|
- Known Exploited Vulnerabilities Catalog - CISA
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework How to use the KEV
- 2023 Top Routinely Exploited Vulnerabilities - CISA
Technical Details Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of
- Critical Vulnerabilities in Microsoft Windows Operating Systems
An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: CryptoAPI spoofing vulnerability – CVE-2020-0601: This vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019
- Reducing the Significant Risk of Known Exploited Vulnerabilities
Learn about the importance of CISA's Known Exploited Vulnerability (KEV) catalog and how to use it to help build a collective resilience across the cybersecurity community
- CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell . . .
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation See CISA’s Alert Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) for more information and to apply the recommended mitigations
- 2023 Top Routinely Exploited Vulnerabilities - CISA
Top Routinely Exploited Vulnerabilities Listed in Table 1 are the top 15 vulnerabilities the authoring agencies observed malicious cyber actors routinely exploiting in 2023 with details also discussed below
- CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation CVE-2025-58034
- 2021 Top Routinely Exploited Vulnerabilities - CISA
These vulnerabilities include multiple vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure Three of these vulnerabilities were also routinely exploited in 2020: CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882
|
|
|