Threat and Exploit Intelligence Analytics

Deep insights into vulnerability landscape, exploitation trends and risk metrics.

Vulnerability Funnel

From NVD publication to confirmed exploitation

Year in progress — partial data
NVD Published
Monitored
EPSS > 10%
Exploited in Wild
TTE ≤ 5 days
Zero-Day
12,000 113 57 113 80 65
0.9%
50.4%
198.2%
70.8%
81.2%

Daily Monitoring Flow

CVEs added vs removed from monitoring (last 90 days)

CVE Distribution by Year

Severity breakdown across tracked years
871
Monitored CVEs
-17.2% vs last 30d
8.7
Avg CVSS Score
Across all active CVEs
829
Exploited in Wild
95.2% of monitored CVEs confirmed exploited
1d
Mean Time to Weaponize
Avg days from publish to first PoC/exploit (outliers removed)
89d
Mean Time to Exploit
Avg days from publish to confirmed exploitation (outliers removed)

Exploitation Timing by Severity

Fastest and average time-to-exploit/weaponize per severity level (outliers removed via IQR)
CRITICAL (297 CVEs)
-49.7d Fastest
-0.6d Median
88d Avg Exploit
0d Avg PoC
179 Zero-Day
HIGH (181 CVEs)
-117.0d Fastest
0.3d Median
86d Avg Exploit
5d Avg PoC
86 Zero-Day
Global Timing
-117.0d Fastest
-0.5d Median
89d Avg Exploit
1d Avg PoC
Zero-Day (55.9% of 508 with TTE)
284 Total
179 Critical
86 High
5-Day Window
281 Exploited (34.9%)
354 With PoC (69.7%)

Threat Overlap

Intersection of KEV, Exploits and High EPSS
230 21 0 117 99 2 383 KEV (829) Exploit (523) EPSS >50% (484)

CVE Timeline (90d)

EPSS Distribution

Top CWE Categories

Most Dangerous CVEs

Ranked by composite score (CVSS x EPSS x KEV x Exploit)
CVE-ID Severity CVSS EPSS Score
CVE-2024-3400 KEV EXP CRITICAL 10 100.0% 60.0
CVE-2021-44228 KEV EXP CRITICAL 10 100.0% 60.0
CVE-2024-1709 KEV EXP CRITICAL 10 100.0% 59.99
CVE-2025-32432 KEV EXP CRITICAL 10 99.8% 59.94
CVE-2020-0796 KEV EXP CRITICAL 10 99.8% 59.94
CVE-2021-22205 KEV EXP CRITICAL 10 99.7% 59.92
CVE-2022-0543 KEV EXP CRITICAL 10 99.7% 59.9
CVE-2025-55182 KEV EXP CRITICAL 10 99.6% 59.87
CVE-2023-20198 KEV EXP CRITICAL 10 99.6% 59.87
CVE-2024-4040 KEV EXP CRITICAL 10 99.5% 59.86

Vendor Exposure

Vendor CVEs Avg CVSS Exposure
Microsoft 94 8.0
10.8%
Google 62 8.8
7.1%
Apple 43 8.5
4.9%
Cisco 36 8.5
4.1%
Ivanti 33 8.5
3.8%
Apache 26 9.3
3.0%
Vmware 21 8.8
2.4%
Oracle 20 9.1
2.3%
Fortinet 19 9.5
2.2%
Adobe 14 9.0
1.6%

EPSS Movers

Biggest EPSS increases in the last 7 days
CVE-ID Previous Current Change
CVE-2026-10520 3.3% 99.00% +95.77%
CVE-2026-35273 0.0% 92.30% +92.31%
CVE-2026-20253 0.1% 88.20% +88.1%
CVE-2026-24858 4.0% 85.80% +81.89%
CVE-2026-48907 0.1% 80.40% +80.28%
CVE-2026-9082 10.4% 84.60% +74.23%
CVE-2026-34910 4.5% 78.60% +74.05%
CVE-2023-41763 16.5% 90.40% +73.86%
CVE-2026-33017 24.7% 98.20% +73.54%
CVE-2020-17463 17.5% 90.00% +72.53%

Recent KEV Additions

Latest CVEs added to CISA KEV catalog
CVE-ID Severity Product Date Added
CVE-2026-48282 CRITICAL Adobe ColdFusion 2026-07-07
CVE-2026-56290 CRITICAL JoomlaCK.fr Page Builder CK extension for Joomla 2026-07-07
CVE-2026-55255 HIGH langflow-ai langflow 2026-07-07
CVE-2026-48908 CRITICAL joomshaper.net SP Page Builder extension for Joomla 2026-07-07
CVE-2026-45659 HIGH Microsoft SharePoint Enterprise Server 2016 2026-07-01
CVE-2026-48558 CRITICAL SimpleHelp 2026-06-29
CVE-2026-12569 CRITICAL PTC Windchill PDMLink 2026-06-25
CVE-2026-20230 HIGH Cisco Unified Communications Manager 2026-06-25
CVE-2026-34910 CRITICAL Ubiquiti Inc UniFi OS Server 2026-06-23
CVE-2026-34908 CRITICAL Ubiquiti Inc UniFi OS Server 2026-06-23

EPSS Monthly Snapshots

Top CVEs by EPSS, frozen at the end of each month
Jul 2026 — 5 CVEs
1. CVE-2020-5902
100.0%
2. CVE-2021-1498
100.0%
3. CVE-2021-21985
100.0%
4. CVE-2021-22005
100.0%
5. CVE-2021-26084
100.0%
Jun 2026 — 5 CVEs
1. CVE-2020-5902
100.0%
2. CVE-2021-1498
100.0%
3. CVE-2021-21985
100.0%
4. CVE-2021-22005
100.0%
5. CVE-2021-26084
100.0%

Monthly EPSS Growth Leaders

CVEs that gained the most EPSS during each month
Jul 2026 — 5 CVEs
1. CVE-2026-48282
1.0% 28.6%
+27.56%
2. CVE-2021-25297
42.9% 58.7%
+15.81%
3. CVE-2023-5217
34.4% 49.0%
+14.61%
4. CVE-2024-20353
63.3% 70.7%
+7.41%
5. CVE-2021-39935
30.5% 35.6%
+5.15%
Jun 2026 — 5 CVEs
1. CVE-2026-10520
0.2% 98.9%
+98.72%
2. CVE-2026-35273
0.0% 92.3%
+92.31%
3. CVE-2026-20253
0.1% 88.2%
+88.1%
4. CVE-2026-24858
3.9% 85.8%
+81.9%
5. CVE-2026-48907
0.1% 80.4%
+80.31%

SSVC Decision Distribution

CISA Stakeholder-Specific Vulnerability Categorization

EPSS vs KEV Prediction — Complementary Coverage

Where EPSS underestimates and our ML model catches what EPSS misses — complementary divergence between metrics.
Backtest 2024+ — 82 CVEs entered KEV:
EPSS alone would catch
23 / 82 (28%)
We alone catch
35 / 82 (43%)
Both combined
44 / 82 (54%)
Unpredictable (both miss)
38 / 82 (46%)

SSVC Decision vs Severity

Why severity alone is insufficient for prioritization

Threat Velocity

Weekly inflow of new threats (last 12 weeks)

EPSS Prediction Accuracy

EPSS score before vs after KEV listing — did EPSS predict it?

Patch Priority Queue

Top CVEs by composite risk — SSVC + KEV Prediction + EPSS
CVE-ID SSVC KEV-ML EPSS CVSS Signals
CVE-2024-3400
Palo Alto Networks PAN-OS
ACT 72% 100.0% 10.0 KEV EXP RW
CVE-2021-44228
Apache Software Foundation Apa
ACT 51% 100.0% 10.0 KEV EXP RW
CVE-2021-21985
VMware vCenter Server
ACT 75% 100.0% 9.8 KEV EXP RW
CVE-2023-27350
PaperCut NG
ACT 53% 100.0% 9.8 KEV EXP RW
CVE-2022-26134
Atlassian Confluence Data Cent
ACT 60% 100.0% 9.8 KEV EXP RW
CVE-2021-35464
ForgeRock Access Management (A
ACT 81% 100.0% 9.8 KEV EXP RW
CVE-2023-35082
Ivanti EPMM
ACT 70% 100.0% 9.8 KEV RW
CVE-2021-22005
VMware vCenter Server
ACT 81% 100.0% 9.8 KEV EXP RW
CVE-2024-23897
Jenkins Project Jenkins
ACT 77% 100.0% 9.8 KEV EXP RW
CVE-2023-1671
Sophos Web Appliance
ACT 61% 100.0% 9.8 KEV
CVE-2021-26084
Atlassian Confluence Server
ACT 72% 100.0% 9.8 KEV EXP RW
CVE-2021-1498
Cisco HyperFlex HX Data Platfo
ACT 73% 100.0% 9.8 KEV EXP RW
CVE-2020-5902
F5 BIG-IP
ACT 34% 100.0% 9.8 KEV EXP RW
CVE-2022-29464
WSO2 Multiple Products
ACT 73% 100.0% 9.8 KEV EXP RW
CVE-2023-35078
Ivanti Endpoint Manager Mobile
ACT 71% 100.0% 9.8 KEV RW

Detection Gap

SSVC Act/Attend CVEs with NO detection rules
CVE-ID SSVC EPSS Severity Signals
CVE-2023-44487
IETF HTTP/2
ACT 100.0% HIGH KEV
CVE-2025-22457
Ivanti Connect Secure
ACT 100.0% CRITICAL KEV RW
CVE-2023-38035
Ivanti MobileIron Sentry
ACT 99.9% CRITICAL KEV RW
CVE-2020-0796
Microsoft Windows 10 Version 1
ACT 99.8% CRITICAL KEV RW
CVE-2023-29298
Adobe ColdFusion
ACT 99.8% HIGH KEV
CVE-2023-29357
Microsoft SharePoint Server 20
ACT 99.6% CRITICAL KEV RW
CVE-2023-34048
VMware vCenter Server
ACT 99.4% CRITICAL KEV RW
CVE-2020-14750
Oracle Corporation WebLogic Se
ACT 99.3% CRITICAL KEV
CVE-2022-24086
Adobe Magento Commerce
ACT 99.2% CRITICAL KEV RW
CVE-2020-6207
SAP SE SAP Solution Manager (U
ACT 98.4% CRITICAL KEV
CVE-2022-26138
Atlassian Questions For Conflu
ACT 98.2% CRITICAL KEV
CVE-2024-3272
D-Link DNS-320L
ACT 98.0% CRITICAL KEV
CVE-2020-25078
D-Link DCS-2530L and DCS-2670L
ACT 97.9% HIGH KEV
CVE-2024-4358
Progress Software Corporation
ACT 97.5% CRITICAL KEV
CVE-2023-27524
Apache Software Foundation Apa
ACT 97.4% CRITICAL KEV RW
CVE-2020-25213
WordPress File Manager Plugin
ACT 97.3% CRITICAL KEV
CVE-2020-5847
Unraid Unraid
ACT 95.8% CRITICAL KEV
CVE-2022-36537
ZK Framework AuUploader
ACT 95.3% HIGH KEV RW
CVE-2023-24489
Citrix ShareFile Storage Zones
ACT 95.1% CRITICAL KEV
CVE-2020-2883
Oracle Corporation WebLogic Se
ACT 94.9% CRITICAL KEV