The U.S. Cybersecurity and Infrastructure Security Agency (CISA) encourages ongoing patching of known IT vulnerabilities. CISA maintains a list of exploited vulnerabilities and updates that list on an ongoing basis. A link to the CISA site may be accessed here.
CISA observes that it is not difficult to apply patches to known vulnerabilities and if companies take actions, malicious actors will have a more difficult time infiltrating and exploiting systems. CISA provides free scanning and testing services to help organizations reduce exposure threats.