cisa.gov · authoritative catalog

Known Exploited
Vulnerabilities

CVEs that the U.S. Cybersecurity and Infrastructure Security Agency confirms are being weaponized in active campaigns. Federal civilian agencies are mandated to remediate by the listed due date.

Total in catalog

—

all confirmed exploited

Ransomware-linked

—

named campaign attribution

Added · last 30d

—

recent additions

Past due

—

remediation deadline missed

$ pulling cisa.gov/known-exploited-vulnerabilities-catalog …

Known ExploitedVulnerabilities

Known Exploited
Vulnerabilities