In cybersecurity, speed and focus win. Thousands of new CVEs (Common Vulnerabilities and Exposures) appear each year, but only a subset are actively used by attackers. Known Exploited Vulnerabilities (KEV) are those confirmed to be exploited in the wild. Treating KEVs as your top priority can dramatically cut real-world risk, streamline patching, and strengthen resilience.

KEV, defined

KEV refers to software vulnerabilities that have crossed a critical threshold: there’s credible evidence adversaries are using them right now. Unlike theoretical issues or lab-only proofs of concept, KEVs are tied to active campaigns—ransomware, data theft, initial access for lateral movement, and more. That’s why KEVs deserve immediate attention over generic “critical” items that may not be weaponized.

What is the CISA KEV Catalog?

The Cybersecurity and Infrastructure Security Agency (CISA) maintains the Known Exploited Vulnerabilities (KEV) Catalog—a curated, regularly updated list of CVEs confirmed to be exploited. For defenders, it’s a signal-rich feed that answers a practical question: Which vulnerabilities are attackers actually using right now?

Security teams use the KEV Catalog to: