An Offsite Social Event will be held at the Western Spirit Museum on Wednesday, April 15. Learn more here.
Registration: Closed on April 6, 2026, at 19:00 UTC. Learn more here.
Standard Admission (by March 14, 2026): US $525.00
Late Rate Admission (after March 14, 2026): US $600.00
Virtual Admission: US $100.00
Registration fees include full admission to conference activities Monday through Thursday; continental breakfast, lunch, and two coffee breaks Tuesday through Thursday; entry to the Monday welcome reception; entry to the Tuesday networking reception; entry to the vendor hall; all applicable conference materials;, and access to live streams and applicable apps.
Purpose: The purpose of VulnCon is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.
A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.
Call for Speakers (CFS): Closed on December 22, 2025. The CFS requirements and submission process are available here.",
+ "description": "VulnCon is co-hosted by the CVE Program and FIRST and is open to the public. Watch session videos here.
An Offsite Social Event will be held at the Western Spirit Museum on Wednesday, April 15. Learn more here.
Registration: Closed on April 6, 2026, at 19:00 UTC. Learn more here.
Standard Admission (by March 14, 2026): US $525.00
Late Rate Admission (after March 14, 2026): US $600.00
Virtual Admission: US $100.00
Registration fees include full admission to conference activities Monday through Thursday; continental breakfast, lunch, and two coffee breaks Tuesday through Thursday; entry to the Monday welcome reception; entry to the Tuesday networking reception; entry to the vendor hall; all applicable conference materials;, and access to live streams and applicable apps.
Purpose: The purpose of VulnCon is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.
A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.
Call for Speakers (CFS): Closed on December 22, 2025. The CFS requirements and submission process are available here.",
"permission": "public",
"url": "https://www.first.org/conference/vulncon26/",
"date": {
diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json
index 8f67b43e..0cd85b97 100644
--- a/src/assets/data/metrics.json
+++ b/src/assets/data/metrics.json
@@ -1235,7 +1235,7 @@
},
{
"month": "June",
- "value": "TBA"
+ "value": "4"
},
{
"month": "July",
diff --git a/src/assets/data/news.json b/src/assets/data/news.json
index 2dddf363..e15b1153 100644
--- a/src/assets/data/news.json
+++ b/src/assets/data/news.json
@@ -1,5 +1,186 @@
{
"currentNews": [
+ {
+ "id": 682,
+ "newsType": "news",
+ "title": "IQSIGHT Added as CVE Numbering Authority (CNA)",
+ "urlKeywords": "IQSIGHT Added as CNA",
+ "date": "2026-06-02",
+ "description": [
+ {
+ "contentnewsType": "paragraph",
+ "content": "IQSIGHT B.V. is now a CVE Numbering Authority (CNA) for all IQSIGHT (formerly Bosch Building Technology - Video Systems) products including end-of-life products."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "To date, 521 CNAs (518 CNAs and 3 CNA-LRs) from 43 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. IQSIGHT is the 7th CNA from Netherlands."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "IQSIGHT’s Root is the ENISA Root."
+ }
+ ]
+ },
+ {
+ "id": 681,
+ "newsType": "news",
+ "title": "OMICRON electronics Added as CVE Numbering Authority (CNA)",
+ "urlKeywords": "OMICRON electronics Added as CNA",
+ "date": "2026-06-02",
+ "description": [
+ {
+ "contentnewsType": "paragraph",
+ "content": "OMICRON electronics is now a CVE Numbering Authority (CNA) for OMICRON electronics issues only."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "To date, 520 CNAs (517 CNAs and 3 CNA-LRs) from 43 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. OMICRON electronics is the 5th CNA from Austria."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "OMICRON electronics’s Root is the CISA ICS Root."
+ }
+ ]
+ },
+ {
+ "id": 680,
+ "newsType": "news",
+ "title": "linqi Added as CVE Numbering Authority (CNA)",
+ "urlKeywords": "linqi Added as CNA",
+ "date": "2026-06-02",
+ "description": [
+ {
+ "contentnewsType": "paragraph",
+ "content": "linqi GmbH is now a CVE Numbering Authority (CNA) for vulnerabilities in linqi products only."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "To date, 519 CNAs (516 CNAs and 3 CNA-LRs) from 43 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. linqi is the 25th CNA from Germany."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "linqi’s Root is the MITRE Top-Level Root."
+ }
+ ]
+ },
+ {
+ "id": 679,
+ "newsType": "news",
+ "title": "Cynet Security Added as CVE Numbering Authority (CNA)",
+ "urlKeywords": "Cynet Security Added as CNA",
+ "date": "2026-06-02",
+ "description": [
+ {
+ "contentnewsType": "paragraph",
+ "content": "Cynet Security Inc. is now a CVE Numbering Authority (CNA) for vulnerabilities in Cynet Security products and services, including the Cynet 360 All in one platform, endpoint agents (Windows, macOS, Linux), Cynet-managed APIs, web applications, and internet-facing infrastructure operated by Cynet Security."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "To date, 518 CNAs (515 CNAs and 3 CNA-LRs) from 43 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Cynet Security is the 277th CNA from USA."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "Cynet Security’s Root is the MITRE Top-Level Root."
+ }
+ ]
+ },
+ {
+ "id": 678,
+ "newsType": "blog",
+ "title": "Vulnerability Data Enrichment for CVE Records: 259 CNAs on the Enrichment Recognition List for June 1, 2026",
+ "urlKeywords": "CNA Enrichment Recognition List Update",
+ "date": "2026-06-02",
+ "author": {
+ "name": "CVE Program",
+ "organization": {
+ "name": "CVE Program",
+ "url": ""
+ },
+ "title": "",
+ "bio": ""
+ },
+ "description": [
+ {
+ "contentnewsType": "image",
+ "imageWidth": "",
+ "href": "/news/CnaEnrichmentRecognitionList.png",
+ "altText": "Increasing the Value of the CVE Record - CNA Enrichment Recognition List"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "The “CNA Enrichment Recognition List” for June 1, 2026, is now available with 259 CNAs listed. Published monthly on the CVE website, the list recognizes those CVE Numbering Authorities (CNAs) that are actively providing enhanced vulnerability data in their CVE Records. CNAs are added to the list if they provide Common Vulnerability Scoring System (CVSS) and Common Weakness Enumeration (CWE™) in at least 98% of their records that were published within two weeks of their most recently published record."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "CNA Enrichment Recognition List criteria and reporting are intended to recognize those CNAs taking on the work to increase the value of CVE Records for downstream consumers, and encourage others to do the same. Enrichment Recognition List criteria may change over time. The most recent modifications occurred in June 2025 when data pulls were moved from every two weeks and based upon data from the last 12 months, to the current reporting of once-per-month data pulls based upon data from the previous six months."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "For more about the recognition list, see “Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records.” To learn more about vulnerability information types like CVSS and CWE, see the CVE Record User Guide. View the most current CNA Enrichment Recognition List on the CVE website Metrics page here."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "CNA Enrichment Recognition List for June 1, 2026, with 259 CNAs listed:
2N Telekomunikace a.s.
Acer Inc.
Acronis International GmbH
Adobe Systems Incorporated
Airbus
AlgoSec
Alibaba, Inc.
Altera
Altium
Amazon
AMI
ARC Informatique
Arista Networks, Inc.
Asea Brown Boveri Ltd.
ASR Microelectronics Co., Ltd.
ASUSTeK Computer Incorporation
ASUSTOR Inc.
Austin Hackers Anonymous
Autodesk
Automotive Security Research Group (ASRG)
Axis Communications AB
BeyondTrust Inc.
Bitdefender
Black Duck Software, Inc.
Black Lantern Security
BlackBerry
Brocade Communications Systems LLC, a Broadcom Company
CA Technologies
Canon Inc.
Canonical Ltd.
Carrier Global Corporation
Cato Networks
CERT.PL
CERT@VDE
Check Point Software Technologies Ltd.
Checkmk GmbH
Cisco Systems, Inc.
CODRA
Commvault Systems Inc
Computer Incident Response Center Luxembourg (CIRCL)
Concrete CMS
ConnectWise LLC
Crafter CMS
Crestron Electronics, Inc.
CrowdStrike Holdings, Inc.
CyberDanube
Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Dahua Technologies
Dassault Systèmes
Delinea, Inc.
Dell EMC
Delta Electronics, Inc.
Django Software Foundation
Docker Inc.
dotCMS LLC
Dragos, Inc.
Dutch Institute for Vulnerability Disclosure (DIVD)
Echo Software Ltd
Elastic
EnterpriseDB Corporation
Ericsson
Erlang Ecosystem Foundation
ESET, spol. s r.o.
EU Agency for Cybersecurity (ENISA)
Everpure, Inc.
Extreme Networks, Inc.
F5 Networks
Fedora Project (Infrastructure Software)
Fermax Technologies SLU
Financial Security Institute (FSI)
floragunn GmbH
Fluid Attacks
Forcepoint
Fortinet, Inc.
Fortra, LLC
Foxit Software Incorporated
FPT SOFTWARE CO., LTD
Gallagher Group Ltd
Gen Digital Inc.
Genetec Inc.
GeoVision Inc.
GitHub (maintainer security advisories)
GitHub Inc, (Products Only)
GitLab Inc.
Glyph & Cog, LLC
Google Cloud
Google LLC
Gridware Cybersecurity
HackerOne
Hackrate Kft.
HackRTU
Hallo Welt! GmbH
Hanwha Vision Co., Ltd.
Harborist
HashiCorp Inc.
HCL Software
HeroDevs
HiddenLayer, Inc.
Hillstone Networks Inc.
Hitachi Energy
Hitachi Vantara
Hitachi, Ltd.
HP Inc.
Huawei Technologies
HYPR Corp
ICS-CERT
Indian Computer Emergency Response Team (CERT-In)
Insyde Software
Intel Corporation
Internet Systems Consortium (ISC)
Intigriti
Israel National Cyber Directorate
Ivanti
Jamf
Jaspersoft
JetBrains s.r.o.
JFROG
Johnson Controls
JPCERT/CC
Juniper Networks, Inc.
Kaspersky
KNIME AG
KrakenD, S.L.
KrCERT/CC
Kubernetes
Larry Cashdollar
Legion of the Bouncy Castle Inc.
Lexmark International Inc.
M-Files Corporation
Maritime Hacking Village
Mattermost, Inc
Mautic
Medtronic
Microchip Technology
Microsoft Corporation
Milestone Systems A/S
Mitsubishi Electric Corporation
MongoDB
Moxa Inc.
National Cyber Security Centre Finland
National Cyber Security Centre SK-CERT
National Instruments
NEC Corporation
Neo4j
NETGEAR
Netskope
Network Optix
Nozomi Networks Inc.
Nutanix
Nvidia Corporation
OMRON Corporation
Open Design Alliance
OpenHarmony
OpenJS Foundation
OpenText (formerly Micro Focus)
OpenVPN Inc.
OPPO
OTRS AG
Palantir Technologies
Palo Alto Networks
Pandora FMS
PaperCut Software Pty Ltd
Patchstack OÜ
Payara
Pegasystems
Pentraze Cybersecurity
Perforce
PHP Group
Ping Identity Corporation
PostgreSQL
Progress Software Corporation
Project Black
Protect AI
PTC Inc.
Python Software Foundation
QNAP Systems, Inc.
Qualcomm, Inc.
Radiometer Medical ApS
rami.io GmbH
Rapid7, Inc.
Real-Time Innovations, Inc.
Red Hat CNA-LR
Robert Bosch GmbH
Rockwell Automation
runZero, Inc.
S21sec Cyber Solutions by Thales
SailPoint Technologies
Samsung TV & Appliance
SAP SE
SBA Research gGmbH
Schneider Electric SE
SCHUTZWERK GmbH
Secomea
Securin
Security Risk Advisors
ServiceNow
SICK AG
Siemens
Silicon Labs
Snowflake
Snyk
Softing
SoftIron
SolarWinds
Sonatype Inc.
Spanish National Cybersecurity Institute, S.A.
Spartans Security
StrongDM
Switzerland National Cyber Security Centre (NCSC)
Symantec - A Division of Broadcom
Synaptics
Synology Inc.
Talos
Tanium Inc.
TCS-CERT
TeamViewer Germany GmbH
Temporal Technologies Inc.
Tenable Network Security, Inc.
Teradyne Robotics
Thales Group
The Browser Company of New York
The Document Foundation
The Missing Link Australia (TML)
The Qt Company
The Rust Project
The Tcpdump Group
TianoCore.org
Tigera
Toreon
TP-Link Systems Inc.
TR-CERT (Computer Emergency Response Team of the Republic of Turkey)
Trellix
Turan Security
TWCERT/CC
TYPO3 Association
upKeeper Solutions
Vaadin Ltd.
Vivo Mobile Communication Technology Co., LTD.
VMware
VulDB
VulnCheck
VULSec Labs
WatchGuard Technologies, Inc.
Western Digital
Wiz, Inc.
wolfSSL Inc.
Wordfence
Xerox Corporation
Yandex N.V.
Yokogawa Group
Yugabyte, Inc.
Zabbix
Zero Day Initiative
Zohocorp
Zoom Video Communications, Inc.
Zscaler, Inc.
ZTE Corporation
ZUSO Advanced Research Team (ZUSO ART)
Zyxel Corporation
"
+ }
+ ]
+ },
+ {
+ "id": 677,
+ "newsType": "blog",
+ "title": "Videos from CVE/FIRST VulnCon 2026 Now Available",
+ "urlKeywords": "Videos from VulnCon 2026 Now Available",
+ "date": "2026-06-02",
+ "author": {
+ "name": "CVE Program",
+ "organization": {
+ "name": "CVE Program",
+ "url": ""
+ },
+ "title": "",
+ "bio": ""
+ },
+ "description": [
+ {
+ "contentnewsType": "image",
+ "imageWidth": "",
+ "href": "/news/VulnCon_AZ.png",
+ "altText": "VulnCon 2026"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "Videos of fifty sessions from CVE/FIRST VulnCon 2026 are now available on the FIRST Channel on YouTube and the CVE Program Channel on YouTube. The purpose of VulnCon is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "The following conference videos are available:"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "
"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "Please like or comment on the videos on the CVE Program Channel on YouTube."
+ }
+ ]
+ },
+ {
+ "id": 676,
+ "newsType": "news",
+ "title": "Minutes from CVE Board Teleconference Meeting on April 29 Now Available",
+ "urlKeywords": "CVE Board Minutes from April 29",
+ "date": "2026-06-02",
+ "description": [
+ {
+ "contentnewsType": "paragraph",
+ "content": "The CVE Board held a teleconference meeting on April 29, 2026. Read the meeting minutes summary."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information."
+ }
+ ]
+ },
{
"id": 675,
"newsType": "news",
@@ -320,7 +501,7 @@
},
{
"contentnewsType": "paragraph",
- "content": "
CISA Top-Level Root: Vulnerabilities that are (1) reported to or observed by CISA and (2) affect critical infrastructure, U.S. civilian government, industrial control systems, or medical devices, and (3) are not covered by another CNA’s scope
CISA ICS Root: Vulnerabilities that are (1) reported to or observed by CISA, (2) affect industrial control systems or medical devices, and (3) are not covered by another CNA’s scope
MITRE Top-Level Root: Vulnerabilities, and Open-Source software product vulnerabilities, not already covered by a CNA listed on this website
Red Hat Root: The Red Hat Root’s scope includes the open-source community. Any open-source organizations that prefer Red Hat as their Root; organizations are free to choose another Root if it suits them better
Thales Group Root: Products and technologies of subsidiaries of Thales Group
"
+ "content": "
CISA Top-Level Root: Vulnerabilities that are (1) reported to or observed by CISA and (2) affect critical infrastructure, U.S. civilian government, industrial control systems, or medical devices, and (3) are not covered by another CNA’s scope
CERT@VDE Root: Organizations that are cooperative partners of CERT@VDE
CISA ICS Root: Vulnerabilities that are (1) reported to or observed by CISA, (2) affect industrial control systems or medical devices, and (3) are not covered by another CNA’s scope
MITRE Top-Level Root: Vulnerabilities, and Open-Source software product vulnerabilities, not already covered by a CNA listed on this website
ENISA Root: European Union (EU) member states/EU authorities, EU CSIRT’s network members, and cooperative partners under ENISA’s mandate as well as other CNAs who choose ENISA as their Root
Red Hat Root: The Red Hat Root’s scope includes the open-source community. Any open-source organizations that prefer Red Hat as their Root; organizations are free to choose another Root if it suits them better
Thales Group Root: Products and technologies of subsidiaries of Thales Group
"
},
{
"contentnewsType": "paragraph",
@@ -865,7 +1046,7 @@
},
{
"contentnewsType": "paragraph",
- "content": "CNAs are vendor, researcher, open source, CERT, hosted service, and bug bounty provider organizations authorized by the CVE Program to assign CVE IDs to vulnerabilities and publish CVE Records within their own specific scopes of coverage."
+ "content": "CNAs are vendor, researcher, open source, CERT, hosted service, bug bounty provider, and consortium organizations authorized by the CVE Program to assign CVE IDs to vulnerabilities and publish CVE Records within their own specific scopes of coverage."
},
{
"contentnewsType": "paragraph",
@@ -1250,7 +1431,7 @@
},
{
"contentnewsType": "paragraph",
- "content": "Resources mentioned in the podcast include: