New AI Model for Chinese Vulnerability Severity in Vulnerability-Lookup!

We just rolled out a new NLP model that estimates the severity of CNVD vulnerabilities using only their Chinese-language descriptions—no CVSS score required.

🔍 Built on top of our Chinese MacBERT-based classifier, this model outputs one of three severity levels: 低 (Low), 中 (Medium), 高 (High)—plus a confidence score.

Why does this matter? CNVD entries often lack standardized CVSS data. With this model, we bridge that gap by using purely textual analysis to provide a severity estimate—making CNVD data far more actionable.

💡 How it works:

• Fine-tuned on our CIRCL/Vulnerability-CNVD dataset
• Served through our in-house ML-Gateway, a FastAPI-based model hub
• Integrated directly into the Vulnerability-Lookup platform
• Fully open-source and privacy-respecting (no external calls)

Our mission is simple: make vulnerability data smarter and more usable—even when structured metadata is missing.

More information about our AI datasets and models:

https://www.vulnerability-lookup.org/user-manual/ai/

At CIRCL (Computer Incident Response Center Luxembourg), we faced the challenge of evaluating vulnerabilities with only partial information often just a textual description.

To address this, we built an NLP model using the existing dataset from Vulnerability-Lookup. The entire solution has now been released, including integration into the free online service and the open-source code. With this model, you can obtain the VLAI vulnerability score even when no existing score is available, by assessing severity based solely on the description.

After a series of minor releases, the Stegano project reaches a new milestone with a great new feature.

Notable changes

Hide and reveal messages in PCM encoded .wav files. Your secrets now have a soundtrack!

The command line interface has been updated to let you use this new feature directly from your shell. It's quite convenient if you install Stegano using pipx.

Other minor changes

• Improved type annotations.
• Updated dependencies.

Stegano is a pure Python steganography library designed to make hiding messages in plain sight easy and educational. Whether you’re experimenting or building something more serious.

Check it out or contribute: https://github.com/cedricbonhomme/Stegano

Documentation: https://stegano.readthedocs.io/

Install from Pypi: https://pypi.org/project/stegano

Thank you to all contributors who helped make this happen!

We’re excited to announce the release of Vulnerability-Lookup 2.11.0 — and it comes with a major milestone for decentralized vulnerability publication!

What's New

GCVE-BCP-03 - Decentralized Publication Standard

The GCVE BCP-03 Decentralized Publication Standard has now been implemented for the first time.

This standard enables GCVE Numbering Authority (GNA) organizations to publish their vulnerability information directly—without relying on a centralized system.

As a first step, version 2.10.0 of Vulnerability-Lookup introduced support for maintaining a local copy of the GCVE registry. With the latest release, it's now possible to synchronize the list of local organizations in a Vulnerability-Lookup instance with this local GCVE registry.

This new capability provides a simple way to maintain an up-to-date list of GNA organizations in any Vulnerability-Lookup deployment.

Administrators can then choose which advisories, published by these GNA organizations, they want to import into their instance. This is possible thanks to a new feeder. (151)

Security Advisories from the Local Vulnerability-Lookup Instance (gna-65535.private.circl.lu)

[!Security Advisories from the Local Vulnerability-Lookup Instance ](https://www.vulnerability-lookup.org/images/news/2025/06/local-vl-instance.png)

This view displays advisories published on the current local instance.

Security Advisories from GNA-1 Retrieved in the Local Vulnerability-Lookup Instance (gna-65535.private.circl.lu)

[!Security Advisories from GNA-1 Retrieved in the Local Vulnerability-Lookup Instance](https://www.vulnerability-lookup.org/images/news/2025/06/remote-vl-gna-1-circl.png)

This view shows advisories retrieved from a remote GNA instance (GNA-1) using the new feeder system.

Security Advisories from GNA-1 Retrieved in the Local Vulnerability-Lookup Instance (vulnerability.circl.lu)

[!Security Advisories from GNA-1 Retrieved in the Local Vulnerability-Lookup Instance](https://www.vulnerability-lookup.org/images/news/2025/06/gna-1-vl-instance.png)

This screenshot displays the same advisory as in the previous example, but as seen on its originating instance.

Dashboard

[!Dashboard](https://www.vulnerability-lookup.org/images/news/2025/06/dashboard.png)

The dashboard where administrators manage the local GCVE registry.

Organization Management

[!Organization Management](https://www.vulnerability-lookup.org/images/news/2025/06/dashboard-organizations-pull-gna.png)

This section allows the management of both GNA and non-GNA organizations.

Editing an Organization

[!Editing an Organization](https://www.vulnerability-lookup.org/images/news/2025/06/dashboard-edit-remote-organization.png)

Editing details for a specific organization.

The distributed GCVE network

[!The distributed GCVE network](https://www.vulnerability-lookup.org/images/news/2025/06/gcve-eu-network.png)

Changes

• Added pagination in the API to the endpoint which list EMB3D objects. (a669461)
• Vendor and Product management in vulnerability-lookup (#105)
• Improvements to the view of recent vulnerabilities. The navigation menu is now automatically updated based on the list of GNAs the local instance is subscribed to.
• Various improvements to the admin dashboard.
• Various improvements to the documentation.

Fixes

• Multiple comments share same UUID (#158)
• GCVE data/feed is missing (#155)
• Dockerfile change by P-T-I (#153)
• Fixes to installation instructions by jeroenh (#154)
• doc fix by jeroenh (#156)
• Small fixes on containers by claudex (#157)
• Fixed a test in the disculosure.html template. The description of approved diclosures was never displayed. (1ec3e55)

Changelog

📂 To see the full rundown of the changes, users can visit the changelog on GitHub: https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.11.0

Feedback and Support

If you encounter issues or have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us! https://github.com/vulnerability-lookup/vulnerability-lookup/issues/

Follow us on Fediverse/Mastodon

You can follow us on Mastodon and get real time information about security advisories: https://social.circl.lu/@vulnerability_lookup/

You can now follow the Vulnerability-Lookup Discourse topic on Mastodon: @vulnerability-lookup@discourse.ossbase.org

https://discourse.ossbase.org/c/vulnerability-lookup-org/6

#Mastodon #Discourse #ActivityPub #VulnerabilityLookup

Introduction

This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.

It highlights the most frequently mentioned vulnerability for May 2025, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists, The Shadowserver Foundation, Nuclei, and more. For further details, please visit this page.

The final section focuses on exploitations observed through The Shadowserver Foundation's honeypot network.

Top 10 vulnerabilities of the month

| Vulnerability | Vendor | Product | Severity | VLAI Severity | |--------------|--------|---------|----------|-------------| | CVE-2025-31324 | SAP_SE | SAP NetWeaver (Visual Composer development server) | Critical | Critical | | CVE-2025-4427 | Ivanti | Endpoint Manager Mobile | Medium | Critical | | CVE-2025-37899 | Linux | Linux | | High | | CVE-2025-4428 | Ivanti | Endpoint Manager Mobile | High | High | | CVE-2025-32756 | Fortinet | FortiVoice | Critical | Critical | | CVE-2025-4664 | Google | Chrome | Medium | Medium | | CVE-2025-20188 | Cisco | Cisco IOS XE Software | Critical | Critical | | CVE-2017-18368 | ZyXEL | P660HN-T1A | Critical | Critical | | CVE-2015-2051 | D-Link | DIR-645 | High | Critical | | CVE-2024-38475 | Apache Software Foundation | Apache HTTP Server | Critical | Critical |

Evolution for the top 5 vulnerabilities

[!Evolution for the top 5 vulnerabilities](https://www.vulnerability-lookup.org/images/news/2025/06/sightings-evolution.png)

• CVE-2025-31324 - SAP / SAP NetWeaver (Visual Composer development server)
• CVE-2025-4427 - Ivanti / Endpoint Manager Mobile
• CVE-2025-37899 - Linux / Linux
• CVE-2025-4428 - Ivanti / Endpoint Manager Mobile
• CVE-2025-32756 - Fortinet / FortiVoice

Insights from contributors

CVE-2025-22252: Authentication Vulnerability in FortiOS, FortiProxy, and FortiSwitchManager leads to Unauthenticated Admin Access CVE-2025-22252 is a missing authentication for critical function vulnerability in devices configured to use a remote TACACS+ server for authentication configured to use ASCII authentication. It may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass, potentially resulting in complete system compromise, data theft and service disruption.

CVE-2025-30663: Additional information In its security release of 13 May 2025, Zoom addressed two vulnerabilities that could be exploited for privilege escalation: • CVE-2025-30663, a time-of-check time-of-use race condition affecting some Zoom Workplace Apps. If successfully exploited, an authenticated user could conduct an escalation of privilege via local access. • CVE-2025-30664 is an improper neutralization of special elements flaw affecting some Zoom Workplace Apps. Successful exploitation could allow an authenticated user to conduct an escalation of privilege via local access.

CVE-2025-41229: More information The vulnerabilities could be used by attackers to gain access to services and data. They can also be used to execute arbitrary commands and cause a denial of service. Confidentiality, integrity and availability are all impacted. The only solution is to upgrade immediately.

2025-27920: Additional information Microsoft discovered critical vulnerability CVE-2025-27920 affecting the messaging application Output Messenger. Microsoft additionally observed exploitation of the vulnerability since April 2024. According to Microsoft, the attacker needs to be authenticated, although the Output Messenger advisory indicates that privileges are not required to exploit the vulnerability. An attacker could upload malicious files into the server’s startup directory by exploiting this directory traversal vulnerability. This allows an attacker to gain indiscriminate access to the communications of every user, steal sensitive data and impersonate users, possibly leading to operational disruptions, unauthorized access to internal systems, and widespread credential compromise.

Continuous exploitation

• CVE-2023-0656 - SonicWall / SonicOS (not in CISA KEV)
• CVE-2022-26134 - Atlassian / Confluence Data Center
• CVE-2019-1653 - Cisco / Cisco Small Business RV Series Router Firmware

Thank you

Thank you to all the contributors and our diverse sources!

If you want to contribute to the next report, you can create your account.

Feedback and Support

If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us! https://github.com/vulnerability-lookup/vulnerability-lookup/issues/

This project implements a FastAPI-based local server designed to load one or more pre-trained NLP models during startup and expose them through a clean, RESTful API for inference.

For example, it leverages the Hugging Face transformers library to load the CIRCL/vulnerability-severity-classification-distilbert-base-uncased model, which specializes in classifying vulnerability descriptions according to their severity level. The server initializes this model once at startup, ensuring minimal latency during inference requests.

Clients interact with the server via dedicated HTTP endpoints corresponding to each loaded model. Additionally, the server automatically generates comprehensive OpenAPI documentation that details the available endpoints, their expected input formats, and sample responses—making it easy to explore and integrate the services.

The ultimate goal is to enrich vulnerability data descriptions through the application of a suite of NLP models, providing direct benefits to Vulnerability-Lookup and supporting other related projects.

[!Conceptual architecture](https://raw.githubusercontent.com/vulnerability-lookup/ML-Gateway/refs/heads/main/docs/ml-gateway.png)

Today we released Vulnerability-Lookup 2.9.0 with new features, enhancements, and bug fixes.

What's New

Adversarial Techniques from MITRE EMB3D

The Adversarial Techniques from MITRE EMB3D are now integrated into Vulnerability-Lookup as a new source and are correlated with existing security advisories.

This feature was contributed by Piotr Kaminski during the last Hack.lu hackathon. (#129)

!MITRE EMB3D

Global CVE Allocation System (GCVE)

GCVE identifiers are now supported in HTML templates and URL parameters, thanks to the GCVE Python client. These identifiers can now be used when disclosing a new vulnerability as part of the Coordinated Vulnerability Disclosure (CVD) process, in alignment with NIS 2 requirements. (8bb3d84, 58c394a)

!GCVE

Trustworthy Level for Members

Members of a Vulnerability-Lookup instance now have a dynamically calculated trustworthy level based on profile completeness and verification. Members affiliated with FIRST.org or European CSIRTs (CNW) are automatically trusted for operations that would otherwise require administrator approval (e.g., creating comments).

Changes

• New API endpoint for MITRE EMB3D. (c0d6b44)
• Improved the vulnerability disclosure page. (ccfb6b1)
• Added page arguments to the vulnerability/last endpoint. (ce75a7a)
• Notification emails now include a random signoff. (#119)
• Various graphical enhancements. (0878a31)

Fixes

• Fixed editing of notifications for Organization/Product. (#124)

Changelog

📂 To see the full rundown of the changes, users can visit the changelog on GitHub: https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.9.0

🚨 April 2025 Vulnerability Report is out! 🚨

👉 https://www.vulnerability-lookup.org/2025/05/01/vulnerability-report-april-2025/

The most prominent vulnerabilities affect the following products:

• Ivanti / ConnectSecure
• Erlang / OTP
• SAP / SAP NetWeaver

The Continuous Exploitation section highlights several resurgent vulnerabilities (recently exploited at a high rate), including:

• CVE-2017-17215 (Huawei router)
• CVE-2015-2051 (D-Link)

Check out the report for more details.

A huge thank you to all contributors and data sources that make this possible! 🙌

Want to help shape the next report? Join us: 👉 https://vulnerability.circl.lu/user/signup

💻 NISDUC Conference

Vulnerability-Lookup will be presented during the fourth NISDUC conference.

👉 https://www.nisduc.eu/

!

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

This client can be integrated into software such as Vulnerability-Lookup to provide core GCVE functionalities by adhering to the Best Current Practices. It can also be used as a standalone command-line tool.

Examples of usage

As a command line tool

First install the gcve client:

```bash $ python -m pip install --user pipx $ python -m pipx ensurepath

$ pipx install gcve installed package gcve 0.6.0, installed using Python 3.13.0 These apps are now globally available - gcve done! ✨ 🌟 ✨ ```

Pulling the registry locally

bash $ gcve registry --pull Pulling from registry... Downloaded updated https://gcve.eu/dist/key/public.pem to data/public.pem Downloaded updated https://gcve.eu/dist/gcve.json.sigsha512 to data/gcve.json.sigsha512 Downloaded updated https://gcve.eu/dist/gcve.json to data/gcve.json Integrity check passed successfully.

Retrieving a GNA

Note: This operation is case sensitive.

```bash $ gcve registry --get CIRCL { "id": 1, "short_name": "CIRCL", "cpe_vendor_name": "circl", "full_name": "Computer Incident Response Center Luxembourg", "gcve_url": "https://vulnerability.circl.lu/", "gcve_api": "https://vulnerability.circl.lu/api/", "gcve_dump": "https://vulnerability.circl.lu/dumps/", "gcve_allocation": "https://vulnerability.circl.lu/", "gcve_sync_api": "https://vulnerability.circl.lu/" }

$ gcve registry --get CIRCL | jq .id 1 ```

Searching the Registry

Note: Search operations are case insensitive.

bash $ gcve registry --find cert [ { "id": 680, "short_name": "DFN-CERT", "full_name": "DFN-CERT Services GmbH", "gcve_url": "https://adv-archiv.dfn-cert.de/" } ]

More information in the Git repository.

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.

This release of Vulnerability-Lookup includes new features, better monitoring, improvements and fixes.

What's New

Centralized monitoring service

This feature adds log and process heartbeat reporting to a Valkey datastore, enabling centralized monitoring of Vulnerability-Lookup’s system health and its various components. (#106)

This new feature is essential for monitoring our expanding suite of tools used to collect vulnerability-related information.

!Process monitoring

!Feeders monitoring

!Global dashboard

It also supports our new email notification service, which alerts platform users about newly discovered vulnerabilities. Additionally, a new admin view has been introduced, allowing real-time monitoring of the collected logs.

CWE and CAPEC

The CAPEC (Common Attack Pattern Enumerations) and CWE (Common Weakness Enumeration) datasets are now accessible through the API. Check out the documentation. (#98)

Changes

• [API] Added a new 'since' argument to the /api/vunerability/search/<vendor>/<product> endpoint (833d799)
• [Web] Improved administration dashboard (a732ff3, 0258b24, 04f3772)

Fixes

• Missing description on some description from Microsoft feeds (#107)
• Removed duplicate occurences of the string cvssV4_0 in various Jinja filters. (73c4111)
• Few minor fixes.

📂 To see the full rundown of the changes, users can visit the changelog on GitHub: https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.6.0

Feedback and Support

If you encounter issues or have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us! https://github.com/vulnerability-lookup/vulnerability-lookup/issues/

Follow us on Fediverse/Mastodon

You can follow us on Mastodon and get real time informationa about security advisories: https://social.circl.lu/@vulnerability_lookup/

You can star the project on GitHub: https://github.com/vulnerability-lookup/vulnerability-lookup

Or create an account: https://vulnerability.circl.lu/

cross-posted from: https://lemmy.ml/post/25836770

> Just wanted to share my Pixelfed account: @cedric@pixelfed.social > > I like so much this network. A lot of awesome artists are sharing their work there. fan of the accounts @zhhz@pixelfed.social, @Alice@gram.social, @Cirillux@pixelfed.social, @Charlie@pixelfed.social, @arkadiusz@pixelfed.social, and so much more!

Just wanted to share my Pixelfed account: @cedric@pixelfed.social

I like so much this network. A lot of awesome artists are sharing their work there. fan of the accounts @zhhz@pixelfed.social, @Alice@gram.social, @Cirillux@pixelfed.social, @Charlie@pixelfed.social, @arkadiusz@pixelfed.social, and so much more!

We're excited to share the latest features designed to make vulnerability tracking even more efficient.

🚀 What's New

🆕 Email Notifications (Product Watch List)

Stay ahead with hourly, daily, or weekly alerts for new or updated vulnerabilities affecting the vendors and products you care about. Notifications come in both HTML and plain text, with CSV attachments detailing vulnerabilities, sightings, and comments. (#101)

The notification management interface

[!Notifications management](https://www.vulnerability-lookup.org/images/news/2025/02/2025-02-07-user-notifications-center.png)

Future releases will allow users to create notifications by specifying just a vendor, optionally a version, and to be notified about new sightings related to a product or vulnerability.

Various email notifications

The screenshot below shows a list of notifications aggregated in an email client. It's easy to aggregate messages by product / vendor.

[!List of notifications](https://www.vulnerability-lookup.org/images/news/2025/02/2025-02-07-notifications-7zip.png)

🆕 Fraunhofer FKIE NVD Feeder

FKIE NVD Feeder is now operating as a standalone source. (b1e86d8)

🆕 Sightings Import/Export

Manage your sightings via the admin interface with new import/export capabilities. (23cfed2)

🆕 New API Endpoint

Quickly retrieve recently added or updated vulnerabilities since a specific date for better automation and integration. (eccd34d)

🛠️ Changes

• Harmonized pagination mechanism of the API and made it more simple to use (using page numbers instead of using offsets) (46ce344)
• The evolution chart is now taking advantage of the pagination in order to get more data (ada62e2)
• Added an input integer slider in order to let the user dynamically set the minimum number of sightings in the evolution table (cea65b7)
• Implemented a function to check if a domain name exists in the block list, as defined in the website's configuration file (a2e04b3)
• Various improvements to the home page (48cbaed)
• log entry when a shutdown key is present on start (fd18d45)
• Various improvements to the API

📂 To see the full rundown of the changes, users can visit the changelog on GitHub: https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.5.0

🙏 Thank you very much to all the contributors and testers!

Tips

Filtering your email notifications

Notification emails from Vulnerability-Lookup include custom SMTP headers:

• X-Mailer: Vulnerability-Lookup
• X-Category: Security Advisory

This allows you to easily create rules or filters in your email client, as shown below. Additionally, you can set up more fine-grained rules based on the email subject.

[!Email filters with SMTP headers]

Creation of a new notification

!Create a new notification

Example of a notification with sightings

!New notification email

!New notification email with sightings

!New notification email with CSV attachment for vulnerabilities and sightings

We are glad to announce the immediate availability of vulnerability-related observations from The Shadowserver Foundation within Vulnerability-Lookup.

This milestone wouldn’t have been possible without Piotr Kijewski. We developed a new sighting client, ShadowSight. This new client gathers vulnerability-related data directly from The Shadowserver Foundation, then reports the collected data to the Vulnerability-Lookup API as sightings.

ShadowSight leverages insights on common vulnerabilities and exploited vulnerabilities from Shadowserver’s honeypot source. Source code of ShadowSight is available:

👉 https://github.com/CIRCL/ShadowSight

Explore our sightings collected from this source:

• Exploited vulnerabilities (type: exploited): https://vulnerability.circl.lu/sightings/?query=honeypot%2Fexploited-vulnerabilities
• Common vulnerabilities (type: seen): https://vulnerability.circl.lu/sightings/?query=honeypot%2Fcommon-vulnerabilities

The Shadowserver Foundation remains a cornerstone resource for security researchers, providing an extensive wealth of data on real-world exploits and their associated vulnerabilities, complete with daily statistics and geographical insights.

Widely used by incident response teams, security researchers, analysts, and other cybersecurity professionals, Shadowserver is recognized as a highly credible and impactful project in the cybersecurity landscape. The Shadowserver Foundation delivers particularly valuable insights into security issues, including vulnerabilities in unpatched IoT devices, various types of internet-facing services, and even services that should not be exposed to the internet.

For us, it has quickly become a reliable sources for sightings. It's also a way to diversify our sources and improve situational awareness.

🔗 Explore all our sighting sources (such as Mastodon, Bluesky, MISP, etc.) and tools here:

👉 https://www.vulnerability-lookup.org/tools/#sightings

📖 References

• https://www.shadowserver.org/
• https://vulnerability.circl.lu/
• https://github.com/cve-search/vulnerability-lookup
• https://github.com/CIRCL/ShadowSight
• https://www.vulnerability-lookup.org/documentation/sightings.html

🤝 Contribute

If you want to benefit from more features of Vulnerability-Lookup like sharing comments, bundles, or sightings, you can create an account to the instance operated by CIRCL:

👉 https://vulnerability.circl.lu/user/signup

!Sightings correlations

!Sightings

We’re really thrilled to unveil Vulnerability-Lookup 2.4.0!

https://www.vulnerability-lookup.org/images/news/2025/2025-01-10-Vulnerability-Lookup-2.4.0.webm

This version includes new features, new importers, improvements and fixes. The key updates are highlighted below.

🔍 New Dashboard: Quickly access the top sighted vulnerabilities from the past month with a real-time, filterable interface.

📊 New Correlations Graph: Visualize relationships between sightings for deeper insights.

!Correlations with sightings - 1 !Correlations with sightings - 2

📥 New Importers:

• CSAF Microsoft Importer for streamlined CSAF data integration.
• FKIE NVD Importer to incorporate FKIE NVD datasets seamlessly.

!CSAF Microsoft

📡 RSS/Atom Feeds for Sightings: Stay updated with feeds for specific CPE sightings, sorted and tailored for your needs.

👀 GitHub Gist Sighting Tool: Introducing GistSight for tracking vulnerabilities in GitHub Gists.

💡 Other Updates: We’ve added metadata enrichment capabilities and made significant API improvements to enhance your experience.

Discover more about Vulnerability-Lookup and its capabilities here: https://vulnerability.circl.lu/

🙏 Thank you very much to all the contributors and testers!

To see the full rundown of the changes, users can visit the changelog on GitHub: https://github.com/cve-search/vulnerability-lookup/releases/tag/v2.4.0