Exploited CVEs – CISA KEV Vulnerability List

Vendors and Products

CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.

Critical vulnerabilities tracked by CISA

Below is the daily-updated list of Known Exploited Vulnerabilities (KEV) published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). These CVEs represent active and high-risk threats, often linked to public exploits or zero-day attacks. For each vulnerability, access technical details, CVSS and EPSS scores, related CWE classifications, affected products (CPE), and recommended mitigations. This vulnerability database is a critical resource for any cyber threat intelligence strategy and attack surface reduction.

Notifications CVE on CISA

Stay informed about CVE with CISA modifications.

Notifications manage


CVE ID	CISA Date?	CISA Description?	Severity	EPSS?

The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.

Actively Exploited CVEs (CISA KEV List)

Critical vulnerabilities tracked by CISA