Threat landscape

What's actively exploited, today

CVSS-TE adjusts base scores with real-world exploit signals — active exploitation, public proof-of-concept, and exploit quality — to prioritize what defenders act on first.

CISA Known Exploited —

Emerging threats —

Recently published —

Lookup

Search and filter

Search by CVE ID, vendor, or keyword. Filter by severity, exploitation status, or exploit source to narrow to what matters.

0 results

Sort:

Methodology

From base CVSS to threat-enriched

Standard CVSS scores quantify theoretical impact. CVSS-TE layers on real-world exploit context — what's actually weaponized, how reliably, and from how many sources — to produce a score that reflects current threat reality.

01 · Base

Theoretical impact

Standard CVSS v3.1 / v4.0 base score. Captures what an exploit could do — attack vector, complexity, privileges, scope, CIA impact. No exploit context. Every 9.8 looks identical, regardless of whether anyone has actually written exploit code.

02 · Threat (BT)

Exploit maturity overlay

Apply the temporal exploit code maturity metric. Adjusts base downward when no exploit exists (E:U), and toward base when active exploitation is observed (E:A). Pulled from CISA KEV, VulnCheck KEV, and source presence.

03 · Enriched (TE)

Quality weighting

Overlay exploit quality across reliability, ease of use, and effectiveness — measured per source (ExploitDB, Metasploit, Nuclei, GitHub PoCs). A weaponized, reliable, easy exploit pushes TE above base. A flaky PoC pulls it below.

Formula

CVSS-TE = CVSS-BT × (1 + Q × M) where Q = quality_score (0–1) and M = maturity weight (E:U → −0.10, E:P → +0.05, E:F → +0.10, E:H → +0.15, E:A → +0.20), bounded to [0.4, 10.0]

Worked example · CVE-2024-3400 (Palo Alto GlobalProtect)

Base

10.0

Unauth RCE, scope changed, full CIA impact

CVSS-BT

9.4

E:A applied — actively exploited in CISA KEV

CVSS-TE

9.8

Q=0.93 across 5 sources lifts BT toward ceiling

Five exploit sources contribute: ExploitDB, Metasploit, Nuclei template, public GitHub PoCs, and CISA KEV listing. Reliability 0.95, ease-of-use 0.90, effectiveness 0.95 → quality_score 0.93. Maturity weight +0.20 (E:A). Result: 9.4 × (1 + 0.93 × 0.20) ≈ 9.4 × 1.186 ≈ 9.8.

Exploit maturity weights

Code	Meaning	Weight
E:U	Unproven — no public exploit	−0.10
E:P	Proof-of-concept — non-weaponized	+0.05
E:F	Functional — works under conditions	+0.10
E:H	High — reliable, weaponized	+0.15
E:A	Attacked — observed in the wild	+0.20

Quality sub-factors

Factor	What it measures
Reliability	Does the exploit work consistently across target versions?
Ease of use	Skill required — script-kiddie executable vs. requires exploit dev?
Effectiveness	What does success grant — RCE, info-disclosure, DoS?
Quality score	Weighted blend of the three, normalized 0–1.

Signals consumed

CISA KEV

Active

VulnCheck

KEV

EPSS

Score

ExploitDB

Code

Metasploit

Module

Nuclei

Template

Daily ingest from public feeds. Each source contributes to exploit_sources count and feeds quality sub-factors. A CVE present in 4+ sources with E:A maturity is the strongest threat signal in the model.

Read Whitepaper View on GitHub