🔓
Exploit Intelligence Centre
Track actively exploited vulnerabilities, emerging threats, and real-world attacker behavior – powered by Rootshell’s Velma platform.
This report is generated using Velma (Vulnerability Enhanced Learning Machine AI) – Rootshell’s exploit intelligence engine.
Velma focuses on one thing: understanding when vulnerabilities actually become a problem.
There’s no shortage of vulnerability data out there, and most of it is driven by static scores. But risk isn’t static. A vulnerability can sit there for months with little real-world relevance, then overnight become critical when exploit code is released or it starts being used in the wild.
Velma tracks that shift.
By analysing exploit availability, attacker activity, and how vulnerabilities are being used in real-world scenarios, Velma highlights what’s genuinely worth paying attention to – not just what’s highly scored, but what’s actually exploitable.
This report provides a current view of the threat landscape, prioritizing vulnerabilities that are actively being weaponised or realistically used in attack paths.
For most organizations, the challenge isn’t a lack of vulnerabilities – it’s knowing which ones actually matter.
Velma Threat Prioritisation Matrix
Continuously updated list of vulnerabilities actively exploited in the wild, helping security teams prioritize what actually matters.
Priority | Threat | CVE | Likelihood | Impact | Exploit Maturity | Velma Score |
|---|---|---|---|---|---|---|
1 | Veeam Backup RCE | 21666 / 21667 / 21708 | High | Very High | High | 9.8 |
2 | SolarWinds Web Help Desk | 26399 | High | Very High | High | 9.7 |
3 | SolarWinds Serv-U Chain | 40538–40541 | High | Very High | High | 9.6 |
4 | Chrome Exploit Chain | 3909 / 3910 | Very High | High | High | 9.4 |
5 | VMware Aria Ops (KEV) | 22719 | High | Very High | High | 9.3 |
6 | Ivanti Auth Bypass | 1603 | High | High | High | 9.0 |
7 | Cisco SD-WAN | 20775 | Medium | Very High | Medium | 8.6 |
8 | Veeam LPE | 21668 / 21672 | Medium | High | Medium | 8.4 |
9 | Cisco File Overwrite | 20122 | Medium | High | Medium | 8.2 |
10 | FileZen Injection | 25108 | Medium | High | Medium | 8.1 |
11 | Microsoft MSHTML | 21513 | Medium | High | Medium | 8.0 |
12 | VMware SSRF | 22054 | Medium | Medium | Medium | 7.5 |
13 | Apple Memory Corruption | 43000 | Medium | Medium | Medium | 7.3 |
14 | Cisco Info Disclosure | 20128 | Low | Medium | Low | 6.5 |
15 | Wing FTP | 47813 | Low | Low | Low | 5.8 |
Latest Velma KEV Reports
Velma’s KEV Report – March 2026
Velma’s KEV Report – February 2026
Velma’s KEV Report – January 2026
Velma’s KEV Report – December 2025
Velma’s KEV Report – Oct & November 2025
Velma’s KEV Report – September 2025
Velma’s KEV Report – August 2025
Velma’s KEV Report – July 2025
Velma’s KEV Report – June 2025
Ready to get started?
1
Discover your needs
2
Dive into a personalized demo
3
