SARA / Free Tools / KEV Browser

CISA Known Exploited Vulnerabilities — searchable, filterable

Browse every CVE in the CISA KEV catalog. Filter by vendor, product, ransomware use, or BOD 22-01 due date. Updated daily from cisa.gov.

Ransomware-linkedMicrosoftApacheCiscoVMwareLinuxFortinet
CVEVendorProductAddedDueRansom
CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) 2024-03-25 2024-04-15 Ransomware
CVE-2024-4947 Google Chromium V8 2024-05-20 2024-06-10
CVE-2023-43208 NextGen Healthcare Mirth Connect 2024-05-20 2024-06-10 Ransomware
CVE-2024-38112 Microsoft Windows 2024-07-09 2024-07-30
CVE-2024-20399 Cisco NX-OS 2024-07-02 2024-07-23
CVE-2020-13965 Roundcube Webmail 2024-06-26 2024-07-17
CVE-2022-2586 Linux Kernel 2024-06-26 2024-07-17
CVE-2023-29360 Microsoft Streaming Service 2024-02-29 2024-03-21
CVE-2024-1709 ConnectWise ScreenConnect 2024-02-22 2024-02-29 Ransomware
CVE-2020-3259 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) 2024-02-15 2024-03-07 Ransomware
CVE-2024-21887 Ivanti Connect Secure and Policy Secure 2024-01-10 2024-01-22 Ransomware
CVE-2023-23752 Joomla! Joomla! 2024-01-08 2024-01-29
CVE-2023-35082 Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core 2024-01-18 2024-02-08 Ransomware
CVE-2024-0519 Google Chromium V8 2024-01-17 2024-02-07
CVE-2023-6549 Citrix NetScaler ADC and NetScaler Gateway 2024-01-17 2024-02-07
CVE-2021-36380 Sunhillo SureLine 2024-03-05 2024-03-26
CVE-2024-21338 Microsoft Windows 2024-03-04 2024-03-25 Ransomware
CVE-2024-23222 Apple Multiple Products 2024-01-23 2024-02-13
CVE-2023-34048 VMware vCenter Server 2024-01-22 2024-02-12
CVE-2024-21351 Microsoft Windows 2024-02-13 2024-03-05
CVE-2023-43770 Roundcube Webmail 2024-02-12 2024-03-04
CVE-2024-21762 Fortinet FortiOS 2024-02-09 2024-02-16 Ransomware
CVE-2024-21410 Microsoft Exchange Server 2024-02-15 2024-03-07
CVE-2024-21412 Microsoft Windows 2024-02-13 2024-03-05 Ransomware
CVE-2016-20017 D-Link DSL-2750B Devices 2024-01-08 2024-01-29
CVE-2023-41990 Apple Multiple Products 2024-01-08 2024-01-29
CVE-2023-27524 Apache Superset 2024-01-08 2024-01-29
CVE-2023-29357 Microsoft SharePoint Server 2024-01-10 2024-01-31 Ransomware
CVE-2023-46805 Ivanti Connect Secure and Policy Secure 2024-01-10 2024-01-22 Ransomware
CVE-2024-21893 Ivanti Connect Secure, Policy Secure, and Neurons 2024-01-31 2024-02-02 Ransomware
CVE-2023-22527 Atlassian Confluence Data Center and Server 2024-01-24 2024-02-14 Ransomware
CVE-2023-4762 Google Chromium V8 2024-02-06 2024-02-27
CVE-2022-48618 Apple Multiple Products 2024-01-31 2024-02-21
CVE-2023-6548 Citrix NetScaler ADC and NetScaler Gateway 2024-01-17 2024-01-24
CVE-2018-15133 Laravel Laravel Framework 2024-01-16 2024-02-06
CVE-2023-46604 Apache ActiveMQ 2023-11-02 2023-11-23 Ransomware
CVE-2023-46748 F5 BIG-IP Configuration Utility 2023-10-31 2023-11-21
CVE-2023-46747 F5 BIG-IP Configuration Utility 2023-10-31 2023-11-21 Ransomware
CVE-2023-5631 Roundcube Webmail 2023-10-26 2023-11-16
CVE-2023-20273 Cisco Cisco IOS XE Web UI 2023-10-23 2023-10-27
CVE-2023-4966 Citrix NetScaler ADC and NetScaler Gateway 2023-10-18 2023-11-08 Ransomware
CVE-2023-20198 Cisco IOS XE Web UI 2023-10-16 2023-10-20
CVE-2023-21608 Adobe Acrobat and Reader 2023-10-10 2023-10-31
CVE-2023-20109 Cisco IOS and IOS XE 2023-10-10 2023-10-31
CVE-2023-41763 Microsoft Skype for Business 2023-10-10 2023-10-31
CVE-2023-36563 Microsoft WordPad 2023-10-10 2023-10-31
CVE-2023-44487 IETF HTTP/2 2023-10-10 2023-10-31
CVE-2023-22515 Atlassian Confluence Data Center and Server 2023-10-05 2023-10-13 Ransomware
CVE-2023-40044 Progress WS_FTP Server 2023-10-05 2023-10-26 Ransomware
CVE-2023-42824 Apple iOS and iPadOS 2023-10-05 2023-10-26
← Prev Page 11 of 32 · 1592 entries Next →

ReferenceWhat is the CISA KEV catalog?

The Known Exploited Vulnerabilities (KEV) catalog is a CISA-maintained list of CVEs confirmed to be actively exploited in the wild. It is the authoritative answer to "is this vulnerability really being used by attackers?" Unlike EPSS (which is a probability), KEV is a binary, evidence-based signal — if a CVE is on the KEV list, it has been observed in real attacks.

For US federal agencies, BOD 22-01 makes remediation of KEV CVEs mandatory by the listed due date. For everyone else, KEV is the strongest possible "patch this now" signal you can get from public threat intel.

When to useWhen should I use KEV?

Patch prioritization

KEV is your strict "patch this immediately" tier. Anything in KEV outranks any EPSS or CVSS calculation in priority.

Compliance reporting

Federal agencies and federal contractors must show KEV remediation against BOD 22-01. KEV exposure is increasingly a question on cyber-insurance applications and audit checklists.

Tabletop exercises

Run "what if a KEV CVE matched our asset inventory tomorrow?" — most SOCs have never tested that pipeline end-to-end.

Threat-intel feeds

Pipe KEV diffs into your SIEM as a high-priority detection input. Anything new in KEV today should map to your environment within 24 hours.

ComparisonKEV vs EPSS vs CVSS — how do they fit together?

SignalWhat it answersUse
CVSSHow bad is this vulnerability if it is exploited?Severity (theoretical)
EPSSHow likely is this vulnerability to be exploited in the next 30 days?Probability (forecast)
KEVIs this vulnerability already being exploited, with public evidence?Binary (confirmed)

The right priority order, in plain English: anything in KEV is patched first. Among non-KEV items, sort by EPSS percentile descending. Use CVSS as a tiebreaker.

API

Want this in your SOAR or SIEM?

SARA Open ships an OpenAI-compatible API. Call POST /api/v1/analyze — SARA returns EPSS, CVSS, KEV status, and an analyst-grade written summary in one call.

curl -X POST https://sara-open.sirp.io/api/v1/analyze \
  -H "Authorization: Bearer $SARA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type": "cve", "value": "CVE-2021-44228"}'
Read the API reference →

FAQFrequently asked questions

How often does CISA update the KEV catalog?
Whenever new exploitation evidence is confirmed — typically several updates per month, sometimes multiple in a week. This browser refreshes from CISA daily and reflects the most recent ingest.
Is the KEV catalog mandatory for non-federal organizations?
No, but it is widely treated as the de-facto standard for must-patch prioritization, and is increasingly cited by cyber-insurers, auditors, and regulators.
What does ransomware use mean in the KEV catalog?
CISA flags CVEs known to have been exploited in ransomware campaigns. This is the highest-urgency tier for many SOCs and a frequent input to ransomware tabletop exercises.
Can I bulk-export the KEV catalog?
Yes. CISA publishes the full catalog as JSON and CSV directly. SARA's API additionally returns SARA's analyst-written summary alongside each row — useful for triage queues.
Does this browser show every KEV CVE, or just popular ones?
Every entry in the catalog. The full list is searchable here.
What is BOD 22-01?
Binding Operational Directive 22-01, issued by CISA, requires US federal civilian executive-branch agencies to remediate vulnerabilities in the KEV catalog by the listed due date. Most non-federal organizations adopt similar SLAs informally.

Browse related toolsKeep exploring

EPSS Score Lookup

Daily-updated exploit probability for any CVE.

IOC Reputation Checker

Multi-source reputation for IPs, domains, URLs, hashes.

SARA API

Programmatic EPSS + KEV + CVSS + IOC + Sigma + phishing in one call.

Looking for more?

Ask SARA — our AI security analyst — for full CVE context, exploit chains, and detection rules.

Try SARA