← Cybersecurity Alphabet Soup

KEV

Known Exploited Vulnerabilities

operationsmedium

The KEV catalog, maintained by CISA, lists vulnerabilities that attackers are actively exploiting in the real world. Vulnerability management teams use it to prioritize patching, since a flaw on the KEV list is a proven risk, not a theoretical one. It matters because most CVEs are never exploited, and KEV tells you which ones actually are.

Sources

More in operations