CISA KEV has been released 30 months. Today, there are total of 1103 (+20) CVE been added to CISA KEV catalog.
CISA Catalog of Known Exploited Vulnerabilities [ 2024.04.30/1103 ]
Updates#
As of today, there are total of 1099 CVE have overdue, and another 4 will due in May 2024.
Highlights (within CISA KEV catalog):
- The top-5 vendors with highest number of vulnerabilities remain the same (total 174 vendors).
- The top-5 vendors hold 551 (around 50%) of all the 1103 CVE.
- The top-5 vulnerable products remain the same (total 453 products).
- There are 253 (or ~27%) CVE found at the top-5 vulnerable products.
- The mean value increases to 91.91 (was 90.25).
- The top-5 months where distribution of KEV is higher than
meanremain the same (Mar, Apr, May Jun, Nov).
Current State#
| Microsoft | Apple | Cisco | Adobe | others | |
|---|---|---|---|---|---|
| 284 | 75 | 71 | 67 | 54 | 552 |
| Windows | Multiple Products (Apple) | Internet Explorer | Flash Player | Chromium V8 | others |
|---|---|---|---|---|---|
| 112 | 38 | 31 | 29 | 28 | 865 |
mean_val=91.91666666666667
| Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 28 | 32 | 132 | 164 | 240 | 146 | 58 | 46 | 47 | 45 | 125 | 40 |