KEV (Known Exploited Vulnerabilities)

The Known Exploited Vulnerabilities catalog is maintained by the Cybersecurity and Infrastructure Security Agency (CISA) and lists Common Vulnerabilities and Exposures (CVEs) that have been confirmed as actively exploited in real-world attacks. Known Exploited Vulnerability status significantly elevates the urgency of a vulnerability, as a CVE that attackers are actively using demands faster remediation than one that is merely disclosed. Black Kite surfaces KEV-tagged findings in vendor assessments.