If you want to know how stupid the CVE situation is - CISA are trying to source last minute funding or look at taking CVE management in house, but they themselves have had a massive budget cut where the staff trying to fix it are also at risk of being cut.