1. Forum
  2. tqwNet
  3. TQW GENTECH

  • NIST is cataloging so many vulnerabilities it can only assign sev

    From TechnologyDaily@1337:1/100 to All on Monday, April 20, 2026 15:15:41
    NIST is cataloging so many vulnerabilities it can only assign severity scores to the highest priority threats

    Date:
    Mon, 20 Apr 2026 13:59:21 +0000

    Description:
    The volume has almost tripled in five years, forcing NIST to change its MO.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter NIST changes enrichment process for National Vulnerability Database due to surge in CVE submissions 263% increase since 2020; prioritization now given to KEV entries, federal software, and critical software under EO 14028 Other CVEs deemed lowest priority, but users can request enrichment via email if needed The number of reported vulnerabilities has surged so sharply that it forced the National Institute of Standards and Technology (NIST) to change how it enriches each entry.

    Until now, NIST would take a basic CVE record and add structured analysis, to make it more useful in the National Vulnerability Database (NVD). That
    usually includes severity scoring (CVSS), affected products (CPE), weakness classification (CWE), and additional metadata. However, between 2020 and
    2025, there has been a 263% increase in CVE submissions, NIST said, adding that it doesnt expect the trend to let up anytime soon. "Submissions during the first three months of 2026 are nearly one-third higher than the same period last year, it said. Article continues below You may like Forget zero-days - 'N-days' could be the most worrying security threat facing your systems today, here's why Fortinet patches FortiGate Firewall vulnerabilities that allowed hackers to steal enterprise credentials Critical Citrix
    NetScaler flaw gets official patch warning from CISA Prioritizing KEV-listed ones To be able to keep up with rising demand, NIST is setting up certain criteria. Submissions that meet them will be enriched as soon as possible, while those that do not, will have to wait. NIST did not say it would not enrich these lowest priority submissions at all, but if the agency is being flooded with new entries every day, its safe to assume many will never be covered.

    Starting April 15, NIST said it would prioritize CVEs appearing in CISAs
    Known Exploited Vulnerabilities (KEV) catalog, CVEs for software used within the federal government, and CVEs for critical software as defined by
    Executive Order 14028.

    Everything else will be deemed lowest priority, but NIST says it doesnt mean other CVEs wont have a significant impact on affected systems.

    These criteria may not catch every potentially high-impact CVE, it warned. Therefore, users can request enrichment of any lowest priority CVEs by emailing us at nvd@nist.gov. We will review those requests and schedule the CVEs for enrichment as resources allow. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    A full definition of critical software and a description of the new workflow can be found on this page . The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/nist-is-cataloging-so-many-vulnerabilit ies-it-can-only-assign-severity-scores-to-the-highest-priority-threats


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)