Login Sign Up

CISA Known Exploited Vulnerabilities (KEV)

156 vulnerabilities confirmed by CISA to be actively exploited in the wild. These require immediate attention — they are not theoretical risks, attackers are using them right now.

Active Exploitation Confirmed
CISA's BOD 22-01 mandates federal agencies patch these vulnerabilities. All organizations should treat KEV entries as highest priority.
Get KEV Alerts
68
Critical
71
High
17
Medium
0
Low
156
Total KEV
Sort: Date Added CVSS Score EPSS Score
CVE-2025-21333
KEV EPSS 72.9% 7.8

This vulnerability allows a local authenticated attacker to escalate privileges on Windows Hyper-V hosts by exploiting a heap-based buffer overflow in...

Added to KEV: Jan 14, 2025
CVE-2025-21334
KEV EPSS 4.1% 7.8

This vulnerability allows an authenticated attacker with local access to a Windows Hyper-V host to escalate privileges by exploiting a use-after-free ...

Added to KEV: Jan 14, 2025
CVE-2025-21335
KEV EPSS 5.5% 7.8

This vulnerability allows an authenticated attacker with guest VM access to execute arbitrary code with SYSTEM privileges on the Hyper-V host. It affe...

Added to KEV: Jan 14, 2025
CVE-2024-55591
KEV EPSS 94.2% 9.8

This vulnerability allows remote attackers to bypass authentication and gain super-admin privileges on affected Fortinet devices by sending crafted re...

Added to KEV: Jan 14, 2025
CVE-2025-0282
KEV EPSS 94.1% 9.0

A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways allows remote unauthenticated attack...

Added to KEV: Jan 8, 2025
CVE-2023-4911
KEV EPSS 63.6% 7.8

CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. B...

Added to KEV: Nov 21, 2023

What is the CISA KEV Catalog?

The CISA Known Exploited Vulnerabilities (KEV) catalog is a curated list maintained by the Cybersecurity and Infrastructure Security Agency (CISA). Every CVE in this catalog has been confirmed to be actively exploited by threat actors in real-world attacks.

Binding Operational Directive 22-01 requires all US federal agencies to remediate KEV vulnerabilities within specified timeframes. While non-federal organizations are not legally bound, CISA strongly recommends all organizations prioritize KEV entries for immediate patching.

Why KEV matters more than CVSS alone: A vulnerability with a "medium" CVSS score that appears in the KEV catalog is objectively more dangerous than a "critical" CVSS vulnerability that has never been exploited. KEV represents real, confirmed threat activity — not theoretical risk assessments.

Get Instant KEV Alerts

Be the first to know when a CVE affecting your systems gets added to CISA's KEV catalog.

Start Monitoring Free