LEXINGTON, MA -- February 27, 2024 -- VulnCheck, the exploit intelligence company, today announced the launch of the VulnCheck Known Exploited Vulnerabilities (KEV) catalog. The free offering, available by joining the VulnCheck Community, provides security teams and threat detection engineers with advanced intelligence on vulnerabilities that have been exploited in the wild to better manage threats, solve the prioritization challenge and outpace adversaries.
With the rapid growth and exploitation of vulnerabilities, speed and breadth of data remain the most valuable assets to vulnerability management first responders. Currently, VulnCheck tracks 876 more (or 81.04%) vulnerabilities exploited in the wild than CISA, and alerts customers before missing exploits are added to the CISA KEV catalog an average of 27 days earlier. VulnCheck’s KEV catalog equips cybersecurity vendors and vulnerability management teams with faster, broader coverage in an efficient machine-readable dataset needed for detection, prioritization, and remediation.
The CISA KEV catalog continues to be an invaluable tool and a driving force in our industry, but there is an opportunity for broader visibility and often earlier indicators into known exploitation. This is why we decided to offer a community resource that provides broader known exploited vulnerability intelligence and reference materials, all delivered at machine speed.
Key features of VulnCheck’s KEV catalog include:
- Comprehensive CVE Tracking: VulnCheck provides security teams with the largest real-time collection of known exploited vulnerabilities. The offering encompasses all vulnerabilities listed in the CISA KEV catalog, plus approximately 80% more reported as exploited in the wild.
- Exploit Intelligence: VulnCheck’s catalog adds the much-needed context to CVEs. The catalog includes supplementary external links to exploit content available in VulnCheck XDB, referencing publicly-available exploit proof of concept code where possible. This intelligence arms engineers with the information needed to build better detections and get them in the hands of defenders faster.
- Exploitation References: VulnCheck provides citations for each and every CVE, so security teams have a clearer picture of why the vulnerability is on the list. When threat actors, ransomware groups, or botnets are involved in the vulnerability exploitation, VulnCheck cites evidence.
The cybersecurity community is taking notice of the scale and impact VulnCheck is having on the vulnerability landscape. Our exploit research continues to be a driving force and influence in the industry, and we frequently see CISA adding CVEs to CISA KEV that VulnCheck was tracking weeks earlier.
This news follows the launch of other impactful Community offerings from VulnCheck, including the maintenance of NVD 1.0 and unveiling of VulnCheck XDB, the largest repository of exploits and proof-of-concepts hosted on git repositories.
About VulnCheck
VulnCheck is the vulnerability intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn, Mastodon, or Twitter.