For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative …

Jul 28, 2025 · CISA has added three new vulnerabilities to its KEV Catalog, based on evidence of active exploitation.

Jan 14, 2020 · An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: CryptoAPI spoofing vulnerability – CVE-2020-0601: This vulnerability affects all …

Nov 12, 2024 · Technical Details Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber …

Aug 20, 2021 · This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and …

Aug 3, 2023 · Additional Routinely Exploited Vulnerabilities In addition to the 12 vulnerabilities listed in Table 1, the authoring agencies identified vulnerabilities—listed in Table 2—that were also routinely …

Learn about the importance of CISA's Known Exploited Vulnerability (KEV) catalog and how to use it to help build a collective resilience across the cybersecurity community.

Jul 10, 2025 · CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

Jul 10, 2024 · Malicious Actors Use OS Command Injection Vulnerabilities to Compromise Systems Operating system (OS) command injection vulnerabilities are a preventable class of vulnerability in …

6 days ago · Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common …