VulnCheck KEV Surges to Track More than 3,600 Known Exploited Vulnerabilities

LEXINGTON, Mass.--(BUSINESS WIRE)--VulnCheck, the exploit intelligence company, today announced significant growth of its Known Exploited Vulnerabilities (KEV) catalog, which now tracks over 3,600 known exploited vulnerabilities, and has surpassed over 10,000 users worldwide.

The VulnCheck KEV is available through the VulnCheck Community as a free intelligence feed for any enterprise, cybersecurity firm, government team, or managed service provider. VulnCheck launched its Community offerings in early 2024, with hundreds of cybersecurity platforms now powered with VulnCheck intelligence.

The volume of the VulnCheck KEV catalog exceeds the CISA KEV catalog by 173%. On average, the VulnCheck KEV is 27 days faster at informing users of known exploited vulnerabilities than the CISA KEV, and currently averages 125% more known exploited vulnerabilities added monthly.

The VulnCheck KEV provides security teams and detection engineers with a dashboard featuring the largest real-time collection of known exploited vulnerabilities. Through its new interface, VulnCheck KEV users have enriched CVE context, including links to exploit proof-of-concept (POC) code, making it easier to find exploitation evidence and exploits for validation and testing against VulnCheck XDB - another Community resource that provides users with exploit POC code in Git repositories, programmatically compiled with validation steps that involve human analysis and automated block lists.

“Our research shows that 28% of CVEs are exploited within the first 24 hours of disclosure to gain access to critical systems and organizations,” said Anthony Bettini, CEO and founder, VulnCheck. “As defenders struggle to keep up, getting information into their hands faster about which vulnerabilities need remediation first can help stop breaches before they occur. The VulnCheck KEV solves this issue for thousands of defenders worldwide.”

The VulnCheck KEV catalog also includes citations and evidence explaining why each vulnerability is listed, linking to known threat actors, ransomware groups, or botnet activity when available. The VulnCheck KEV helps teams better manage threats, build detections faster, and solve the vulnerability prioritization challenge.

In 2024, VulnCheck:

• Added 717 new known exploited vulnerabilities for an average of 59.8/month compared to 170 added to the CISA KEV for an average of 14.2/month.

• Added 410 unique vendors with one or more known exploited vulnerabilities to the VulnCheck KEV vs. 56 unique vendors in the CISA KEV.

• Provided teams with contextual intelligence on the top 10 vendors by number of exploited vulnerabilities, including Microsoft (55), Apache (18), Ivanti (17), Apple (16), D-Link (14), Oracle (14), Google (13), Cisco (11), Progress (11) and VMware (11).

• Provided teams with intelligence on the top 10 products with exploited vulnerabilities, including Microsoft Windows (30), Google Chrome / Chromium (11), Apple IOS products (9), Apache OFBiz (6), Ivanti Connect Secure (6), Citrix Netscaler (6), Apple Safari (5), Cisco ASA / FTD (5), QNAP QTS (5), and openSSL (5).

For more information on the VulnCheck KEV and to sign up for the VulnCheck Community, visit https://vulncheck.com/kev.

About VulnCheck
VulnCheck is the exploit intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn or X.

To learn more about VulnCheck, visit https://vulncheck.com/.