- Samsung Galaxy S25 Edge hands-on: This ultra-thin phone made my iPhone feel outdated
- DPRK-Backed TA406 Targets Ukraine With Malware Campaigns
- United Airlines takes flight with Cisco: building a foundation for digital resilience
- Agentic AI: A New Frontier for Network Engineers
- 10 things I always do after installing Ubuntu to instantly improve the experience
European Vulnerability Database Launches Amid US CVE Chaos
Europe’s cybersecurity agency today announced the official launch of a new vulnerability database initiative, which could be useful for network defenders in light of recent turmoil on the other side of the Atlantic.
Previously revealed by Infosecurity, the European Vulnerability Database (EUVD) has been operating up until now in beta. Developed by ENISA as a requirement of the new NIS2 directive, it will function ostensibly in a similar way to the US National Vulnerability Database (NVD).
The EUVD will provide a centralized, aggregated source of information on cybersecurity vulnerabilities, their exploitation status and suggested mitigations.
Vulnerability information will come from multiple sources such as Computer Security Incident Response Teams (CSIRTs), vendors and existing databases such as CISA’s Known Exploited Vulnerability Catalog and the MITRE CVE program. Information will be automatically transferred into the EUVD.
Read more on vulnerabilities: NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stalled.
ENISA said it sees the primary consumers of the database as the public at large, network and information system providers and their customers, private companies and researchers, and national authorities like CSIRTs.
Many of these entities are concerned about the long-term future of the CVE program after CISA was recently forced to step in at the last minute to extend the non-profit MITRE’s contract for another 11 months.
The EUVD presents users with three dashboards: one for critical vulnerabilities, one for exploited vulnerabilities and one for EU coordinated ones powered by European CSIRTs. Each is given an “EUVD” identifier, as well as the listed CVE ID and, potentially others such as the Cloud Security Alliance’s Global Security Database (GSD) or GitHub Advisories (GHSA).
EUVD data records might include:
- A description of the vulnerability
- IT products or services affected, affected versions, the severity of the vulnerability and how it could be exploited
- Information on available patches or mitigation guidance from CSIRTs and other authorities
“The EU is now equipped with an essential tool designed to substantially improve the management of vulnerabilities and the risks associated with it,” said ENISA executive director, Juhan Lepassaar. “The database ensures transparency to all users of the affected ICT products and services and will stand as an efficient source of information to find mitigation measures.”
