BCP-04 Draft Preparation - Work-group session 25/08/2025 - Luxembourg

- 128 bytes including the prefix recommendation.
- ID format (7-bit character sets versus UTF).
- Assignment and allocation for same vulnerabilities.

#gcve #cve #opensource #cybersecurity

Thanks to for the feedback

@claushoumann @cedric
@adulau
@todb

🔗 https://discourse.ossbase.org/t/gcve-bcp-04-drafting-recommendations-and-best-practices-for-id-allocation/119/2

GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111011111010111111001000000000000000000000000000000000000000000000000000000001

"Insertion of Sensitive Information into Externally-Accessible File or Directory" in [HL-L8260CDN](https://vulnerability.circl.lu/search?vendor=Brother+Industries,+Ltd&product=HL-L8260CDN)

first GCVE advisory published by @AustinHackers

CVE-2025-8452

#vulnerability #gcve

GCVE-1-2025-0003 - "Incorrect ACL for user settings edit, which previously allowed enumeration of usernames." in Cerebrate software.

#vulnerability #gcve #cerebrate

You can now use Sightings in Vulnerability-Lookup to uncover unpublished security advisories.

This feature aggregates early signals from multiple sources — websites, news feeds, social networks, the MISP Project (@misp), Nuclei templates, our community, and more.

Detect threats before they’re officially disclosed!

- https://vulnerability.circl.lu
- https://www.vulnerability-lookup.org/user-manual/sightings
- https://github.com/vulnerability-lookup/vulnerability-lookup

#vulnerability #cve #gcve #sightings #cybersecurity

So @gcve brings a lot of interesting new aspects to cybersecurity! https://opensourcesecurity.io/2025/2025-08-gcve-cedric-alex/ -> are you a security researcher and you don't agree with the vendors assessment of the vuln you found and CVD'd -> you fork their disclosure and add your own meta data.

#GCVE

I learned an incredible about from this chat I had with @adulau and @cedric about @gcve

I'm still working through all the details, but I'm starting to suspect #GCVE solved many of the problems with vulnerability data I've been complaining about for a very long time

If you do anything with vulnerabilities this one is worth a listen

https://opensourcesecurity.io/2025/2025-08-gcve-cedric-alex/

In the scope of GCVE and @circl we couldn't find a practical, publicly available, and accessible document that outlines best practices for vulnerability handling and disclosure.

So we created a new one, released under an open-source license, to which everyone can freely contribute.

PDF: https://gcve.eu/files/bcp/gcve-bcp-02.pdf
HTML: https://gcve.eu/bcp/gcve-bcp-02/
Contributing: https://github.com/gcve-eu/gcve.eu/blob/main/content/bcp/gcve-bcp-02.md

#cve #gcve #vulnerabilitymanagement #cybersecurity #vulnerability #cvd

GCVE.eu initiative - introduction and how to become a GNA. Video published.

#gcve #vulnerabilitymanagement #vulnerability #cve #cybersecurity

📽️ https://www.youtube.com/watch?v=Va3almPab1M

I’ll do an online session about GCVE in 30 minutes. If you want to join, all details are below.

#gcve #vulnerability #vulnerabilitymanagement

https://infosec.exchange/@gcve@social.circl.lu/114873102367912236

Don't forget to join us today online at 14:00 (Luxembourg local time) for "GCVE.eu initiative - introduction and how to become a GNA" part of the @circl Virtual Summer School (VSS) 2025
Details available at: https://circl.lu/pub/vss-2025/

#cve #gcve #gna #vulnerabilitymanagement #vulnerability