KEV Compare

Compare Known Exploited Vulnerabilities catalogs across publishers (CISA, ENISA, CIRCL, and future sources). Explore overlap, unique coverage, and who listed a vulnerability first.

Unique vulns (union)

1,565

Sources

Avg sources/vuln

1.02

Top overlap

CISA & ENISA18 (1.2%)

KEVs added (cumulative)

3 sources

Loading chart...

Coverage overview

CISA

1,558

1,533

Excl: 1,533 Shared: 25

ENISA

Excl: 4 Shared: 19

CIRCL

Excl: 2 Shared: 9

KEV catalogs tracked by CveMate

3 catalogs

Catalog	Publisher	KEVs	Avg/mo	Exclusive	Shared	Since	Scope
CISA	Cybersecurity and Infrastructure Security Agency (US)	1,558	28.85	1,533	25	2021-11-03	US federal / global
ENISA	European Union Agency for Cybersecurity (EU)	23	1.77	4	19	2025-01-17	EU member states
CIRCL	Computer Incident Response Center Luxembourg	11	0.69	2	9	2025-01-01	EU / international
Union (all catalogs)		1,565

Avg/mo: average new KEVs per month. Exclusive: listed by that source only. Shared: also in at least one other source.

Pairwise overlap

			Coverage
CISAvsENISA	18	1.2%	CISA:1.2% ENISA:78.3%	CISA:17 ENISA:0 Tie:1
CIRCLvsCISA	8	0.5%	CIRCL:72.7% CISA:0.5%	CIRCL:0 CISA:5 Tie:3
CIRCLvsENISA	2	6.3%	CIRCL:18.2% ENISA:8.7%	CIRCL:0 ENISA:2

Jaccard: shared / (A + B - shared) (similarity).

Coverage: % of source's KEVs that are shared with the other.

Listed first: among shared CVEs, how many each source listed before the other.

Latest 50 vulnerabilities added to KEV catalogs

1,565 total

Vuln ID	Severity	Vendor / Product	Fix	CVE Published	KEV Sources	KEV Added
CVE-2026-35616	9.8 CRITICAL	fortinet/forticlientems	—	2026-04-04	CISA CIRCL	2026-04-06
CVE-2026-3502	7.8 HIGH	trueconf/trueconf	—	2026-03-30	CISA	2026-04-02
CVE-2026-5281	8.8 HIGH	Google/Chrome	—	2026-04-01	CISA	2026-04-01
CVE-2026-3055	9.8 CRITICAL	citrix/netscaler_application_delivery_controller	—	2026-03-23	CISA	2026-03-30
CVE-2025-53521	9.8 CRITICAL	F5/BIG-IP	—	2025-10-15	CISA	2026-03-27
CVE-2026-33634	9.4 CRITICAL	aquasec/setup-trivy	—	2026-03-23	CISA	2026-03-26
CVE-2026-33017	9.8 CRITICAL	langflow-ai/langflow	—	2026-03-20	CISA	2026-03-25
CVE-2025-31277	8.8 HIGH	Apple/iOS and iPadOS	—	2025-07-29	CISA	2026-03-20
CVE-2025-43510	7.8 HIGH	Apple/iOS and iPadOS	—	2025-12-12	CISA	2026-03-20
CVE-2025-32432	10 CRITICAL	craftcms/cms	—	2025-04-25	CISA	2026-03-20
CVE-2025-54068	9.8 CRITICAL	Laravel/Livewire	—	2025-07-17	CISA	2026-03-20
CVE-2025-43520	5.5 MEDIUM	Apple/iOS and iPadOS	—	2025-12-12	CISA	2026-03-20
CVE-2026-20131	10 CRITICAL	cisco/cisco secure firewall management center (fmc)	—	2026-03-04	CISA	2026-03-19
CVE-2026-20963	9.8 CRITICAL	microsoft/microsoft sharepoint enterprise server 2016	—	2026-01-13	CISA	2026-03-18
CVE-2025-66376	7.2 HIGH	Synacor/Zimbra Collaboration Suite	—	2026-01-05	CISA	2026-03-18
CVE-2025-47813	4.3 MEDIUM	wftpserver/wing ftp server	—	2025-07-10	CISA	2026-03-16
CVE-2026-3909	8.8 HIGH	Google/Chrome	—	2026-03-12	CISA	2026-03-13
CVE-2026-3910	8.8 HIGH	Google/Chrome	—	2026-03-12	CISA	2026-03-13
CVE-2021-35394	10 HIGH	realtek/rtl819x_jungle_software_development_kit	—	2021-08-16	CIRCL CISA	2021-12-10
CVE-2024-13030	9.8 CRITICAL	d-link/dir-823g	—	2024-12-30	CIRCL	2026-03-12
CVE-2014-8361	10 HIGH	aterm/w1200ex_firmware	—	2015-05-01	CIRCL CISA	2023-09-18
CVE-2017-17215	8.8 HIGH	huawei technologies co., ltd./hg532	—	2018-03-20	CIRCL	2026-03-12
CVE-2025-68613	10 CRITICAL	n8n-io/n8n	—	2025-12-19	CISA	2026-03-11
CVE-2026-1603	8.6 HIGH	ivanti/endpoint_manager	—	2026-02-10	CISA	2026-03-09
CVE-2021-22054	7.5 HIGH	vmware/workspace_one_uem_console	—	2021-12-17	CISA	2026-03-09
CVE-2025-26399	9.8 CRITICAL	SolarWinds/Web Help Desk	—	2025-09-23	CISA	2026-03-09
CVE-2023-41974	7.8 HIGH	Apple/iOS and iPadOS	—	2024-01-10	CISA	2026-03-05
CVE-2023-43000	8.8 HIGH	Apple/iOS and iPadOS	—	2025-11-05	CISA	2026-03-05
CVE-2017-7921	10 CRITICAL	hikvision/ds-2cd2032-i_firmware	—	2017-05-06	CISA	2026-03-05
CVE-2021-22681	9.8 CRITICAL	rockwellautomation/factorytalk_services_platform	—	2021-03-03	CISA	2026-03-05
CVE-2021-30952	8.8 HIGH	Apple/iOS and iPadOS	—	2021-08-24	CISA	2026-03-05
CVE-2026-22719	8.1 HIGH	vmware/aria_operations	—	2026-02-25	CISA	2026-03-03
CVE-2026-21385	7.8 HIGH	qualcomm, inc./snapdragon	—	2026-03-02	CISA	2026-03-03
CVE-2026-25108	8.8 HIGH	Soliton Systems K.K/FileZen	—	2026-02-13	CIRCL CISA	2026-02-24
CVE-2026-20127	10 CRITICAL	cisco/catalyst_sd-wan_manager	—	2026-02-25	CISA	2026-02-25
CVE-2022-20775	7.8 HIGH	cisco/catalyst_sd-wan_manager	—	2022-09-30	CISA	2026-02-25
CVE-2025-68461	7.2 HIGH	Roundcube/Webmail	—	2025-12-18	CISA	2026-02-20
CVE-2025-49113	9.9 CRITICAL	debian/debian_linux	—	2025-06-02	CISA	2026-02-20
CVE-2026-22769	10 CRITICAL	dell/recoverpoint for virtual machines	—	2026-02-17	CISA	2026-02-18
CVE-2021-22175	9.8 CRITICAL	gitlab/gitlab	—	2021-06-11	CISA	2026-02-18
CVE-2024-7694	7.2 HIGH	TeamT5/ThreatSonar Anti-Ransomware	—	2024-08-12	CISA	2026-02-17
CVE-2008-0015	9.3 HIGH	microsoft/windows_2003_server	—	2009-07-07	CISA	2026-02-17
CVE-2026-2441	8.8 HIGH	Google/Chrome	—	2026-02-13	CISA	2026-02-17
CVE-2020-7796	9.8 CRITICAL	Synacor/Zimbra Collaboration Suite	—	2020-02-18	CISA	2026-02-17
CVE-2026-1731	9.9 CRITICAL	beyondtrust/privileged remote access	—	2026-02-06	CISA	2026-02-13
CVE-2024-43468	9.8 CRITICAL	Microsoft/Configuration Manager	—	2024-10-08	CISA	2026-02-12
CVE-2025-15556	7.7 HIGH	notepad-plus-plus/notepad\+\+	—	2026-02-03	CISA	2026-02-12
CVE-2026-20700	7.8 HIGH	Apple/iOS and iPadOS	—	2026-02-11	CISA	2026-02-12
CVE-2025-40536	9.8 CRITICAL	SolarWinds/Web Help Desk	—	2026-01-28	CISA	2026-02-12
CVE-2026-21533	7.8 HIGH	microsoft/windows_10_1607	—	2026-02-10	CISA	2026-02-10

What are Known Exploited Vulnerabilities (KEV) catalogs?

Known Exploited Vulnerabilities (KEV) catalogs are curated lists of CVEs that have been observed being actively exploited in the wild. Unlike the full NVD database, which contains over 250,000 vulnerabilities, KEV catalogs focus exclusively on threats that pose a real, demonstrated risk to organizations. This makes them essential for vulnerability prioritization and patch management.

Who publishes KEV catalogs?

Several organizations maintain their own KEV catalogs, each with different criteria, geographic focus, and update cadence:

CISA (Cybersecurity and Infrastructure Security Agency) — the original and most widely adopted KEV catalog, mandated for US federal agencies under BOD 22-01.
ENISA (European Union Agency for Cybersecurity) — the EU equivalent, contributing a European perspective on actively exploited vulnerabilities.
CIRCL (Computer Incident Response Center Luxembourg) — a CERT-based catalog with a focus on European and international threat intelligence.

Why compare KEV catalogs?

No single catalog captures every actively exploited vulnerability. Each publisher has different intelligence sources, geographic priorities, and inclusion criteria. By comparing catalogs side-by-side, security teams can identify coverage gaps, discover which source lists a CVE first, and build a more comprehensive view of the threat landscape. The overlap analysis (Jaccard similarity and pairwise coverage) quantifies how much agreement exists between publishers, while the "listed first" metric reveals which source tends to react fastest to emerging threats.

How is this data computed?

CveMate aggregates KEV entries from all supported publishers into a unified graph database. Each vulnerability is linked to every catalog that lists it, along with the date it was added. Statistics such as exclusive counts, overlap intersections, Jaccard similarity scores, and first-lister analysis are computed in real time from this unified dataset. The cumulative chart tracks how each catalog has grown over time, providing a historical view of their respective coverage trajectories.