CISA KEV has been released 32 months. Today, there are total of 1126 (+23) CVE been added to CISA KEV catalog.
CISA Catalog of Known Exploited Vulnerabilities [ 2024.06.26/1126 ]
Updates#
As of today, there are total of 1118 CVE have overdue, and another 8 will due in July 2024.
Highlights (within CISA KEV catalog):
- The top-5 vendors with highest number of vulnerabilities remain the same (total 179 vendors).
- The top-5 vendors hold 558 (around 49%) of all the 1126 CVEs.
- The top-5 vulnerable products remain the same (total 463 products).
- There are 242 (or ~21%) CVE found at the top-5 vulnerable products.
- The mean value increases to 93.83 (was 91.92).
- The top-5 months where distribution of KEV is higher than
meanremain the same (Mar, Apr, May Jun, Nov).
Current State#
| Microsoft | Apple | Cisco | Adobe | others | |
|---|---|---|---|---|---|
| 287 | 75 | 71 | 67 | 58 | 568 |
| Windows | Multiple Products (Apple) | Internet Explorer | Chromium V8 | Flash Player | others |
|---|---|---|---|---|---|
| 114 | 38 | 31 | 30 | 29 | 884 |
mean_val=93.83333333333333
| Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 28 | 32 | 132 | 164 | 241 | 160 | 66 | 46 | 47 | 45 | 125 | 40 |