KEVIntel

Exploitation intelligence

Real-time exploited vulnerability intelligence, backed by sensor telemetry

KEVIntel helps security teams prioritise the vulnerabilities attackers are actively exploiting, with evidence-backed attestations, confidence scoring, proprietary sensor telemetry, and practical artifacts for vulnerability management, SOC, and MSSP workflows.

View Live Feed Explore Observed Exploitation
  • Evidence-backed
  • Proprietary sensors
  • Confidence scoring
  • API-ready

Observed in Sensors

Last 7 days

Live
17
KEVs
1,621
Events
203
Attacker IPs
View observed exploitation

1,638

High & Confirmed Confidence KEVs

Evidence-backed exploitation with high confidence

955

Beyond CISA KEV

Additional exploited CVEs tracked beyond CISA KEV

17

Observed in Sensors

Live exploitation attempts observed by KEVIntel sensors

1,675+

Artifacts Available

PoC, Nuclei, and scanner context

From exploitation signal to security action

Our intelligence pipeline turns raw exploitation signals into actionable intelligence your teams can trust.

  1. Step 1

    Observe

    Public sources, RSS feeds, vendor advisories, CISA KEV, honeypots, and custom sensors collect exploitation signals.

  2. Step 2

    Attest

    Every KEV is linked to evidence from authoritative sources or first-hand sensor observations.

  3. Step 3

    Score

    Confidence scoring, source quality, EPSS, CVSS, CWE, timelines, and attacker activity power smarter prioritisation.

  4. Step 4

    Deliver

    RSS, JSON, Pro API, and practical artifacts plug directly into existing workflows.

Actionable artifacts, not just vulnerability records

Practical artifacts help your team move from awareness to action.

Coming soon

Detection Logic

Sigma, YARA, IDS/IPS, and SIEM context from observed patterns and scanner coverage.

Nuclei & Scanner Context

Templates, scanner coverage, and integration results for validation workflows.

PoCs & Exploit Info

Proof-of-concept references and exploit context to accelerate understanding.

Observed Telemetry

Request paths, payloads, attacker IPs, and sensor observations mapped to CVEs.

Coming soon

MSSP Reports

Client-ready summaries, timelines, and evidence-backed exploitation context.

API & Integrations

Pro API, RSS, and JSON delivery for automation-ready workflows. Webhooks coming soon.

Coming soon

Virtual Patch Guidance

WAF rules, IPS signatures, and temporary mitigation guidance.

Built for the teams who need to act first

Vulnerability Management

Prioritise patching based on exploitation evidence, confidence, EPSS, CVSS, and asset exposure.

Learn more

SOC / Detection

Turn exploitation intelligence into detection, monitoring, and incident response workflows.

Learn more

MSSP / MDR

Deliver differentiated client value with evidence-backed exploited-vulnerability reports.

Learn more

CTI

Track exploited vulnerabilities with evidence links, timelines, and exploitation provenance.

Learn more

Email Alerts

Get High-Impact KEV Alerts by Email

KEVIntel tracks known exploited vulnerabilities beyond CISA KEV. Subscribe for occasional, curator-picked alerts when exploitation warrants attention. For every update, use the RSS feed or Pro API.

Occasional high-impact alerts. Unsubscribe anytime. See our Privacy Policy.

Patch what matters first

Go beyond CISA KEV with evidence-backed exploitation intelligence, proprietary sensor telemetry, and automation-ready delivery.

View Live Feed Request Pro API Access