KEVIntel

Exploitation intelligence

Real-time exploited vulnerability intelligence, backed by sensor telemetry

KEVIntel helps security teams prioritise the vulnerabilities attackers are actively exploiting, with evidence-backed attestations, confidence scoring, proprietary sensor telemetry, and practical artifacts for vulnerability management, SOC, and MSSP workflows.

Explore Observed Exploitation View Free KEV Feed
  • Evidence-backed
  • Proprietary sensors
  • Confidence scoring
  • API-ready
  • Virtual patches

Sensor Activity (7d)

Tracked KEVs with live exploitation attempts

Live
20
KEVs
2,022
Events
257
Attacker IPs
View observed exploitation

Email Alerts

Get High-Impact KEV Alerts by Email

KEVIntel tracks known exploited vulnerabilities beyond CISA KEV. Subscribe for occasional, curator-picked alerts when exploitation warrants attention. For every update, use the RSS feed or Pro API.

Occasional high-impact alerts. Unsubscribe anytime. See our Privacy Policy.

2,579

High & Confirmed Confidence KEVs

Evidence-backed exploitation with high confidence

956

Beyond CISA KEV

Additional exploited CVEs tracked beyond CISA KEV

20

KEVs Observed in Sensors (7d)

Tracked KEVs with live exploitation attempts in honeypots

1,678+

Artifacts Available

PoC, Nuclei, and scanner context

Proprietary sensor network

Sensor Coverage Across Internet-Facing Software

KEVIntel runs real internet-facing applications and honeypot decoys to observe live exploitation attempts.

  • Cisco
  • Fortinet
  • Ivanti
  • SonicWall
  • Palo Alto Networks

Product names shown for identification purposes only.

From exploitation signal to security action

Our intelligence pipeline turns raw exploitation signals into actionable intelligence your teams can trust.

  1. Step 1

    Observe

    Monitor public sources, advisories, CISA KEV, RSS feeds, honeypots, and custom sensors for exploitation signals.

  2. Step 2

    Attest

    Validate exploitation evidence and source credibility before a CVE is treated as known exploited.

  3. Step 3

    Score

    Assign confidence based on source quality, specificity, telemetry, corroboration, and validation.

  4. Step 4

    Enrich

    Add EPSS, CVSS, CWE, timelines, PoCs, Nuclei, Metasploit, scanner context, online mentions, and product context.

  5. Step 5

    Operationalize

    Convert exploitation intelligence into detection context, request indicators, payload fingerprints, virtual patch guidance, and false-positive notes.

  6. Step 6

    Deliver

    Provide intelligence through UI, RSS, Pro API, and workflow-ready exports.

Actionable artifacts, not just vulnerability records

Practical artifacts help your team move from awareness to action.

Nuclei & Scanner Context

Templates, scanner coverage, and integration results for validation workflows.

PoCs & Exploit Info

Proof-of-concept references and exploit context to accelerate understanding.

Observed Telemetry

Request paths, payloads, attacker IPs, and sensor observations mapped to CVEs.

Virtual Patches

Deployable ModSecurity, Cloudflare, and AWS WAF rules to help reduce exposure to actively exploited CVEs. Available via the Pro API.

API & Integrations

Pro API, RSS, and JSON delivery for automation-ready workflows.

Built for the teams who need to act first

Vulnerability Management

Prioritise patching based on exploitation evidence, confidence, EPSS, CVSS, and asset exposure.

Learn more

SOC / Detection

Turn exploitation intelligence into detection, monitoring, and incident response workflows.

Learn more

MSSP / MDR

Deliver differentiated client value with evidence-backed exploitation intelligence.

Learn more

CTI

Track exploited vulnerabilities with evidence links, timelines, and exploitation provenance.

Learn more

Patch what matters first

Go beyond CISA KEV with evidence-backed exploitation intelligence, proprietary sensor telemetry, and automation-ready delivery.

View KEV Feed Get the Pro API