SARA / Free Tools / KEV Browser

CISA Known Exploited Vulnerabilities — searchable, filterable

Browse every CVE in the CISA KEV catalog. Filter by vendor, product, ransomware use, or BOD 22-01 due date. Updated daily from cisa.gov.

Ransomware-linkedMicrosoftApacheCiscoVMwareLinuxFortinet
CVEVendorProductAddedDueRansom
CVE-2026-1603 Ivanti Endpoint Manager (EPM) 2026-03-09 2026-03-23
CVE-2026-3909 Google Skia 2026-03-13 2026-03-27
CVE-2025-68613 n8n n8n 2026-03-11 2026-03-25
CVE-2021-22054 Omnissa Workspace One UEM 2026-03-09 2026-03-23
CVE-2008-0015 Microsoft Windows 2026-02-17 2026-03-10
CVE-2026-2441 Google Chromium 2026-02-17 2026-03-10
CVE-2026-1731 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) 2026-02-13 2026-02-16 Ransomware
CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) 2026-03-18 2026-04-01
CVE-2026-20963 Microsoft SharePoint 2026-03-18 2026-03-21
CVE-2025-47813 Wing FTP Server Wing FTP Server 2026-03-16 2026-03-30
CVE-2026-3910 Google Chromium V8 2026-03-13 2026-03-27
CVE-2021-22175 GitLab GitLab 2026-02-18 2026-03-11
CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) 2026-02-18 2026-02-21
CVE-2021-30952 Apple Multiple Products 2026-03-05 2026-03-26
CVE-2023-41974 Apple iOS and iPadOS 2026-03-05 2026-03-26
CVE-2026-25108 Soliton Systems K.K FileZen 2026-02-24 2026-03-17
CVE-2025-49113 Roundcube Webmail 2026-02-20 2026-03-13
CVE-2025-68461 Roundcube Webmail 2026-02-20 2026-03-13
CVE-2022-20775 Cisco SD-WAN 2026-02-25 2026-02-27
CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager 2026-02-25 2026-02-27
CVE-2020-7796 Synacor Zimbra Collaboration Suite 2026-02-17 2026-03-10
CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware 2026-02-17 2026-03-10
CVE-2026-22719 Broadcom VMware Aria Operations 2026-03-03 2026-03-24
CVE-2026-21385 Qualcomm Multiple Chipsets 2026-03-03 2026-03-24
CVE-2025-64328 Sangoma FreePBX 2026-02-03 2026-02-24
CVE-2019-19006 Sangoma FreePBX 2026-02-03 2026-02-24
CVE-2025-40551 SolarWinds Web Help Desk 2026-02-03 2026-02-06
CVE-2026-1281 Ivanti Endpoint Manager Mobile (EPMM) 2026-01-29 2026-02-01
CVE-2026-24858 Fortinet Multiple Products 2026-01-27 2026-01-30
CVE-2018-14634 Linux Kernel 2026-01-26 2026-02-16
CVE-2025-52691 SmarterTools SmarterMail 2026-01-26 2026-02-16 Ransomware
CVE-2026-23760 SmarterTools SmarterMail 2026-01-26 2026-02-16 Ransomware
CVE-2026-24061 GNU InetUtils 2026-01-26 2026-02-16
CVE-2026-21509 Microsoft Office 2026-01-26 2026-02-16
CVE-2024-37079 Broadcom VMware vCenter Server 2026-01-23 2026-02-13
CVE-2025-68645 Synacor Zimbra Collaboration Suite (ZCS) 2026-01-22 2026-02-12
CVE-2025-34026 Versa Concerto 2026-01-22 2026-02-12
CVE-2025-31125 Vite Vitejs 2026-01-22 2026-02-12
CVE-2025-54313 Prettier eslint-config-prettier 2026-01-22 2026-02-12
CVE-2026-20045 Cisco Unified Communications Manager 2026-01-21 2026-02-11
CVE-2026-20805 Microsoft Windows 2026-01-13 2026-02-03
CVE-2025-8110 Gogs Gogs 2026-01-12 2026-02-02
CVE-2009-0556 Microsoft Office 2026-01-07 2026-01-28
CVE-2025-37164 Hewlett Packard Enterprise (HPE) OneView 2026-01-07 2026-01-28
CVE-2025-14847 MongoDB MongoDB and MongoDB Server 2025-12-29 2026-01-19
CVE-2023-52163 Digiever DS-2105 Pro 2025-12-22 2026-01-12
CVE-2025-14733 WatchGuard Firebox 2025-12-19 2025-12-26
CVE-2025-59374 ASUS Live Update 2025-12-17 2026-01-07
CVE-2025-40602 SonicWall SMA1000 appliance 2025-12-17 2025-12-24
CVE-2025-20393 Cisco Multiple Products 2025-12-17 2025-12-24
← Prev Page 2 of 32 · 1592 entries Next →

ReferenceWhat is the CISA KEV catalog?

The Known Exploited Vulnerabilities (KEV) catalog is a CISA-maintained list of CVEs confirmed to be actively exploited in the wild. It is the authoritative answer to "is this vulnerability really being used by attackers?" Unlike EPSS (which is a probability), KEV is a binary, evidence-based signal — if a CVE is on the KEV list, it has been observed in real attacks.

For US federal agencies, BOD 22-01 makes remediation of KEV CVEs mandatory by the listed due date. For everyone else, KEV is the strongest possible "patch this now" signal you can get from public threat intel.

When to useWhen should I use KEV?

Patch prioritization

KEV is your strict "patch this immediately" tier. Anything in KEV outranks any EPSS or CVSS calculation in priority.

Compliance reporting

Federal agencies and federal contractors must show KEV remediation against BOD 22-01. KEV exposure is increasingly a question on cyber-insurance applications and audit checklists.

Tabletop exercises

Run "what if a KEV CVE matched our asset inventory tomorrow?" — most SOCs have never tested that pipeline end-to-end.

Threat-intel feeds

Pipe KEV diffs into your SIEM as a high-priority detection input. Anything new in KEV today should map to your environment within 24 hours.

ComparisonKEV vs EPSS vs CVSS — how do they fit together?

SignalWhat it answersUse
CVSSHow bad is this vulnerability if it is exploited?Severity (theoretical)
EPSSHow likely is this vulnerability to be exploited in the next 30 days?Probability (forecast)
KEVIs this vulnerability already being exploited, with public evidence?Binary (confirmed)

The right priority order, in plain English: anything in KEV is patched first. Among non-KEV items, sort by EPSS percentile descending. Use CVSS as a tiebreaker.

API

Want this in your SOAR or SIEM?

SARA Open ships an OpenAI-compatible API. Call POST /api/v1/analyze — SARA returns EPSS, CVSS, KEV status, and an analyst-grade written summary in one call.

curl -X POST https://sara-open.sirp.io/api/v1/analyze \
  -H "Authorization: Bearer $SARA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type": "cve", "value": "CVE-2021-44228"}'
Read the API reference →

FAQFrequently asked questions

How often does CISA update the KEV catalog?
Whenever new exploitation evidence is confirmed — typically several updates per month, sometimes multiple in a week. This browser refreshes from CISA daily and reflects the most recent ingest.
Is the KEV catalog mandatory for non-federal organizations?
No, but it is widely treated as the de-facto standard for must-patch prioritization, and is increasingly cited by cyber-insurers, auditors, and regulators.
What does ransomware use mean in the KEV catalog?
CISA flags CVEs known to have been exploited in ransomware campaigns. This is the highest-urgency tier for many SOCs and a frequent input to ransomware tabletop exercises.
Can I bulk-export the KEV catalog?
Yes. CISA publishes the full catalog as JSON and CSV directly. SARA's API additionally returns SARA's analyst-written summary alongside each row — useful for triage queues.
Does this browser show every KEV CVE, or just popular ones?
Every entry in the catalog. The full list is searchable here.
What is BOD 22-01?
Binding Operational Directive 22-01, issued by CISA, requires US federal civilian executive-branch agencies to remediate vulnerabilities in the KEV catalog by the listed due date. Most non-federal organizations adopt similar SLAs informally.

Browse related toolsKeep exploring

EPSS Score Lookup

Daily-updated exploit probability for any CVE.

IOC Reputation Checker

Multi-source reputation for IPs, domains, URLs, hashes.

SARA API

Programmatic EPSS + KEV + CVSS + IOC + Sigma + phishing in one call.

Looking for more?

Ask SARA — our AI security analyst — for full CVE context, exploit chains, and detection rules.

Try SARA