We looked into the DHS CISA KEV catalog one step further and found that 58 actively known exploited CVEs were missed by top scanners such as Nessus, Nexpose, and Qualys.