Glossary · Vulnerability Management

CISA KEV

Also known as: Known Exploited Vulnerabilities

CISA's Known Exploited Vulnerabilities catalog — CVEs confirmed to be exploited in the wild.

The CISA Known Exploited Vulnerabilities (KEV) catalog is a curated list of CVEs with confirmed in-the-wild exploitation. It is a strong prioritisation signal: any KEV entry that maps to a deployed component should escalate immediately into the cybersecurity-incident workflow.

Related terms

CVE
Common Vulnerabilities and Exposures — public identifier for a disclosed security flaw.
EPSS
Exploit Prediction Scoring System — probabilistic likelihood that a CVE will be exploited.

Need help applying CISA KEV on a programme? Use the contact form or request a KAVACH demo.

CISA KEV

CVE

EPSS