What is CVE intelligence?
A CVE (Common Vulnerabilities and Exposures) identifier is the standard way to reference a specific security vulnerability. This dashboard enriches basic CVE data with exploit prediction scoring from FIRST.org's EPSS model, active exploitation status from CISA's Known Exploited Vulnerabilities catalog, and cross-references from multiple databases. It answers the critical question: "Is this vulnerability actually being exploited in the wild, and how likely is it to be exploited?"
Key Terminology
- EPSS (Exploit Prediction Scoring System)
- A model by FIRST.org that estimates the probability a vulnerability will be exploited in the wild within the next 30 days. A score of 0.5 means a 50% chance. More useful than CVSS alone because it factors in real-world exploitation trends.
- CISA KEV
- The Known Exploited Vulnerabilities catalog maintained by CISA. These are vulnerabilities confirmed to be actively exploited — not theoretical, but observed in real attacks. Federal agencies are required to patch KEV entries by specific deadlines.
🛡️ CVE Intelligence Dashboard — Frequently Asked Questions
What is a CVE and how is it scored?
A CVE (Common Vulnerabilities and Exposures) is a standardized identifier for a security vulnerability. Each CVE receives a CVSS score from 0-10 indicating severity, and an EPSS score predicting the probability of exploitation in the next 30 days.
What does it mean if a CVE is in the CISA KEV catalog?
The CISA Known Exploited Vulnerabilities catalog lists CVEs that are confirmed to be actively exploited in the wild. If a CVE appears in KEV, it requires immediate remediation as attackers are actively using it.