CISA KEV refers to the Known Exploited Vulnerabilities catalog maintained by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This catalog lists software and hardware vulnerabilities that are actively being exploited in the wild. The goal is to help organizations prioritize patching and mitigation efforts by highlighting flaws that pose the greatest risk. CISA regularly updates the KEV catalog, requiring federal agencies and encouraging private organizations to address these vulnerabilities promptly. By focusing on vulnerabilities with confirmed exploitation, the KEV catalog supports more effective risk management and enhances the overall cybersecurity posture of critical infrastructure and businesses.