The national CERT agencies, CISA-KEV, JPCERT/CC-Alerts, and US-CERT-Alerts, have published alerts about particularly dangerous vulnerabilities.
You can check the vulnerability list and details on the FutureVuls website.
This is a “Known Exploited Vulnerabilities (KEV) catalog,” which is a list of extremely serious vulnerabilities that have been exploited by attack code and have been widely attacked on the public internet, as specified in the “Binding Operational Directive 22-01” (operational directive for U.S. government systems) published by the Cybersecurity and Infrastructure Security Agency (CISA). For U.S. government systems, it is mandatory to address CVEs that fall under CISA-KEV within the specified period.
CISA issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to evolve our approach to vulnerability management and keep pace with threat activity. The directive establishes a CISA managed catalog of known exploited vulnerabilities and requires federal civilian agencies to identify and remediate these vulnerabilities on their information systems.
This is a document that provides information on serious and wide-ranging vulnerabilities. It is intended for those involved in the construction and operation of terminals and networks related to information and control systems, as well as those involved in CSIRT operations, security-related operations, and researchers.
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
You can check the “Alert Information” item in the vulnerability list. “Alert information (critical)” only applies to vulnerabilities included in CISA-KEV. “Alert information (note)” applies to vulnerabilities in JPCERT/CC-Alerts and US-CERT-Alerts.
The vulnerability details page displays a link to the URL where the information is posted.
In the case of information from JPCERT and US-CERT, CVE-IDs may not be included in the alert articles.
Due to the format of the articles, the detection accuracy for alerts is not yet perfect, and we continue to improve it.