The CISA KEV Catalog, maintained by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is an authoritative list of known exploited vulnerabilities (KEV) found in software and hardware. These vulnerabilities are actively targeted by cyber attackers and pose significant risks to organizations. The catalog helps organizations prioritize patching and remediation efforts by highlighting which security flaws require immediate attention. Regularly updated, it serves as a critical resource for IT and security teams to protect networks and data from ongoing cyber threats.