Known Exploited Vulnerabilities (KEV)

CISA Catalog

Known Exploited Vulnerabilities

· Live CISA DataCISA KEV catalog — vulnerabilities with active exploitation requiring federal remediation

Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.

KEV Entries

1,619

Ransomware Use

327

Overdue

1,615

Vendors

266

Products

655

2 results · Page 1/1

CVE-2017-7921Overdue

Due: 2026-03-26
Added: 2026-03-05

Hikvision Multiple Products Improper Authentication Vulnerability

Hikvision · Multiple Products

Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2021-36260Overdue

Due: 2022-01-24
Added: 2022-01-10

Hikvision Improper Input Validation

Hikvision · Security cameras web server

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

Required Action

Apply updates per vendor instructions.