CISA KEV has been released 28 months. Today, there are total of 1083 CVE been added to CISA KEV catalog.
CISA Catalog of Known Exploited Vulnerabilities [ 2024.02.29/1083 ]
Updates#
As of today, there are total of 1078 CVE have overdue, and another 5 will due in March 2024.
Highlights (within CISA KEV catalog):
- The top-5 vendors with highest number of vulnerabilities remain the same (total 171 vendors).
- The top-5 vendors hold 543 (around 50%) of all the 1083 CVE.
- The top-5 vulnerable products remain the same (total 456 products).
- There are 234 (or 21%) CVE found at the top-5 vulnerable products.
- The mean value increases to 90.25 (was 87.75).
- The top-5 months where distribution of KEV is higher than
meanremain the same (Mar, Apr, May Jun, Nov).
Current State#
| Microsoft | Apple | Cisco | Adobe | others | |
|---|---|---|---|---|---|
| 280 | 73 | 69 | 67 | 54 | 540 |
| Windows | Multiple Products (Apple) | Internet Explorer | Flash Player | Chromium V8 | others |
|---|---|---|---|---|---|
| 110 | 36 | 31 | 29 | 28 | 849 |
mean_val=90.25
| Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 28 | 32 | 126 | 157 | 233 | 146 | 58 | 46 | 47 | 45 | 125 | 40 |