Skip to content

Security Alerts and Advisories#

National CERTs, such as CISA and JPCERT/CC, publish advisories about particularly dangerous vulnerabilities. Additionally, VulnCheck, a vulnerability intelligence organization, also publishes advisories on dangerous vulnerabilities.

In FutureVuls, you can check this information on the Vulnerability List and Vulnerability Details pages.

KEV Information#

KEV (Known Exploited Vulnerabilities) refers to vulnerabilities with publicly available exploit code that have been actively exploited in the wild, posing a critical risk. FutureVuls incorporates KEV information from CISA KEV, VulnCheck KEV, and ENISA KEV.

CISA KEV#

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published "Binding Operational Directive 22-01," an operational directive for U.S. federal government systems. This directive includes the "Known Exploited Vulnerabilities Catalog" (hereafter, CISA KEV), which compiles KEV information. For U.S. federal systems, it is mandatory to remediate CVEs listed in the CISA KEV within a specified timeframe (CISA KEV).

CISA issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to evolve our approach to vulnerability management and keep pace with threat activity. The directive establishes a CISA managed catalog of known exploited vulnerabilities and requires federal civilian agencies to identify and remediate these vulnerabilities on their information systems.

VulnCheck KEV#

VulnCheck KEV aims to publish KEV information faster and with broader coverage than the CISA KEV. A login is required to view detailed information on VulnCheck KEV (VulnCheck).

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

ENISA KEV#

ENISA KEV is KEV information about vulnerabilities actually exploited in the EU, published by ENISA (EU Agency for Cybersecurity), an EU agency. It is treated as threat information equivalent to CISA KEV / VulnCheck KEV, and applicable vulnerabilities are subject to the Important Filter and red highlighting in security alerts (enisaeu/CNW (eukev.json)).

Security Advisories#

JPCERT/CC-Alerts#

These are documents intended to provide information on severe and wide-ranging vulnerabilities. They are intended for personnel, engineers, and researchers involved in the construction and operational management of information and control systems, terminals, and networks, as well as those engaged in internal CSIRT and other security-related duties (JPCERT/CC).

CISA-Alerts#

These are alerts issued by CISA in the United States. The former US-CERT Alerts have been integrated into CISA-Alerts.

CISA-Alerts

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

Confirmation on the UI#

Checking from the Vulnerability List#

alert-level

You can view this information in the "Security Alert" column of the vulnerability list.

  • Exploited in ransomware campaigns : Applies to vulnerabilities identified in CISA KEV or VulnCheck KEV as being exploited by ransomware.
  • Critical : Applies to vulnerabilities included in CISA KEV, VulnCheck KEV, or ENISA KEV (excluding those flagged as exploited by ransomware).
  • Warning: Applies to advisories from JPCERT/CC-Alerts and CISA-Alerts.

Checking from Vulnerability Details#

Various security alerts and advisories are listed. Links to the original publications are provided. Alerts from CISA KEV, VulnCheck KEV, and ENISA KEV are highlighted in red. If a vulnerability is known to be exploited in ransomware campaigns, a hacker icon and the "Exploited in ransomware campaigns" label will be displayed next to the respective alert.

If VulnCheck KEV has exploit information available, links are displayed.

  • VulnCheck ReportedExploits : Information and reports on actual exploit activity.
  • VulnCheck XDB : Information on the PoC code used for exploits.

Vulnerability Details - Alert Info

Advisory Detection Accuracy#

Some advisories from JPCERT/CC and CISA may not contain CVE-IDs.

Due to the format of these articles, advisory detection accuracy is not yet complete, and we are continuously working to improve it.