CISA KEV has been released 34 months. Today, there are total of 1159 (+33) CVE been added to CISA KEV catalog.
CISA Catalog of Known Exploited Vulnerabilities [ 2024.08.28/1159 ]
Updates#
As of today, there are total of 1143 CVE have overdue, and another 16 will due in Sep 2024.
Highlights (within CISA KEV catalog):
- The top-5 vendors with highest number of vulnerabilities remain the same (total 184 vendors).
- The top-5 vendors hold 573 (around 49%) of all the 1159 CVEs.
- The top-5 vulnerable products remain the same (total 475 products).
- There are 252 (or ~22%) CVE found at the top-5 vulnerable products.
- One difference is, Chromium V8 (32) has overtook Internet Explorer (32) as the third position in top-vulnerable products.
- The mean value increases to 96.58 (was 93.83).
- The top-5 months where distribution of KEV is higher than
meanremain the same (Mar, Apr, May Jun, Nov).
Current State#
| Microsoft | Apple | Cisco | Adobe | others | |
|---|---|---|---|---|---|
| 298 | 75 | 72 | 68 | 60 | 586 |
| Windows | Multiple Products (Apple) | Chromium V8 | Internet Explorer | Flash Player | others |
|---|---|---|---|---|---|
| 121 | 38 | 32 | 32 | 29 | 907 |
mean_val=96.58333333333333
| Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 28 | 32 | 132 | 164 | 241 | 160 | 70 | 59 | 63 | 45 | 125 | 40 |