Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework. How to use the KEV Catalog. The KEV catalog is also available in the following formats: CSV JSON JSON Schema (updated 06-25-2024) License

A detailed list of Known Exploited Vulnerabilities. Available as CSV and JSON files.

Learn about the importance of CISA's Known Exploited Vulnerability (KEV) catalog and how to use it to help build a collective resilience across the

The NVD has added information to its CVE detail pages to identify vulnerabilities appearing in CISA’s Known Exploited Vulnerabilities (KEV) Catalog. CVE appearing in the catalog will now contain a text reference and a hyperlink to the catalog.

This repository is home to the data files that make up the Known Exploited Vulnerabilities (KEV) catalog. The data is originally sourced from https://www.cisa.gov/known-exploited-vulnerabilities-catalog, which is short linked at https://cisa.gov/kev.

VulnCheck KEV adds context to CVEs to enrich your vulnerability intelligence, support faster prioritization, and help you minimize exposures. These include supplementary external links to exploit content and references to publicly-available exploit proof of concept code.

2024年7月1日 · CISA updates the KEV Catalog (also sometimes referred to as the KEV List) on a continuous basis as new threats are identified. In this blog, we’ll cover how CISA decides whether to include new vulnerabilities on the KEV List, explain how new vulnerabilities are added to the Catalog, and provide guidance on using KEV alongside other ...

2025年3月5日 · This webpage houses information on the KEV catalog, a federal “living list” of frequently abused vulnerabilities that are of significant risk to the national enterprise. This includes links to the list itself, criteria for adding vulnerabilities, and information on mitigation, workarounds, and prioritizing threats.

A low-calorie, unofficial mock-up for a compact KEV viewer. It's hosted at https://todb.github.io/kev-lite. Features include: A basic table view for one-line summaries of vulnerabilities; Expandable Details sections for each vulnerability; Filtering across CVE IDs and vulnerability names; A single page deployment that reads a local copy of the ...

2025年2月28日 · GreyNoise's annual Mass Internet Exploitation Report revealed this week that 28 percent of the bugs logged in CISA's Known Exploited Vulnerability (KEV) catalog were also used by ransomware criminals in 2024.