KEV Compare

Compare Known Exploited Vulnerabilities catalogs across publishers (CISA, ENISA, CIRCL, and future sources). Explore overlap, unique coverage, and who listed a vulnerability first.

Unique vulns (union)
1,637
Sources
3
Avg sources/vuln
1.03
Top overlap
CISA & ENISA28 (1.7%)

KEVs added (cumulative)

3 sources
Loading chart...

Coverage overview

CISA
1,630
1,592
Excl: 1,592 Shared: 38
ENISA
32
Excl: 4 Shared: 28
CIRCL
16
Excl: 3 Shared: 13

KEV catalogs tracked by CveMate

3 catalogs
CatalogPublisherKEVsAvg/moExclusiveSharedSinceScope
CISA
Cybersecurity and Infrastructure Security Agency (US)1,63029.111,592382021-11-03US federal / global
ENISA
European Union Agency for Cybersecurity (EU)32428EU member states
CIRCL
Computer Incident Response Center Luxembourg160.893132025-01-01EU / international
Union (all catalogs) 1,637
Avg/mo: average new KEVs per month. Exclusive: listed by that source only. Shared: also in at least one other source.

Pairwise overlap

Coverage
CISAvsENISA
28
1.7%
CISA:1.7%
ENISA:87.5%
CIRCLvsCISA
13
0.8%
CIRCL:81.3%
CISA:0.8%
CIRCL:1
CISA:8
Tie:4
CIRCLvsENISA
3
6.7%
CIRCL:18.8%
ENISA:9.4%
Jaccard: shared / (A + B - shared) (similarity).
Coverage: % of source's KEVs that are shared with the other.
Listed first: among shared CVEs, how many each source listed before the other.

Latest 50 vulnerabilities added to KEV catalogs

1,637 total
Vuln IDSeverityVendor / ProductFixCVE PublishedKEV SourcesKEV Added
CVE-2026-4855810 CRITICALsimplehelp/simplehelp2026-06-12
CISA
2026-06-29
CVE-2026-125699.3 CRITICALptc/flexplm2026-06-18
CISA
2026-06-25
CVE-2026-202308.6 HIGHcisco/cisco unified communications manager2026-06-03
CISA
2026-06-25
CVE-2026-202457.8 HIGHCisco/Catalyst SD-WAN Manager2026-06-04
CIRCL
CISA
2026-06-09
CVE-2026-3490910 CRITICALubiquiti inc/efg2026-05-22
CISA
2026-06-23
CVE-2025-670389.8 CRITICALlantronix/eds5008_firmware2026-03-11
CISA
2026-06-23
CVE-2026-3491010 CRITICALubiquiti inc/efg2026-05-22
CISA
2026-06-23
CVE-2026-3490810 CRITICALubiquiti inc/efg2026-05-22
CISA
2026-06-23
CVE-2026-398139.8 CRITICALfortinet/fortisandbox2026-04-14
CIRCL
2026-06-22
CVE-2026-202539.8 CRITICALsplunk/splunk2026-06-10
CISA
2026-06-18
CVE-2026-4890710 CRITICALjoomlacontenteditor.net/joomla content editor (jce) extension for joomla2026-06-05
CISA
2026-06-16
CVE-2026-544208.5 HIGHlitespeed technologies/cpanel plugin2026-06-14
CISA
2026-06-15
CVE-2026-202626.5 MEDIUMCisco/Catalyst SD-WAN Manager2026-06-15
CISA
2026-06-15
CVE-2026-352739.8 CRITICALoracle corporation/peoplesoft enterprise peopletools2026-06-11
CISA
2026-06-12
CVE-2026-1052010 CRITICALivanti/standalone_sentry2026-06-09
CIRCL
CISA
2026-06-11
CVE-2026-74736.9 MEDIUMarista networks/eos2026-06-05
CISA
2026-06-09
CVE-2026-116458.8 HIGHgoogle/chrome2026-06-08
CISA
2026-06-09
CVE-2026-422718.8 HIGHberriai/litellm2026-05-08
CISA
2026-06-08
CVE-2026-507519.3 CRITICALcheckpoint/gaia_embedded2026-06-08
CIRCL
CISA
2026-06-08
CVE-2026-283187.5 HIGHSolarWinds/Serv-U2026-06-04
CISA
2026-06-05
CVE-2026-452479.8 CRITICALmirasvit/full_page_cache_warmer2026-05-26
CISA
2026-06-03
CVE-2022-04927.8 HIGHcanonical/ubuntu_linux2022-03-03
CISA
2026-06-02
CVE-2025-485958.4 HIGHgoogle/android2026-06-01
CISA
2026-06-02
CVE-2024-211827.5 HIGHoracle corporation/weblogic server2024-07-16
CISA
2026-06-01
CVE-2026-02579.1 CRITICALPalo Alto Networks/PAN-OS2026-05-13
CISA
2026-05-29
CVE-2026-453219.6 CRITICALabhishake1/supersurkhet\/cli2026-05-12
CISA
2026-05-27
CVE-2026-83989.8 CRITICALavb disc soft/daemon tools lite2026-05-15
CISA
2026-05-27
CVE-2026-480279.8 CRITICALnrwl/nx-console2026-05-27
CISA
2026-05-27
CVE-2026-4817210 CRITICALlitespeed technologies/cpanel plugin2026-05-21
CISA
2026-05-26
CVE-2026-90829.8 CRITICALdrupal/drupal2026-05-20
CISA
2026-05-22
CVE-2026-349266.7 MEDIUMtrend micro, inc./trendai apex one2026-05-21
CISA
2026-05-21
CVE-2025-342919.4 CRITICALLangflow/Langflow2025-12-05
CISA
2026-05-21
CVE-2010-02499.3 HIGHMicrosoft/Internet Explorer2010-01-15
CISA
2026-05-20
CVE-2009-15379.3 HIGHMicrosoft/DirectX2009-05-29
CISA
2026-05-20
CVE-2026-410917.8 HIGHMicrosoft/Malware Protection Engine2026-05-20
CISA
2026-05-20
CVE-2026-454987.5 HIGHmicrosoft/defender_antimalware_platform2026-05-20
CISA
2026-05-20
CVE-2010-08069.3 HIGHMicrosoft/Internet Explorer2010-03-10
CISA
2026-05-20
CVE-2008-425010 HIGHmicrosoft/windows_20002008-10-23
CISA
2026-05-20
CVE-2009-34599.3 HIGHAdobe/Acrobat2009-10-13
CISA
2026-05-20
CVE-2026-428978.1 HIGHMicrosoft/Exchange Server2026-05-14
CISA
2026-05-15
CVE-2026-2018210 CRITICALCisco/Catalyst SD-WAN Manager2026-05-14
CISA
2026-05-14
CVE-2026-422089.8 CRITICALberriai/litellm2026-05-08
CISA
2026-05-08
CVE-2026-69737.2 HIGHivanti/endpoint_manager_mobile2026-05-07
CISA
2026-05-07
CVE-2026-03009.8 CRITICALPalo Alto Networks/PAN-OS2026-05-06
CISA
2026-05-06
CVE-2026-314317.8 HIGHamazon/amazon_linux2026-04-22
CIRCL
CISA
2026-05-01
CVE-2026-419409.8 CRITICALcpanel, l.l.c./cpanel & whm2026-04-29
ENISA
CISA
2026-04-30
CVE-2024-17088.4 HIGHConnectWise/ScreenConnect2024-02-21
CISA
2026-04-28
CVE-2026-322024.3 MEDIUMmicrosoft/windows_10_16072026-04-14
CISA
2026-04-28
CVE-2024-577287.2 HIGHsimple-help/simplehelp2025-01-15
CISA
2026-04-24
CVE-2025-296357.2 HIGHdlink/dir-823x_firmware2025-03-25
CISA
2026-04-24

What are Known Exploited Vulnerabilities (KEV) catalogs?

Known Exploited Vulnerabilities (KEV) catalogs are curated lists of CVEs that have been observed being actively exploited in the wild. Unlike the full NVD database, which contains over 250,000 vulnerabilities, KEV catalogs focus exclusively on threats that pose a real, demonstrated risk to organizations. This makes them essential for vulnerability prioritization and patch management.

Who publishes KEV catalogs?

Several organizations maintain their own KEV catalogs, each with different criteria, geographic focus, and update cadence:

  • CISA (Cybersecurity and Infrastructure Security Agency) — the original and most widely adopted KEV catalog, mandated for US federal agencies under BOD 22-01.
  • ENISA (European Union Agency for Cybersecurity) — the EU equivalent, contributing a European perspective on actively exploited vulnerabilities.
  • CIRCL (Computer Incident Response Center Luxembourg) — a CERT-based catalog with a focus on European and international threat intelligence.

Why compare KEV catalogs?

No single catalog captures every actively exploited vulnerability. Each publisher has different intelligence sources, geographic priorities, and inclusion criteria. By comparing catalogs side-by-side, security teams can identify coverage gaps, discover which source lists a CVE first, and build a more comprehensive view of the threat landscape. The overlap analysis (Jaccard similarity and pairwise coverage) quantifies how much agreement exists between publishers, while the "listed first" metric reveals which source tends to react fastest to emerging threats.

How is this data computed?

CveMate aggregates KEV entries from all supported publishers into a unified graph database. Each vulnerability is linked to every catalog that lists it, along with the date it was added. Statistics such as exclusive counts, overlap intersections, Jaccard similarity scores, and first-lister analysis are computed in real time from this unified dataset. The cumulative chart tracks how each catalog has grown over time, providing a historical view of their respective coverage trajectories.