FAQ

FAQ : CVE

To determine if a CVE is actively exploited, several information sources can be consulted. The most reliable is the KEV (Known Exploited Vulnerabilities) database maintained by the CISA, which lists CVEs whose exploitation has been confirmed in the wild. It is updated regularly and often used to establish remediation priorities. This information is directly accessible on our website CVE Find.

You can also rely on the EPSS score, which estimates the probability of a CVE being exploited within 30 days of its publication, based on real data. Finally, threat intelligence tools, CERT reports, or vendor security bulletins can also indicate whether a vulnerability is currently being used by attackers.

#CVE #KEV #CISA #EPSS

Search in FAQ

Categories

CVE
Cyber sécurité
Information
Informations

Tags

#CAPEC #CISA #CISO #CNA #CVE #CVSS #CWE #EPSS #FIRST #IoT #KEV #MITRE #NVD #SOC #Zero-day
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.