Dashboard

What is a CVE?

A CVE (Common Vulnerabilities and Exposures) is a publicly known security flaw found in software or hardware. Think of it like a recall notice for a car — it tells you something is broken and needs to be fixed. Each CVE gets a unique ID like CVE-2024-12345 so everyone talks about the same issue.

Who is affected?

CVEs can affect anything with software: your smartphone, laptop, smart TV, Wi-Fi router, security camera, smart fridge, light bulbs, or industrial equipment. If a device connects to the internet or runs software, it can have vulnerabilities.

Why does it matter?

Attackers actively search for unpatched CVEs to break into devices and steal data. By staying informed, IT teams and individuals can prioritise which patches to apply first — especially for vulnerabilities that are already being exploited.

What is a CVSS score?

CVSS (Common Vulnerability Scoring System) gives a qualitative measure of severity — not risk — on a scale of 0 to 10. A high score means the vulnerability is severe, but it does not automatically mean your systems are at risk — that also depends on your environment and configuration.

What is an EPSS score?

EPSS (Exploit Prediction Scoring System) estimates the probability — shown as a percentage — that a CVE will actually be exploited in the wild within the next 30 days. A high EPSS means attackers are likely already trying to use it, so it deserves urgent attention.

What does 'Actively Exploited' mean?

This flag means the vulnerability is confirmed to be used in real attacks right now — not just theoretical. These CVEs appear on the U.S. government's Known Exploited Vulnerabilities (KEV) list and should be patched as a top priority.