Merge pull request #3640 from CVEProject/int

7/15/25 Release: INT to MAIN

Author: jdaigneau5

src/assets/data/CNAsList.json

@@ -1278,7 +1278,7 @@
     "shortName": "CERTVDE",
     "cnaID": "CNA-2020-0010",
     "organizationName": "CERT@VDE",
-    "scope": "Products of CERT@VDE cooperative partners and brands listed at <a href='https://cert.vde.com/en/cna/' target='_blank'>https://cert.vde.com/en/cna/</a>. Also, industrial and infrastructure control systems (and its components) of European Union (EU) based vendors unless covered by the scope of another CNA.  Partners and brands include but are not limited to: ADS-TEC Industrial IT, Auma, sipos, Beckhoff, Bender, Bucher Automation, CLAAS, 365FarmNet, Satinfo, Carlo Gavazzi Controls, Codesys, DURAG GROUP, Draeger, Endress+Hauser, Euchner, Festo Didactic, Festo, Frauscher, GEA, HIMA, Harman, Helmholz, Hilscher, K4 DIGITAL, KEB, Krohne, Kuka, Lenze, BHN Services, MB connect line, Miele, Murrelektronik, PHOENIX CONTACT, Etherwan Systems, Innominate, Pepperl+Fuchs, Pilz, SMA, SWARCO, Trumpf, TRUMPF Laser, TRUMPF Werkzeugmaschinen, VARTA Storage, VEGA, WAGO, M&amp;M Software, Weidmueller, Welotec, Wiesemann &amp; Theis, ifm.",
+    "scope": "<strong>Root Scope:</strong> Organizations that are cooperative partners of CERT@VDE.<br/><strong>CNA Scope:</strong> Products of CERT@VDE cooperative partners and brands listed at <a href='https://cert.vde.com/en/cna/' target='_blank'>https://cert.vde.com/en/cna/</a>. Also, industrial and infrastructure control systems (and its components) of European Union (EU) based vendors unless covered by the scope of another CNA.  Partners and brands include but are not limited to: ADS-TEC Industrial IT, Auma, sipos, Beckhoff, Bender, Bucher Automation, CLAAS, 365FarmNet, Satinfo, Carlo Gavazzi Controls, Codesys, DURAG GROUP, Draeger, Endress+Hauser, Euchner, Festo Didactic, Festo, Frauscher, GEA, HIMA, Harman, Helmholz, Hilscher, K4 DIGITAL, KEB, Krohne, Kuka, Lenze, BHN Services, MB connect line, Miele, Murrelektronik, PHOENIX CONTACT, Etherwan Systems, Innominate, Pepperl+Fuchs, Pilz, SMA, SWARCO, Trumpf, TRUMPF Laser, TRUMPF Werkzeugmaschinen, VARTA Storage, VEGA, WAGO, M&amp;M Software, Weidmueller, Welotec, Wiesemann &amp; Theis, ifm.",
     "contact": [
       {
         "email": [
@@ -1322,6 +1322,10 @@
         "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
       },
       "roles": [
+        {
+          "helpText": "",
+          "role": "Root"
+        },
         {
           "helpText": "",
           "role": "CNA"
@@ -26309,5 +26313,61 @@
       ]
     },
     "country": "USA"
+  },
+  {
+    "shortName": "TYPO3",
+    "cnaID": "CNA-2025-0034",
+    "organizationName": "TYPO3 Association",
+    "scope": "Vulnerabilities in TYPO3 open-source products only, including TYPO3 CMS core and 3rd party extensions for TYPO3, unless covered by the scope of another CNA.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@typo3.org"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://typo3.org/community/teams/security/security-in-typo3"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://advisories.typo3.org/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Open Source"
+      ]
+    },
+    "country": "Switzerland"
   }
 ]

src/assets/data/glossaryEntries.json

@@ -63,7 +63,7 @@
     "id": "glossaryEOL",
     "term": "End of Life (EOL)",
     "termLink": "/ResourcesSupport/Glossary?activeTerm=glossaryEOL",
-    "definition": "The CVE Program treats End of Life (EOL) and End of Support (EOS) as the same, even though various Suppliers may not. EOL essentially means the Supplier has decided the product in question has reached the end of its “useful lifespan.” After this date, the manufacturer no longer markets, sells, provides security fixes, technical support, sustains, enhances, or fixes bugs in the product."
+    "definition": "A Product that no longer receives security Fixes. EOL typically indicates that a Product no longer receives any support, maintenance, or new features."
   },
   {
     "id": "glossaryFix",
@@ -117,7 +117,7 @@
     "id": "glossarySupplier",
     "term": "Supplier",
     "termLink": "/ResourcesSupport/Glossary?activeTerm=glossarySupplier",
-    "definition": "The entity that develops, maintains, or provides a product regardless of whether the product is an open source project or a proprietary product. A supplier is typically responsible for and capable of investigating vulnerability reports and developing fixes or mitigations for vulnerabilities. “Supplier” is used broadly and includes common terms such as vendor, producer, developer, maintainer, author, owner, manufacturer, and provider."
+    "definition": "The entity that develops, maintains, or provides a Product. A supplier is typically responsible for and capable of investigating vulnerability reports and developing fixes or mitigations for vulnerabilities. “Supplier” is used broadly and includes common terms such as vendor, producer, developer, maintainer, author, owner, manufacturer, and provider."
   },
   {
     "id": "glossaryTags",
@@ -154,5 +154,23 @@
     "term": "Authorized Data Publisher (ADP)",
     "termLink": "/ResourcesSupport/Glossary?activeTerm=glossaryADP",
     "definition": "An authorized entity with specific scope and responsibility to enrich the content of CVE Records published by CVE Numbering Authorities (CNAs) with additional, pertinent information (e.g., risk scores, references, vulnerability characteristics, translations)."
+  },
+  {
+    "id": "glossaryAdjudicator",
+    "term": "Adjudicator",
+    "termLink": "/ResourcesSupport/Glossary?activeTerm=glossaryAdjudicator",
+    "definition": "Organization with the role of CVE Numbering Authority (CNA), Root, or Top-Level Root (TL-Root) executing the defined Dispute Process. In cases of Dispute escalations there would be multiple Adjudicators."
+  },
+  {
+    "id": "glossaryDispute",
+    "term": "CVE Record Dispute",
+    "termLink": "/ResourcesSupport/Glossary?activeTerm=glossaryDispute",
+    "definition": "Disagreements with the accuracy or completeness of a CVE Record in accordance with the CVE Program Rules, or the validity of a vulnerability upon which a CVE Record is, or could be, based."
+  },
+  {
+    "id": "glossaryEscalation",
+    "term": "Escalation",
+    "termLink": "/ResourcesSupport/Glossary?activeTerm=glossaryEscalation",
+    "definition": "The process by which disputes are evaluated and resolved."
   }
 ]

src/assets/data/metrics.json

@@ -1,5 +1,26 @@
  {
   "publishedCveRecords": [
+    {
+      "year": "2025",
+      "data": [
+        {
+          "quarter": "1",
+          "value": "12,009"
+        },
+        {
+          "quarter": "2",
+          "value": "TBA"
+        },
+        {
+          "quarter": "3",
+          "value": "TBA"
+        },
+        {
+          "quarter": "4",
+          "value": "TBA"
+        }
+      ]
+    },
     {
       "year": "2024",
       "data": [
@@ -548,6 +569,15 @@
     }
   ],
   "reservedCveIds": [
+    {
+      "year": "2025",
+      "data": [
+        {
+          "quarter": "all",
+          "value": "15,445"
+        }
+      ]
+    },
     {
       "year": "2024",
       "data": [
@@ -784,6 +814,19 @@
     }
   ],
   "cveRecordPublications": [
+    {
+      "year": "2025",
+      "data": [
+        {
+          "heading": "All CNAs",
+          "percentage": "86"
+        },
+        {
+          "heading": "CNA-LRs",
+          "percentage": "14"
+        }
+      ]
+    },
     {
       "year": "2024",
       "data": [
@@ -1153,7 +1196,7 @@
         },
         {
           "month": "July",
-          "value": "3"
+          "value": "4"
         },
         {
           "month": "August",