There are total of 1053 CVE been added to CISA KEV catalog by end of 2023.
CISA Catalog of Known Exploited Vulnerabilities [ 2023.12.21/1053 ]
Updates#
As of today, there are total of 1051 CVE have overdue, and another 2 will due in Jan 2024.
Highlights:
- The top-5 vendors with highest number of vulnerabilities remain the same (total 169 vendors).
- The top-5 vendors hold 523 (around 50%) of all the 1053 CVE within CISA KEV catalog.
- The top-5 vulnerable products remain the same (total 420 products).
- There are 226 (or 21%) CVE found at the top-5 vulnerable products.
- The mean value increases to 87.75 (was 86.916).
- The top-5 months where distribution of KEV is higher than
meanremain the same (Mar, Apr, May Jun, Nov).
Current State#
| Microsoft | Apple | Cisco | Adobe | others | |
|---|---|---|---|---|---|
| 275 | 70 | 67 | 65 | 51 | 525 |
| Windows | Multiple Products (Apple) | Internet Explorer | Flash Player | Chromium V8 Engine | others |
|---|---|---|---|---|---|
| 108 | 33 | 31 | 29 | 25 | 827 |
mean_val=87.75
| Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 16 | 20 | 120 | 157 | 233 | 146 | 58 | 46 | 47 | 45 | 125 | 40 |