THE Known Exploited Vulnerabilities (KEV) Catalog, maintained by CISA, serves as an authoritative source for vulnerabilities exploited in the wild. It assists organizations in prioritizing their vulnerability management based on ongoing threat activity. The catalog includes various formats for access, such as CSV and JSON.
A highlighted entry is CVE-2009-1537, a vulnerability in Microsoft DirectX that allows remote code execution through a crafted QuickTime file, with recommendations to apply mitigations or discontinue use if necessary.