Known Exploited Vulnerabilities
The KEV catalog, maintained by CISA, lists vulnerabilities that attackers are actively exploiting in the real world. Vulnerability management teams use it to prioritize patching, since a flaw on the KEV list is a proven risk, not a theoretical one. It matters because most CVEs are never exploited, and KEV tells you which ones actually are.