @@ -25715,5 +25715,179 @@ ] }, "country": "USA" + }, + { + "shortName": "TQtC", + "cnaID": "CNA-2025-0016", + "organizationName": "The Qt Company", + "scope": "All supported The Qt Company products.", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "security@qt.io" + } + ], + "contact": [], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://www.qt.io/terms-conditions/responsible-vulnerability-disclosure-process" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://wiki.qt.io/List_of_known_vulnerabilities_in_Qt_products" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "n/a", + "organizationName": "n/a" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "mitre", + "organizationName": "MITRE Corporation" + }, + "type": [ + "Vendor" + ] + }, + "country": "Finland" + }, + { + "shortName": "TPLink", + "cnaID": "CNA-2025-0017", + "organizationName": "TP-Link Systems Inc.", + "scope": "TP-Link issues only.", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "security@tp-link.com" + } + ], + "contact": [ + { + "label": "Report a Vulnerability", + "url": "https://www.tp-link.com/us/press/security-advisory/" + } + ], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://www.tp-link.com/us/press/security-advisory/" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://www.tp-link.com/us/press/security-advisory/" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "n/a", + "organizationName": "n/a" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "mitre", + "organizationName": "MITRE Corporation" + }, + "type": [ + "Vendor", + "Hosted Service" + ] + }, + "country": "USA" + }, + { + "shortName": "SDC", + "cnaID": "CNA-2025-0018", + "organizationName": "Sandisk", + "scope": "Sandisk products listed at https://shop.sandisk.com/product-portfolio only.", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "psirt@sandisk.com" + } + ], + "contact": [], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://shop.sandisk.com/support/product-security/vulnerability-disclosure-policy" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://shop.sandisk.com/support/product-security" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "n/a", + "organizationName": "n/a" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "mitre", + "organizationName": "MITRE Corporation" + }, + "type": [ + "Vendor" + ] + }, + "country": "USA" } ] \ No newline at end of file diff --git a/src/assets/data/events.json b/src/assets/data/events.json index fc073e7c..22d39318 100644 --- a/src/assets/data/events.json +++ b/src/assets/data/events.json @@ -34,7 +34,7 @@ "displayOnHomepageOrder": 1, "title": "CVE/FIRST VulnCon 2025", "location": "Raleigh, North Carolina, USA & Virtual", - "description": "VulnCon 2025 is co-sponsored by the CVE Program and FIRST and is open to the public.

SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs):
VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.

Agenda:
Available here.

Registration:
Virtual registration available until April 4, 2025. Details here.
  • Virtual Admission: US $100.00 (until April 4, 2025)
  • In-person Standard Admission (closed): US $300.00
  • In-person Late Rate Admission (closed): US $375.00
Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.

An offsite social event is planned for Tuesday, April 8, from 19:00-21:00 in downtown Raleigh. Location to be announced in January. You may purchase a ticket during your main registration or access a separate purchase form link found in your registration email confirmation. Tickets are US $30.00 per person.

Program Overview:
* Day 1: Monday, April 7 — Plenary, Vendor Tables, Welcome Reception
* Day 2: Tuesday, April 8 — Plenary, Vendor Tables, Off-site Social Event
* Day 3: Wednesday, April 9 — Plenary, Breakouts, Vendor Tables
* Day 4: Thursday, April 10 — Plenary, Breakouts, Vendor Tables

Venue:
McKimmon Center,
North Carolina State University,
1101 Gorman St.,
Raleigh, North Carolina 27606
USA

Call for Papers:
Closed on January 31, 2025. Details here.

Purpose:
The purpose of VulnCon is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.

A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.", + "description": "VulnCon 2025 is co-sponsored by the CVE Program and FIRST and is open to the public.

SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs):
VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.

Agenda:
Available here.

Program Overview:
* Day 1: Monday, April 7 — Plenary, Vendor Tables, Welcome Reception
* Day 2: Tuesday, April 8 — Plenary, Vendor Tables, Off-site Social Event
* Day 3: Wednesday, April 9 — Plenary, Breakouts, Vendor Tables
* Day 4: Thursday, April 10 — Plenary, Breakouts, Vendor Tables

Venue:
McKimmon Center,
North Carolina State University,
1101 Gorman St.,
Raleigh, North Carolina 27606
USA

Registration:
Registration is now closed. Details here.
  • Virtual Admission: US $100.00 (closed)
  • In-person Standard Admission (closed): US $300.00
  • In-person Late Rate Admission (closed): US $375.00
Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.

An offsite social event is planned for Tuesday, April 8, from 19:00-21:00 in downtown Raleigh. You may purchase a ticket during your main registration or access a separate purchase form link found in your registration email confirmation. Tickets are US $30.00 per person.

Call for Papers:
Closed on January 31, 2025. Details here.

Purpose:
The purpose of VulnCon is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.

A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.", "permission": "public", "url": "https://www.first.org/conference/vulncon2025/", "date": { diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json index ce346914..44794648 100644 --- a/src/assets/data/metrics.json +++ b/src/assets/data/metrics.json @@ -1141,7 +1141,7 @@ }, { "month": "April", - "value": "TBA" + "value": "3" }, { "month": "May", diff --git a/src/assets/data/news.json b/src/assets/data/news.json index a6e7059c..c78b4fc2 100644 --- a/src/assets/data/news.json +++ b/src/assets/data/news.json @@ -1,8 +1,180 @@ { "currentNews": [ + { + "id": 509, + "newsType": "blog", + "title": "Happening This Week: CVE/FIRST VulnCon 2025, April 7–10, 2025", + "urlKeywords": "Happening This Week VulnCon 2025", + "date": "2025-04-08", + "author": { + "name": "CVE Program", + "organization": { + "name": "CVE Program", + "url": "" + }, + "title": "", + "bio": "" + }, + "description": [ + { + "contentnewsType": "image", + "imageWidth": "", + "href": "/news/VulnCon2025.png", + "altText": "CVE/FIRST VulnCon 2025, April 7-10, 2025", + "captionText": "Click here to see the “VulnCon 2025” program agenda for all four days." + }, + { + "contentnewsType": "paragraph", + "content": "The CVE Program and FIRST are co-hosting VulnCon 2025 this week at the McKimmon Center in Raleigh, North Carolina, USA, April 7–10, 2025." + }, + { + "contentnewsType": "paragraph", + "content": "

Agenda

" + }, + { + "contentnewsType": "paragraph", + "content": "The full agenda is available now on this conference web page or view the schedule by day. Virtual attendees should check your email for session links and other details." + }, + { + "contentnewsType": "paragraph", + "content": "Monday, April 7View day 1 schedule
Tuesday, April 8View day 2 schedule
Wednesday, April 9View day 3 schedule
Thursday, April 10View day 4 schedule" + }, + { + "contentnewsType": "paragraph", + "content": "

Venue

" + }, + { + "contentnewsType": "paragraph", + "content": "McKimmon Center
North Carolina State University
1101 Gorman St.
Raleigh, North Carolina 27606
USA" + }, + { + "contentnewsType": "paragraph", + "content": "

Learn More About VulnCon 2025

" + }, + { + "contentnewsType": "paragraph", + "content": "The purpose of the VulnCon — which is open to the public — is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem. A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly." + }, + { + "contentnewsType": "paragraph", + "content": "For the most up-to-date information, visit the CVE/FIRST VulnCon 2025 conference page hosted on the FIRST website." + } + ] + }, + { + "id": 508, + "newsType": "news", + "title": "Sandisk Added as CVE Numbering Authority (CNA)", + "urlKeywords": "Sandisk Added as CNA", + "date": "2025-04-08", + "description": [ + { + "contentnewsType": "paragraph", + "content": "Sandisk is now a CVE Numbering Authority (CNA) for Sandisk products listed at https://shop.sandisk.com/product-portfolio only." + }, + { + "contentnewsType": "paragraph", + "content": "To date, 450 CNAs (447 CNAs and 3 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Sandisk is the 242nd CNA from USA." + }, + { + "contentnewsType": "paragraph", + "content": "Sandisk’s Root is the MITRE Top-Level Root." + } + ] + }, + { + "id": 507, + "newsType": "news", + "title": "TP-Link Added as CVE Numbering Authority (CNA)", + "urlKeywords": "TP-Link Added as CNA", + "date": "2025-04-08", + "description": [ + { + "contentnewsType": "paragraph", + "content": "TP-Link Systems Inc. is now a CVE Numbering Authority (CNA) for TP-Link issues only." + }, + { + "contentnewsType": "paragraph", + "content": "To date, 449 CNAs (446 CNAs and 3 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. TP-Link is the 241st CNA from USA." + }, + { + "contentnewsType": "paragraph", + "content": "TP-Link’s Root is the MITRE Top-Level Root." + } + ] + }, + { + "id": 506, + "newsType": "news", + "title": "The Qt Company Added as CVE Numbering Authority (CNA)", + "urlKeywords": "The Qt Company Added as CNA", + "date": "2025-04-08", + "description": [ + { + "contentnewsType": "paragraph", + "content": "The Qt Company is now a CVE Numbering Authority (CNA) for all supported The Qt Company products." + }, + { + "contentnewsType": "paragraph", + "content": "To date, 448 CNAs (445 CNAs and 3 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. The Qt Company is the 5th CNA from Finland." + }, + { + "contentnewsType": "paragraph", + "content": "The Qt Company’s Root is the MITRE Top-Level Root." + } + ] + }, + { + "id": 505, + "newsType": "blog", + "title": "Vulnerability Data Enrichment for CVE Records: 249 CNAs on the Enrichment Recognition List for April 7, 2025", + "urlKeywords": "CNA Enrichment Recognition List Update", + "date": "2025-04-08", + "author": { + "name": "CVE Program", + "organization": { + "name": "CVE Program", + "url": "" + }, + "title": "", + "bio": "" + }, + "description": [ + { + "contentnewsType": "image", + "imageWidth": "", + "href": "/news/CnaEnrichmentRecognitionList.png", + "altText": "Increasing the Value of the CVE Record - CNA Enrichment Recognition List" + }, + { + "contentnewsType": "paragraph", + "content": "The “CNA Enrichment Recognition List” for April 7, 2025, is now available with 249 CNAs listed. Published every two weeks on the CVE website, the list recognizes those CVE Numbering Authorities (CNAs) that are actively providing enhanced vulnerability data in their CVE Records. CNAs are added to the list if they provide Common Vulnerability Scoring System (CVSS) and Common Weakness Enumeration (CWE™) information 98% of the time or more within the two-week period of their last published CVE Record." + }, + { + "contentnewsType": "paragraph", + "content": "For more about the recognition list, see “Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records.” To learn more about vulnerability information types like CVSS and CWE, see the CVE Record User Guide. View the most current CNA Enrichment Recognition List on the CVE website Metrics page here." + }, + { + "contentnewsType": "paragraph", + "content": "CNA Enrichment Recognition List for April 7, 2025, with 249 CNAs listed:
  • 1E Limited
  • 9front Systems
  • Absolute Software
  • Acronis International GmbH
  • Adobe Systems Incorporated
  • Advanced Micro Devices Inc.
  • Alias Robotics S.L.
  • Amazon
  • AMI
  • ARC Informatique
  • Arista Networks, Inc.
  • Asea Brown Boveri Ltd.
  • ASR Microelectronics Co., Ltd.
  • ASUSTeK Computer Incorporation
  • ATISoluciones Diseño de Sistemas Electrónicos, S.L.
  • Austin Hackers Anonymous
  • Autodesk
  • Automotive Security Research Group (ASRG)
  • Avaya Inc.
  • Axis Communications AB
  • Baicells Technologies Co., Ltd.
  • Baxter Healthcare
  • Beckman Coulter Life Sciences
  • Becton, Dickinson and Company (BD)
  • BeyondTrust Inc.
  • Bitdefender
  • Bizerba SE & Co. KG
  • Black Duck Software, Inc.
  • Black Lantern Security
  • BlackBerry
  • Brocade Communications Systems LLC, a Broadcom Company
  • Canon EMEA
  • Canon Inc.
  • Canonical Ltd.
  • Carrier Global Corporation
  • Cato Networks
  • CERT.PL
  • CERT@VDE
  • Check Point Software Technologies Ltd.
  • Checkmarx
  • Checkmk GmbH
  • cirosec GmbH
  • Cisco Systems, Inc.
  • ClickHouse, Inc.
  • Cloudflare, Inc.
  • Concrete CMS
  • Crafter CMS
  • CrowdStrike Holdings, Inc.
  • CyberArk Labs
  • CyberDanube
  • Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
  • Dassault Systèmes
  • Delinea, Inc.
  • Dell EMC
  • Delta Electronics, Inc.
  • Dfinity Foundation
  • DirectCyber
  • Docker Inc.
  • dotCMS LLC
  • Dragos, Inc.
  • Dutch Institute for Vulnerability Disclosure (DIVD)
  • Eaton
  • Eclipse Foundation
  • Elastic
  • EnterpriseDB Corporation
  • Environmental Systems Research Institute, Inc. (Esri)
  • Ericsson
  • ESET, spol. s r.o.
  • EU Agency for Cybersecurity (ENISA)
  • Exodus Intelligence
  • F5 Networks
  • Fedora Project (Infrastructure Software)
  • Fluid Attacks
  • Forcepoint
  • Forescout Technologies
  • Fortinet, Inc.
  • Fortra, LLC
  • FPT SOFTWARE CO., LTD
  • Gallagher Group Ltd
  • GE Healthcare
  • Genetec Inc.
  • Gitea Limited
  • GitHub (maintainer security advisories)
  • GitHub Inc, (Products Only)
  • GitLab Inc.
  • Glyph & Cog, LLC
  • Google LLC
  • Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
  • Grafana Labs
  • Gridware Cybersecurity
  • Hanwha Vision Co., Ltd.
  • HashiCorp Inc.
  • HCL Software
  • HeroDevs
  • HiddenLayer, Inc.
  • Hillstone Networks Inc.
  • Hitachi Vantara
  • Hitachi, Ltd.
  • Honeywell International Inc.
  • HP Inc.
  • Huawei Technologies
  • HYPR Corp
  • IBM Corporation
  • ICS-CERT
  • Indian Computer Emergency Response Team (CERT-In)
  • Intel Corporation
  • Internet Systems Consortium (ISC)
  • Israel National Cyber Directorate
  • Ivanti
  • Jamf
  • JetBrains s.r.o.
  • JFROG
  • Johnson Controls
  • JPCERT/CC
  • Juniper Networks, Inc.
  • Kaspersky
  • KrCERT/CC
  • Kubernetes
  • Lenovo Group Ltd.
  • Lexmark International Inc.
  • LG Electronics
  • Liferay, Inc.
  • Logitech
  • M-Files Corporation
  • Mattermost, Inc
  • Mautic
  • Microchip Technology
  • Microsoft Corporation
  • Milestone Systems A/S
  • Mitsubishi Electric Corporation
  • MongoDB
  • Moxa Inc.
  • N-able
  • National Cyber Security Centre - Netherlands (NCSC-NL)
  • National Cyber Security Centre Finland
  • National Cyber Security Centre SK-CERT
  • National Instruments
  • NetApp, Inc.
  • Netflix, Inc.
  • Netskope
  • NLnet Labs
  • NortonLifeLock Inc
  • Nozomi Networks Inc.
  • Nvidia Corporation
  • Odoo
  • Okta
  • OMRON Corporation
  • ONEKEY GmbH
  • Open Design Alliance
  • Open-Xchange
  • OpenAnolis
  • openEuler
  • OpenHarmony
  • OpenText (formerly Micro Focus)
  • OPPO
  • OTRS AG
  • Palantir Technologies
  • Palo Alto Networks
  • Panasonic Holdings Corporation
  • Pandora FMS
  • PaperCut Software Pty Ltd
  • Patchstack OÜ
  • Pegasystems
  • Pentraze Cybersecurity
  • Perforce
  • Phoenix Technologies, Inc.
  • Ping Identity Corporation
  • PlexTrac, Inc.
  • Progress Software Corporation
  • Proofpoint Inc.
  • Protect AI
  • Pure Storage, Inc.
  • QNAP Systems, Inc.
  • Qualcomm, Inc.
  • rami.io GmbH
  • Rapid7, Inc.
  • Real-Time Innovations, Inc.
  • Red Hat CNA-LR
  • Red Hat, Inc.
  • Robert Bosch GmbH
  • Roche Diagnostics
  • SailPoint Technologies
  • Samsung TV & Appliance
  • SAP SE
  • SBA Research gGmbH
  • Schneider Electric SE
  • Seal Security
  • SEC Consult Vulnerability Lab
  • Secomea
  • Securin
  • ServiceNow
  • SHENZHEN CoolKit Technology CO., LTD.
  • SICK AG
  • Siemens
  • Silicon Labs
  • Snow Software
  • Snyk
  • SoftIron
  • SolarWinds
  • Sonatype Inc.
  • Sophos
  • Spanish National Cybersecurity Institute, S.A.
  • Splunk
  • STAR Labs SG Pte. Ltd.
  • Super Micro Computer, Inc.
  • Suse
  • Switzerland National Cyber Security Centre (NCSC)
  • Synaptics
  • Synology Inc.
  • Talos
  • TeamViewer Germany GmbH
  • Teltonika Networks
  • Temporal Technologies Inc.
  • Tenable Network Security, Inc.
  • Thales Group
  • The Document Foundation
  • The Tcpdump Group
  • TianoCore.org
  • Tigera
  • Toshiba Corporation
  • TR-CERT (Computer Emergency Response Team of the Republic of Turkey)
  • Trellix
  • TWCERT/CC
  • TXOne Networks, Inc.
  • upKeeper Solutions
  • Vivo Mobile Communication Technology Co., LTD.
  • VulDB
  • VulnCheck
  • VULSec Labs
  • WatchGuard Technologies, Inc.
  • Western Digital
  • Wind River Systems Inc.
  • Wiz, Inc.
  • Wordfence
  • WSO2 LLC
  • Xerox Corporation
  • Xiaomi Technology Co Ltd
  • Yandex N.V.
  • Yokogawa Group
  • Yugabyte, Inc.
  • Zabbix
  • Zephyr Project
  • Zero Day Initiative
  • Zohocorp
  • Zoom Video Communications, Inc.
  • Zscaler, Inc.
  • ZTE Corporation
  • ZUSO Advanced Research Team (ZUSO ART)
  • Zyxel Corporation
" + } + ] + }, + { + "id": 504, + "newsType": "news", + "title": "Thank You for Participating in Our “CVE Data Usage and Satisfaction Survey”", + "urlKeywords": "Data Usage and Satisfaction Survey Thank You", + "date": "2025-04-08", + "description": [ + { + "contentnewsType": "paragraph", + "content": "The CVE Program sincerely thanks everyone who responded to our “CVE Data Usage and Satisfaction Survey” that opened on March 4, 2025, and closed on April 4, 2025. Your feedback will play a crucial role in enhancing the CVE Program and its service offerings." + } + ] + }, { "id": 503, - "displayOnHomepageOrder": 1, "newsType": "blog", "title": "LAST CHANCE — Virtual Registration for CVE/FIRST VulnCon 2025 Closes April 4", "urlKeywords": "VulnCon 2025 Registration Closes April 4", @@ -72,7 +244,6 @@ }, { "id": 502, - "displayOnHomepageOrder": 2, "newsType": "blog", "title": "FINAL REMINDER — Please Complete Our “CVE Data Usage and Satisfaction Survey” by April 4", "urlKeywords": "CVE Data Usage Satisfaction Survey Final Reminder", @@ -120,7 +291,6 @@ }, { "id": 500, - "displayOnHomepageOrder": 4, "newsType": "news", "title": "Digi Added as CVE Numbering Authority (CNA)", "urlKeywords": "Digi Added as CNA", @@ -142,7 +312,6 @@ }, { "id": 499, - "displayOnHomepageOrder": 3, "newsType": "blog", "title": "Vulnerability Data Enrichment for CVE Records: 250 CNAs on the Enrichment Recognition List for March 25, 2025", "urlKeywords": "CNA Enrichment Recognition List Update", diff --git a/src/views/About/Metrics.vue b/src/views/About/Metrics.vue index e3750fe5..43867491 100644 --- a/src/views/About/Metrics.vue +++ b/src/views/About/Metrics.vue @@ -295,8 +295,8 @@

CNA Enrichment Recognition List

-

Last Updated:
- Total CNAs: 250

+

Last Updated:
+ Total CNAs: 249

  • 1E Limited
    • @@ -308,13 +308,13 @@
  • Alias Robotics S.L.
  • Amazon
  • AMI
    • -
  • AppCheck Ltd.
  • ARC Informatique
  • Arista Networks, Inc.
  • Asea Brown Boveri Ltd.
  • ASR Microelectronics Co., Ltd.
  • ASUSTeK Computer Incorporation
  • ATISoluciones Diseño de Sistemas Electrónicos, S.L.
    • +
  • Austin Hackers Anonymous
  • Autodesk
  • Automotive Security Research Group (ASRG)
  • Avaya Inc.
    • @@ -325,6 +325,7 @@
  • Becton, Dickinson and Company (BD)
  • BeyondTrust Inc.
  • Bitdefender
    • +
  • Bizerba SE & Co. KG
  • Black Duck Software, Inc.
  • Black Lantern Security
  • BlackBerry
    • @@ -373,9 +374,9 @@
  • Fluid Attacks
  • Forcepoint
  • Forescout Technologies
    • -
  • ForgeRock, Inc.
  • Fortinet, Inc.
  • Fortra, LLC
    • +
  • FPT SOFTWARE CO., LTD
  • Gallagher Group Ltd
  • GE Healthcare
  • Genetec Inc.
    • @@ -390,10 +391,10 @@
  • Gridware Cybersecurity
  • Hanwha Vision Co., Ltd.
  • HashiCorp Inc.
    • +
  • HCL Software
  • HeroDevs
  • HiddenLayer, Inc.
  • Hillstone Networks Inc.
    • -
  • Hitachi Energy
  • Hitachi Vantara
  • Hitachi, Ltd.
  • Honeywell International Inc.
    • @@ -414,7 +415,6 @@
  • JPCERT/CC
  • Juniper Networks, Inc.
  • Kaspersky
    • -
  • KNIME AG
  • KrCERT/CC
  • Kubernetes
  • Lenovo Group Ltd.
    • @@ -461,15 +461,12 @@
  • Pandora FMS
  • PaperCut Software Pty Ltd
  • Patchstack OÜ
    • -
  • Payara
  • Pegasystems
  • Pentraze Cybersecurity
  • Perforce
  • Phoenix Technologies, Inc.
    • -
  • PHP Group
  • Ping Identity Corporation
  • PlexTrac, Inc.
    • -
  • PostgreSQL
  • Progress Software Corporation
  • Proofpoint Inc.
  • Protect AI
    • @@ -479,16 +476,17 @@
  • rami.io GmbH
  • Rapid7, Inc.
  • Real-Time Innovations, Inc.
    • +
  • Red Hat CNA-LR
  • Red Hat, Inc.
  • Robert Bosch GmbH
  • Roche Diagnostics
    • -
  • Rockwell Automation
  • SailPoint Technologies
  • Samsung TV & Appliance
  • SAP SE
  • SBA Research gGmbH
  • Schneider Electric SE
    • -
  • Schweitzer Engineering Laboratories, Inc.
    • +
  • Seal Security
    • +
  • SEC Consult Vulnerability Lab
  • Secomea
  • Securin
  • ServiceNow
    • @@ -541,6 +539,7 @@
  • Yandex N.V.
  • Yokogawa Group
  • Yugabyte, Inc.
    • +
  • Zabbix
  • Zephyr Project
  • Zero Day Initiative
  • Zohocorp
    • diff --git a/src/views/ReportRequest/ReserveIDsPublishRecordsForCNAs.vue b/src/views/ReportRequest/ReserveIDsPublishRecordsForCNAs.vue index 8a879ddd..f57f54df 100644 --- a/src/views/ReportRequest/ReserveIDsPublishRecordsForCNAs.vue +++ b/src/views/ReportRequest/ReserveIDsPublishRecordsForCNAs.vue @@ -29,9 +29,8 @@ —Use Vulnogram - (watch videos: - - demo #1 + ( + video demo #1 - ) + | + + user guide pdf + ) to:
    • Reserve 1, 5, or 10 CVE IDs
      • diff --git a/src/views/ResourcesSupport/AllResources/CveServices.vue b/src/views/ResourcesSupport/AllResources/CveServices.vue index 0c4d39e2..aa0bbde9 100644 --- a/src/views/ResourcesSupport/AllResources/CveServices.vue +++ b/src/views/ResourcesSupport/AllResources/CveServices.vue @@ -51,8 +51,8 @@ (view release notes)
    • - CVE Services 2.5.2 - (view release notes) + CVE Services 2.5.3 + (view release notes)