information about vulnerabilities being exploited #32
Description
Proposed New Idea/Feature (required)
The general public would benefit from a bottom line up front notice that the vulnerability they are looking at is known to be exploited. The method that NIST uses in their NVD is including a section titled "This CVE is in CISA's Known Exploited Vulnerabilities Catalog" and including a shortened name for the vulnerability e.g. Vendor/Product Remote Code Execution Vulnerability, the date that it was added to the KEV Catalog, and the Remediation Action. Currently, cve.org doesn't display any of that information, while CISA-ADP fills in the gaps. CISA-ADP's own entry is not intuitive (even to someone who checks CVEs regularly) and could be improved by including the blog post announcing the addition of the CVE to the KEV Catalog, besides the json file. Example: https://www.cisa.gov/news-events/alerts/2024/12/17/cisa-adds-one-known-exploited-vulnerability-catalog
Additional Notes (Optional)
N/A