For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains …

Learn about the importance of CISA's Known Exploited Vulnerability (KEV) catalog and how to use it to help build a collective resilience across the cybersecurity community.

A list of Known Exploited Vulnerabilities.

Nov 3, 2021 · As a reminder, the KEV is part of a risk-reduction action for federal civilian executive branch agencies as defined in BOD-22-01 (Binding Operational Directive 22-01 | …

Jul 10, 2025 · CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

Sep 18, 2023 · The KEV should be easy to use – ideally incorporated into tools already being used to prioritize vulnerability management. Federal agencies are able to see their open KEVs …

CISA Mitigation Instructions for CVE-2025-22457 This page contains the mitigation instructions that correspond to the CISA KEV catalog entry CVE-2025-22457 – Ivanti Connect Secure, …

Oct 12, 2023 · Ransomware Vulnerability Warning Pilot updates: Now a One-stop Resource for Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware Known …

5 days ago · CISA has added two new vulnerabilities to its KEV Catalog, based on evidence of active exploitation.

Jun 7, 2022 · CISA has updated the Known Exploited Vulnerabilities (KEV) catalog webpage as well as the FAQs for Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk …