CERT@VDE11m ago

#OT #Advisory VDE-2025-007
WAGO: Year 2038 problem

The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.
#CVE CVE-2025-0101

https://certvde.com/en/advisories/VDE-2025-007

#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-007.json

VDE-2025-007 | CERT@VDE

Advisories

CERT@VDE13m ago

#OT #Advisory VDE-2025-033
ads-tec Industrial IT: Mosquitto MQTT Client Vulnerability in ADS-TEC IRF Products

The ADS-TEC firewall products IRF1000, IRF2000, and IRF3000 include Eclipse Mosquitto, affected by multiple vulnerabilities. Exploitation requires a compromised upstream MQTT broker, limiting direct device exposure.
#CVE CVE-2024-10525, CVE-2024-8376, CVE-2024-3935

https://certvde.com/en/advisories/VDE-2025-033

#CSAF https://ads-tec-iit.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-033.json

VDE-2025-033 | CERT@VDE

Advisories

Alkaris  55m ago

The whole MITRE CVE situation is so stupid that they didn't/don't even have a backup plan should they face a shutdown like this for global cyber security reporting, they should never have lived as a U.S government-funded initiative, but instead should of lived as a non-profit NGO that is community funded by volunteers, and at the very least have a backup plan to be based in Europe or something.

As of April 16 they did put out an immediate press release notice about securing the future of the CVE program which can be read from their page.

https://www.thecvefoundation.org

#cve #security #cybersecurity

CVE Foundation

FOR IMMEDIATE RELEASE April 16, 2025 CVE Foundation Launched to Secure the Future of the CVE Program [Bremerton, Washington] – The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a

Show threadRobert1h ago

Update:
MITRE betreibt uzmindest noch eine Weile die CVE-Datenbank weiter.
Aber das dies natürlich etwas unsicher ist, gehen nun die Bemühungen der ENISA vorran: https://euvd.enisa.europa.eu/

https://www.heise.de/news/Nach-drohendem-CVE-Aus-Schwachstellendatenbank-der-EU-geht-an-den-Start-10354324.html

#CVE #Heise

Vulnerability Database

Web site created using create-react-app

Daniel M.2h ago

#Russland, #China und #Nordkorea wird's freuen! 🤷

"Die Finanzierung des Common Vulnerabilities and Exposures (#CVE)-Programms durch das US-Heimatschutzministerium lief am 16. April 2025 aus. Bisher ist noch keine Vertragsverlängerung mit der zuständigen Organisation Mitre bekannt. Die Erfassung neuer Sicherheitslücken droht jetzt zu enden."

#Cybersecurity

https://www.security-insider.de/us-heimatschutzministerium-cve-programm-finanzierung-ausgelaufen-a-0e6b11b55b78f639e707a1c934e23b52

Das CVE-Programm steht vor dem Aus

Die Finanzierung des Common Vulnerabilities and Exposures (CVE)-Programms durch das US-Heimatschutzministerium lief am 16. April 2025 aus. Bisher ist noch keine Vertragsverlängerung mit der zuständigen Organisation Mitre bekannt. Die Erfassung neuer Sicherheitslücken droht jetzt zu enden.

Security-Insider
Joachim Arrasz2h ago

So from today on we use this now? #cve #euvd

https://euvd.enisa.europa.eu/

Thx to my colleague Sven for the hint!

Vulnerability Database

Web site created using create-react-app

Nicolas Borboën2h ago

The European Union Agency for Cybersecurity (ENISA) launched the European Union Vulnerability Database (EUVD) website https://euvd.enisa.europa.eu/

#ENISA #EUVD #CVE #Security #Europe #EuropeanAlternatives

Vulnerability Database

Web site created using create-react-app

Daily-CVE4h ago
CVE-2025-43715 - NSIS Local Privilege Escalation Vulnerability April 17, 2025 at 03:15AM https://ift.tt/7a2SkRe #CVE #IOC #CTI #ThreatIntelligence #ThreatIntel #Cybersecurity #Recon
CVE-2025-43715 - NSIS Local Privilege Escalation Vulnerability

Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always …

cvefeed.io
Jennifer Morency 7h ago
CISA extends funding to ensure 'no lapse in critical CVE services' https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/ "Before CISA's announcement, a group of CVE Board members announced the launch of the CVE Foundation, a non-profit organization established to secure the CVE program's independence in light of MITRE's warning that the U.S. government might not renew its contract for managing the program." #CISA #CVE #infosec
CISA extends funding to ensure 'no lapse in critical CVE services'

CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.

BleepingComputer
ZeroDaily7h ago

🚨 CISA Extends Emergency Funding, New CVE Foundation Announced 🔐

CISA extended funding for the MITRE-managed CVE Program, avoiding a lapse. The CVE Board launched the nonprofit CVE Foundation to ensure long-term continuity. Future funding uncertain.

More details: https://www.zerodaily.me/blog/2025-04-16-cve-program-funding-crisis

#CyberSecurity #CVE #FundingCrisis #ZeroDaily

CVE Program Faces Funding Crisis: Critical Cybersecurity Infrastructure at Risk

The Common Vulnerabilities and Exposures (CVE) program faces a potential funding crisis that could disrupt its critical operations. We explore the implications and what needs to happen next.

ZeroDaily - Cybersecurity News