News & Events

Please use our LinkedIn page to comment on the articles below, or use our CVE Request Web Form by selecting “Other” from the dropdown.
Right-click and copy a URL to share an article.

Ken Munro of Pen Test Partners LLP has joined the CVE Board.

Read the full announcement and welcome message in the CVE Board email discussion list archive.

The CVE Board held a teleconference meeting on January 6, 2021. Read the meeting minutes.

Sophos Limited is now a CVE Numbering Authority (CNA) for Sophos issues only. Sophos’ Root CNA is the MITRE Top-Level Root CNA. Read the Sophos news release.

To date, 152 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

WPScan is now a CVE Numbering Authority (CNA) for WordPress core, plugins, and themes. WPScan’s Root CNA is the MITRE Top-Level Root CNA. Read the WPScan news release.

To date, 151 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Samsung Mobile is now a CVE Numbering Authority (CNA) for Samsung Mobile Galaxy products, personal computers, and related services only. Samsung Mobile’s Root CNA is the MITRE Top-Level Root CNA.

To date, 150 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on December 16, 2020. Read the meeting minutes.

Coalfire Labs is now a CVE Numbering Authority (CNA) for all CoalfireONE products, as well as vulnerabilities in third-party software discovered by Coalfire Labs that are not in another CNA’s scope. Coalfire Labs’ Root CNA is the MITRE Top-Level Root CNA. Read the Coalfire Labs news release.

To date, 149 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

In his article on the CVE Blog, CVE community member Milind Kulkarni of CVE Numbering Authority (CNA) NVIDIA discusses the benefits of leveraging the CVE Program for vulnerability disclosure practices in “Our CVE Story: Using the CVE Program to Provide Reliable Vulnerability Information.”

The CVE Board held a teleconference meeting on December 2, 2020. Read the meeting minutes.

UPDATE: Infrastructure upgrades on the CVE website were completed, and normal operations resumed, on December 10, 2020 at 11:00 p.m. (EST). We apologize for any inconvenience. Please contact us with any comments or concerns.

The CVE Program is upgrading the infrastructure used to add CVE List content to the CVE website. As a result, from 6:00 a.m. through 11:00 p.m. (EST) on December 10, 2020 any data that is updated daily on a periodic basis (e.g., CVE List, @CVEnew tweets, download files) will not be updated. Normal operations are scheduled to resume on December 10, 2020 at 11:00 p.m. (EST).

Previously published CVE List content on the CVE website will remain accessible, as will all other website content, during the upgrades. In addition, submissions via the CVE Request Web Form and GitHub (CVE Numbering Authorities (CNAs)-only) may still be made during this time but will processed once the upgrade is completed.

This announcement was also posted to Twitter and LinkedIn.

JPCERT/CC posted a blog article on December 4, 2020 that explained its role as a Root CVE Numbering Authority (CNA) and announced Mitsubishi Electric and LINE Corporation as CNAs with JPCERT/CC as their Root CNA.

In addition to announcing that two organizations have joined the CVE Program as CNAs, JPCERT/CC also encouraged other organizations in Japan to participate: “As a CNA, JPCERT/CC assigns CVE IDs to reported vulnerabilities, when publishing the advisories on JVN. However, considering the nature of CVE IDs, it would be more natural for the product developers who can acknowledge and verify the vulnerabilities to assign CVE IDs on their own, than by the organizations who coordinate and publish vulnerability information. The involvement of the 2 new CNAs is welcome by the CVE Program, as vendors’ participation to the program as CNAs is highly encouraged … If you are interested in becoming a CNA or have any opinions on this topic, please contact us at vuls@jpcert.or.jp.”

Read the complete blog article in English or Japanese.

Mitsubishi Electric Corporation is now a CVE Numbering Authority (CNA) for Mitsubishi Electric issues only. Mitsubishi Electric’s Root CNA is the JPCERT/CC Root CNA.

To date, 148 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

LINE Corporation is now a CVE Numbering Authority (CNA) for current versions of LINE Messenger Application for iOS, Android, Mac, and Windows, plus LINE Open Source projects hosted on https://github.com/line. LINE’s Root CNA is the JPCERT/CC Root CNA.

To date, 147 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Program has new logo! As a reminder, the new CVE logo was chosen by the community in a contest held earlier this year.

The new CVE logo will be rolled out across all of our communications materials in the coming weeks. Please contact us with any comments or concerns.