Live CVE Tracker — NVD + CISA KEV

Live CVE Tracker — NVD + CISA KEV Feed

Real-time CVE feed integrating NVD publications with CISA Known Exploited Vulnerability (KEV) flags, EPSS exploit probability scores, and mandatory federal remediation deadlines — so you fix the right vulnerabilities first.

• NVD CVE feed — all publicly disclosed vulnerabilities with CVSS v3.1 base, temporal, and environmental scores
• CISA KEV integration — known-exploited-in-the-wild flags with mandatory 72-hour federal remediation deadlines
• EPSS scores — machine-learning exploit probability scores to prioritise non-KEV findings by real-world risk
• Patch deadline tracking — automated remediation SLA calculation based on CVSS severity and KEV status
• Asset exposure mapping — link CVEs to your inventory to instantly see which systems are exposed

NVD CVE Feed: What Each Vulnerability Entry Contains

The National Vulnerability Database publishes CVE entries with structured data including CVSS v3.1 base scores, affected software versions using CPE (Common Platform Enumeration) notation, CWE classification (Common Weakness Enumeration categorising the underlying vulnerability class), references to vendor advisories and proof-of-concept exploits, and NVD analyst descriptions. The Threatstealth CVE tracker ingests this data in near real time as new CVEs are published and enriches each entry with CISA KEV status, current EPSS score, patch availability status from vendor advisory tracking, and active exploitation intelligence from threat feeds. This enriched view eliminates the need to cross-reference multiple sources manually.

• CVSS v3.1 scoring — base, temporal, and environmental scores with metric breakdowns for each vulnerability
• CPE affected versions — structured affected software version notation enabling precise inventory matching
• CWE classification — underlying vulnerability weakness category for detection engineering and code review focus
• Vendor advisory links — direct links to official patches, security advisories, and vendor-recommended mitigations
• Proof-of-concept tracking — flags when public PoC exploit code is available, elevating remediation urgency

CISA KEV Integration and Federal Remediation Timelines

The CISA Known Exploited Vulnerabilities catalogue is the most operationally significant vulnerability prioritisation signal available to security teams. When CISA adds a CVE to the KEV catalogue, it is because the vulnerability has been observed being exploited in real-world attacks — not because it scores high on CVSS. Federal agencies under CISA's BOD 22-01 mandate must remediate KEV entries within 14 days (for internet-facing assets) or 30 days (for internal assets). Private-sector organisations using the KEV catalogue as a remediation priority signal have consistently achieved better outcomes — lower exposure windows and fewer successful exploitations — than those using CVSS-only approaches.

• KEV publication monitoring — new CISA KEV entries surfaced immediately in the tracker with full vulnerability context
• Federal remediation deadlines — BOD 22-01 mandatory timelines displayed for each KEV entry
• Enterprise SLA recommendations — suggested private-sector remediation timelines aligned to KEV entry risk
• KEV entry history — full CISA KEV catalogue with publication date, due date, and vendor/product information
• KEV trend analysis — KEV addition rate by vendor, product category, and vulnerability type over time

EPSS Score Interpretation and Non-KEV Prioritisation

EPSS (Exploit Prediction Scoring System) provides a 0–1 probability estimate for each CVE being exploited within the next 30 days, updated daily by the Forum of Incident Response and Security Teams (FIRST). For vulnerabilities that are not on the CISA KEV catalogue, EPSS is the best available signal for predicting which findings are most likely to be weaponised. The Threatstealth CVE tracker displays current and historical EPSS scores alongside a 30-day trend, enabling analysts to identify vulnerabilities with rising exploit probability — which may indicate emerging exploitation activity before a KEV designation is issued. EPSS scores above 0.5 should generally be treated with the same urgency as KEV entries.

• Daily EPSS updates — current probability scores updated every 24 hours as FIRST refreshes the model
• Historical EPSS trend — 30-day score history chart showing whether exploit probability is rising, stable, or declining
• Rising probability alerts — notifications when a CVE's EPSS score increases by more than 0.15 within seven days
• EPSS threshold filtering — filter the CVE tracker to show only vulnerabilities above a specified EPSS probability
• Pre-KEV identification — vulnerabilities with high and rapidly rising EPSS scores that may be KEV candidates

Asset Exposure Mapping and Remediation Workflow Integration

The CVE tracker's most operationally powerful feature is asset exposure mapping — the ability to cross-reference each new CVE's CPE affected software data against your asset inventory to determine which specific systems in your environment are potentially exposed. For KEV entries, this mapping triggers automatic alert creation for each exposed asset with a pre-populated remediation ticket ready for assignment. For high-EPSS non-KEV findings, the exposure map enables proactive identification of at-risk assets before exploitation occurs. Remediation workflow integration pushes exposure-mapped findings directly into Jira, ServiceNow, or the built-in Threatstealth vulnerability queue with assigned SLAs and owner assignments.

• CPE to asset matching — cross-referencing vulnerability affected software CPE data against the platform asset inventory
• Automatic KEV alert creation — pre-populated remediation tickets for each asset exposed to a new KEV entry
• Exposure count reporting — number of exposed assets per CVE for risk prioritisation and resource allocation
• Remediation ticket generation — automatic Jira or ServiceNow ticket creation with CVE context and remediation SLA
• Patch verification workflow — automated confirmation check that remediation is complete and verified before closure