Triage Room
0%
of today actively exploited vulnerabilities looked harmless when they appeared
Anyone who prioritizes patching by the score on release day is looking at the wrong snapshot. Most vulnerabilities under real-world attack today entered the database with low risk — and matured in silence. Look at the numbers.
Of the vulnerabilities under active attack today (CISA KEV), 85% had low risk (EPSS < 10%) in their first week of life.
Meaning: filtering by initial score would have missed 8 out of 10.
6.9%avg risk on arrival
→
48.2%avg risk today
7×
The ones that fooled everyone
born nearly invisible · under active attack today
CVE-2023-1671A pre-auth command injection vulnerability in the warn-proceed handler0.0% → 100%CVE-2023-4966Unauthenticated sensitive information disclosure0.0% → 100%CVE-2024-7593Incorrect implementation of an authentication algorithm in Ivanti vTM 0.0% → 100%CVE-2023-22527A template injection vulnerability on older versions of Confluence Dat0.0% → 100%CVE-2023-22518All versions of Confluence Data Center and Server are affected by this0.1% → 100%CVE-2024-27199In JetBrains TeamCity before 2023.11.4 path traversal allowing to perf0.1% → 100%CVE-2024-3273D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing0.1% → 100%CVE-2024-23897Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a 0.1% → 100%
The arrival queue
0 / new vulnerabilities per day (last 60 days)
Triage
of recent vulnerabilities, by real severity (Vexday Risk Score)
Code red 0%Urgent 0%Watch 14%Stable 85%
The patient who worsens
the EPSS of each CVE measured on arrival and over time
0.17%
on arrival
0.40%
+7 days
0.55%
+30 days
0.81%
+90 days
A CVE average risk (EPSS) grows 4.7× times between arrival and +90 days. 1% jumped from quiet to elevated risk within 90 days. That is why a low score on a freshly published CVE is provisional — not safe.
Tracking this triage by hand, every day, is unfeasible. That is exactly what TrueHacking does for you.