KEVIntel

Exploitation intelligence

Real-time exploited vulnerability intelligence, backed by sensor telemetry

KEVIntel helps security teams prioritise the vulnerabilities attackers are actively exploiting, with evidence-backed attestations, confidence scoring, proprietary sensor telemetry, and practical artifacts for vulnerability management, SOC, and MSSP workflows.

Explore Observed Exploitation View Free KEV Feed
  • Evidence-backed
  • Proprietary sensors
  • Confidence scoring
  • API-ready

Sensor Activity (7d)

Tracked KEVs with live exploitation attempts

Live
16
KEVs
1,661
Events
230
Attacker IPs
View observed exploitation

Email Alerts

Get High-Impact KEV Alerts by Email

KEVIntel tracks known exploited vulnerabilities beyond CISA KEV. Subscribe for occasional, curator-picked alerts when exploitation warrants attention. For every update, use the RSS feed or Pro API.

Occasional high-impact alerts. Unsubscribe anytime. See our Privacy Policy.

2,578

High & Confirmed Confidence KEVs

Evidence-backed exploitation with high confidence

955

Beyond CISA KEV

Additional exploited CVEs tracked beyond CISA KEV

16

KEVs Observed in Sensors (7d)

Tracked KEVs with live exploitation attempts in honeypots

1,676+

Artifacts Available

PoC, Nuclei, and scanner context

Proprietary sensor network

Sensor Coverage Across Internet-Facing Software

KEVIntel runs real internet-facing applications and honeypot decoys to observe live exploitation attempts.

  • Cisco
  • Fortinet
  • Ivanti
  • SonicWall
  • Palo Alto Networks

Product names shown for identification purposes only.

From exploitation signal to security action

Our intelligence pipeline turns raw exploitation signals into actionable intelligence your teams can trust.

  1. Step 1

    Observe

    Public sources, RSS feeds, vendor advisories, CISA KEV, honeypots, and custom sensors collect exploitation signals.

  2. Step 2

    Attest

    Every KEV is linked to evidence from authoritative sources or first-hand sensor observations.

  3. Step 3

    Score

    Confidence scoring, source quality, EPSS, CVSS, CWE, timelines, and attacker activity power smarter prioritisation.

  4. Step 4

    Deliver

    RSS, JSON, Pro API, and practical artifacts plug directly into existing workflows.

Actionable artifacts, not just vulnerability records

Practical artifacts help your team move from awareness to action.

Nuclei & Scanner Context

Templates, scanner coverage, and integration results for validation workflows.

PoCs & Exploit Info

Proof-of-concept references and exploit context to accelerate understanding.

Observed Telemetry

Request paths, payloads, attacker IPs, and sensor observations mapped to CVEs.

API & Integrations

Pro API, RSS, and JSON delivery for automation-ready workflows.

Built for the teams who need to act first

Vulnerability Management

Prioritise patching based on exploitation evidence, confidence, EPSS, CVSS, and asset exposure.

Learn more

SOC / Detection

Turn exploitation intelligence into detection, monitoring, and incident response workflows.

Learn more

MSSP / MDR

Deliver differentiated client value with evidence-backed exploited-vulnerability reports.

Learn more

CTI

Track exploited vulnerabilities with evidence links, timelines, and exploitation provenance.

Learn more

Patch what matters first

Go beyond CISA KEV with evidence-backed exploitation intelligence, proprietary sensor telemetry, and automation-ready delivery.

View KEV Feed Get the Pro API