Merge branch 'main' of github.com:cve-search/vulnerability-lookup.org

Author: adulau

content/_index.md

@@ -13,6 +13,9 @@ Vulnerability-Lookup facilitates quick [correlation](/user-manual/correlations)
 independent of vulnerability IDs, and streamlines the management of
 Coordinated Vulnerability Disclosure (CVD).
 
+From the beginning, Vulnerability-Lookup was designed to operate independently of specific vulnerability
+identifiers, making it inherently compatible with the
+[Global CVE Allocation System (GCVE)](https://gcve.eu).
 
 ## Explore
 
@@ -33,8 +36,8 @@ feel free to create an account on the [the official instance](https://vulnerabil
 - **Track vulnerabilities** with your custom product watch lists and receive [email notifications](/user-manual/email-notification).
 - **API**: A comprehensive and fast lookup API for searching vulnerabilities and identifying correlations by vulnerability identifier.
 - **Feeders**: Modular system to import vulnerabilities from [different vulnerability sources](/sources).
-- **CVD process**: Creation, edition and fork/copy of Security Advisories with the [vulnogram editor](https://github.com/Vulnogram).
-  Support of local vulnerability source per Vulnerability-Lookup instance.
+- **CVD process**: Management of **Security Advisories** and **[Vulnerability Disclosures](https://www.circl.lu/pub/coordinated-vulnerability-disclosure)**.
+- **Global CVE Allocation System**: Support of the [Global CVE Allocation System (GCVE)](https://gcve.eu).
 - **Sightings**: Users have the possibility to add [observations](/user-manual/sightings) to vulnerabilities with different types of sightings, such as:
   *seen*, *exploited*, *not exploited*, *confirmed*, *not confirmed*, *patched*, and *not patched*.
 - **Comments**: Ability to add, review and share comments on vulnerability advisories.

content/events.md

@@ -7,6 +7,25 @@ toc: true
 
 ## Past conferences
 
+### 2025
+
+#### FIRST Cyber Threat Intelligence Conference
+
+  *When:* {{< fixedtime `22th April 2025 15:30-16:00 CEST` `Scoring vulnerabilities by leveraging activity data from the Fediverse` `20250422T1330` >}}
+
+  *Where:* Berlin, Germany
+
+  *Summary agenda:* Scoring vulnerabilities by leveraging activity data from the Fediverse
+
+  *Event link:* https://www.first.org/conference/firstcti25
+
+  *Support:*
+
+  - [Paper](/files/events/2025/FIRST-CTI-Berlin_Scoring-vulnerabilities-by-leveraging-activity-data-from-the-Fediverse.pdf)
+  - [Presentation](/files/events/2025/FIRST-CTI-Berlin_Scoring-vulnerabilities-by-leveraging-activity-data-from-the-Fediverse_presentation.pdf)
+  - [Recording](https://www.youtube.com/live/2pSjbSx8J1Q?si=HQqJKOLez97HGb00&t=25760)
+
+
 ### 2024
 
 #### CSAF Community Days 2024
@@ -47,7 +66,7 @@ toc: true
   *Summary agenda:*
     - Vulnerability Lookup - An Open Source Tool to Support CVS Processes
 
-  *Event link:* https://cfp.pass-the-salt.org/pts2024/
+  *Event link:* https://pretalx.com/hack-lu-2024/talk/TGV7MK/
 
   *Presentation support:* [20241024-Vulnerability-Lookup-hacklu.pdf](/files/events/2024/20241024-Vulnerability-Lookup-hacklu.pdf)
 

content/news/2025-02-14-vulnerability-lookup-2-6-0.md

@@ -5,6 +5,7 @@ layout: news
 date: 2025-02-14
 tags:
     - release
+    - screencast
 excludeSearch: true
 ---
 

content/news/2025-02-26-nlp-vulnerability-lookup.md

@@ -58,7 +58,7 @@ For a quick demo, check out our vulnerability classification space:
 👉 https://huggingface.co/spaces/CIRCL/vulnerability-severity-classification
 
 This is a demo of our **text classification** model with a mapping on CVSS scores.
-It's a fine-tuned model built on [distilbert-base-uncased](https://huggingface.co/distilbert/distilbert-base-uncased), trained on our hardware featuring two GPUs NVIDIA L40.  
+It's a fine-tuned model built on [distilbert-base-uncased](https://huggingface.co/distilbert/distilbert-base-uncased), trained on our hardware featuring two GPUs NVIDIA L40S.  
 We will test various BERT-based model, and of course [RoBERTa](https://arxiv.org/abs/1907.11692).
 
 If you're interested in **text generation**, we've trained a larger model to assist in writing vulnerability descriptions, using [GPT-2](https://huggingface.co/openai-community/gpt2) as base.

content/news/2025-03-01-vulnerability-report-february-2025.md

@@ -30,7 +30,7 @@ The final section focuses on exploitations observed through [The Shadowserver Fo
 
 [![Month at a glance](/images/news/2025/02/february-report-month-view.png)](/images/news/2025/02/february-report-month-view.png)
 
-Repartition of [all type of sightings](https://www.vulnerability-lookup.org/documentation/sightings.html) per day for the month of January.
+Repartition of [all type of sightings](https://www.vulnerability-lookup.org/documentation/sightings.html) per day for the month of February.
 
 For more detailed information, check out the Vulnerability-Lookup dashboard:  
 https://vulnerability.circl.lu

content/news/2025-03-27-vulnerability-lookup-2-7-0.md

@@ -0,0 +1,106 @@
+---
+title: "Vulnerability-Lookup 2.7.0 released"
+slug: vulnerability-lookup-2-7-0
+layout: news
+date: 2025-03-27
+tags:
+    - release
+    - screencast
+excludeSearch: true
+---
+
+We’re delighted to announce the release of Vulnerability-Lookup 2.7.0,
+packed with new features, enhancements, and bug fixes.
+
+{{< video src="/images/news/2025/03/2025-03-27-notifications-organizations.webm" type="video/webm" preload="auto" >}}
+
+## What's New
+
+### Vendor and Product Management
+
+Added support for extending or aliasing CPE names, allowing vendor and product names to be mapped.
+This addresses the issue of CPE fragmentation or inconsistency, where an organization might have multiple vendor names,
+or a single product is referenced by different CPE identifiers (e.g., `"cpe:/a:oracle:java"` vs. `"cpe:/a:sun:java"` for the same product).
+
+The solution introduces organizations as unified containers, consolidating known CPE vendor names under a single entity.
+Related products are linked to this entity. Additionally, a curated list of CPE product name
+synonyms helps resolve naming discrepancies.
+
+A point of contact (email/URL) can be added to an organization.
+[#110](https://github.com/vulnerability-lookup/vulnerability-lookup/pull/110)
+
+
+### Public pages
+
+[![List of organizations](/images/news/2025/03/2025-03-27-list-organizations.png)](/images/news/2025/03/2025-03-27-list-organizations.png)
+[![Organization page](/images/news/2025/03/2025-03-27-organization-circl.png)](/images/news/2025/03/2025-03-27-organization-circl.png)
+[![Product page](/images/news/2025/03/2025-03-27-product-MISP.png)](/images/news/2025/03/2025-03-27-product-MISP.png)
+
+
+### Management pages
+[![Management of products](/images/news/2025/03/2025-03-27-products-management.png)](/images/news/2025/03/2025-03-27-products-management.png)
+
+[![CPE product name management](/images/news/2025/03/2025-03-27-cpe_product_name_management.png)](/images/news/2025/03/2025-03-27-cpe_product_name_management.png)
+
+
+### New notifications for users
+
+[![User notifications](/images/news/2025/03/2025-03-27-your-notifications.png)](/images/news/2025/03/2025-03-27-your-notifications.png)
+
+
+### Organization Membership
+
+Users can now be part of one or multiple organizations in Vulnerability-Lookup.
+[#110](https://github.com/vulnerability-lookup/vulnerability-lookup/pull/110)
+
+
+### New API endpoints
+
+Introduced new endpoints to retrieve information about organizations and products.
+It is as well possible to get all CPE information related to a product or an organization, as a JSON file.
+(``/organization/<uuid>/export_cpe_information`` and ``/product/<uuid>/export_cpe_information``)
+[#110](https://github.com/vulnerability-lookup/vulnerability-lookup/pull/110)
+
+An example of export is available here:
+[CIRCL_CPE.json](https://vulnerability.circl.lu/organization/1a89b78e-f703-45f3-bb86-59eb712668bd/export_cpe_information)
+
+
+📂 To see the full rundown of the changes, users can visit the changelog on GitHub:
+https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.7.0
+
+
+🙏 Thank you very much to all the contributors and testers!
+
+
+## New community on OSSBase
+
+The Vulnerability-Lookup community is now hosted on OSSBase! 🎉
+
+🔗 Join the discussion:  
+https://discourse.ossbase.org/t/vulnerability-lookup-2-7-0-released/35
+
+Account creation is fully open!  
+Sign up, explore, and share your feedback—we’d love to hear your thoughts! 💡
+
+
+
+## Feedback and Support
+
+If you encounter issues or have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!  
+https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
+
+
+## Follow us on Fediverse/Mastodon
+
+You can follow us on Mastodon and get real time informationa about security advisories:  
+https://social.circl.lu/@vulnerability_lookup/
+
+
+## Hackathon
+
+Join our upcoming Hackathon and contribute to Vulnerability-Lookup!
+
+📅 When: 8th & 9th April in Luxembourg  
+📍 Where: www.parc-hotel.lu (120 Route d’Echternach L-1453 Luxembourg)
+
+https://hackathon.lu