🔓
Exploit Intelligence Centre
Track actively exploited vulnerabilities, emerging threats, and real-world attacker behavior – powered by Rootshell’s Velma platform.
This report is generated using Velma (Vulnerability Enhanced Learning Machine AI) – Rootshell’s exploit intelligence engine.
Velma focuses on one thing: understanding when vulnerabilities actually become a problem.
There’s no shortage of vulnerability data out there, and most of it is driven by static scores. But risk isn’t static. A vulnerability can sit there for months with little real-world relevance, then overnight become critical when exploit code is released or it starts being used in the wild.
Velma tracks that shift.
By analysing exploit availability, attacker activity, and how vulnerabilities are being used in real-world scenarios, Velma highlights what’s genuinely worth paying attention to – not just what’s highly scored, but what’s actually exploitable.
This report provides a current view of the threat landscape, prioritizing vulnerabilities that are actively being weaponised or realistically used in attack paths.
For most organizations, the challenge isn’t a lack of vulnerabilities – it’s knowing which ones actually matter.
Velma Threat Prioritisation Matrix
Continuously updated list of vulnerabilities actively exploited in the wild, helping security teams prioritize what actually matters.
Priority | Threat | CVE | Likelihood | Impact | Exploit Maturity | Velma Risk Score |
1 | Ivanti Sentry Pre-Auth Compromise | CVE-2026-10520 / 10523 | Very High | Very High | High | 10.0 (Critical) |
2 | Joomla Unauthenticated RCE | CVE-2026-48907 | Very High | Very High | High | 9.9 (Critical) |
3 | Splunk Arbitrary File Creation | CVE-2026-20253 | Very High | Very High | High | 9.8 (Critical) |
4 | WP Maps Pro Admin Takeover | CVE-2026-8732 | Very High | Very High | High | 9.8 (Critical) |
5 | Magento Unauthenticated PHP RCE | CVE-2026-45247 | Very High | Very High | High | 9.8 (Critical) |
6 | Fortinet FortiSandbox Command Injection | CVE-2026-25089 / 39808 | Very High | Very High | High | 9.7 (Critical) |
7 | Ghost CMS SQL Injection | CVE-2026-26980 | Very High | High | High | 9.5 (Critical) |
8 | Veeam Backup & Replication RCE | CVE-2026-44963 | High | Very High | High | 9.4 (Critical) |
9 | Chrome V8 Exploited Vulnerability | CVE-2026-11645 | Very High | High | High | 9.3 (Critical) |
10 | Cisco Unified Communications Manager | CVE-2026-20230 | High | Very High | High | 9.2 (Critical) |
11 | FortiSandbox Authentication Bypass | CVE-2026-39813 | High | Very High | High | 9.1 (Critical) |
12 | Drupal SQL Injection | CVE-2026-9082 | High | High | High | 9.0 (Critical) |
13 | LiteLLM Command Injection (KEV) | CVE-2026-42271 | High | High | High | 8.9 (High) |
14 | Redis Command Execution | CVE-2026-23479 | Medium | High | Medium | 8.7 (High) |
15 | Cisco SD-WAN File Overwrite | CVE-2026-20262 | Medium | High | Medium | 8.5 (High) |
16 | Exchange Active Exploitation | CVE-2026-42897 | Medium | High | High | 8.4 (High) |
17 | KnowledgeDeliver RCE | CVE-2026-5426 | Medium | High | High | 8.3 (High) |
18 | Linux Kernel Container Escape | CVE-2026-23111 | Medium | High | Medium | 8.2 (High) |
19 | Linux Kernel Fragnesia LPE | CVE-2026-46300 | Medium | High | Medium | 8.1 (High) |
20 | LiteSpeed cPanel Plugin | CVE-2026-54420 | Medium | Medium | High | 7.8 (Medium) |
21 | SolarWinds Serv-U DoS | CVE-2026-28318 | Medium | Medium | Medium | 7.4 (Medium) |
22 | Defender DoS | CVE-2026-45498 | Low | Medium | Low | 6.5 (Medium) |
23 | Trend Micro | CVE-2026-34926 | Unknown | Medium | Unknown | 6.0 (Medium) |
Latest Velma KEV Reports
Velma’s KEV Report – June 2026
Velma’s KEV Report – May 2026
Velma’s KEV Report – April 2026
Velma’s KEV Report – March 2026
Velma’s KEV Report – February 2026
Velma’s KEV Report – January 2026
Velma’s KEV Report – December 2025
Velma’s KEV Report – Oct & November 2025
Velma’s KEV Report – September 2025
Ready to get started?
1
Discover your needs
2
Dive into a personalized demo
3
