🔓
Exploit Intelligence Centre
Track actively exploited vulnerabilities, emerging threats, and real-world attacker behavior – powered by Rootshell’s Velma platform.
This report is generated using Velma (Vulnerability Enhanced Learning Machine AI) – Rootshell’s exploit intelligence engine.
Velma focuses on one thing: understanding when vulnerabilities actually become a problem.
There’s no shortage of vulnerability data out there, and most of it is driven by static scores. But risk isn’t static. A vulnerability can sit there for months with little real-world relevance, then overnight become critical when exploit code is released or it starts being used in the wild.
Velma tracks that shift.
By analysing exploit availability, attacker activity, and how vulnerabilities are being used in real-world scenarios, Velma highlights what’s genuinely worth paying attention to – not just what’s highly scored, but what’s actually exploitable.
This report provides a current view of the threat landscape, prioritizing vulnerabilities that are actively being weaponised or realistically used in attack paths.
For most organizations, the challenge isn’t a lack of vulnerabilities – it’s knowing which ones actually matter.
Velma Threat Prioritisation Matrix
Continuously updated list of vulnerabilities actively exploited in the wild, helping security teams prioritize what actually matters.
Priority | Threat | CVE | Likelihood | Impact | Exploit Maturity | Velma Risk Score |
1 | cPanel / WHM Auth Bypass | CVE-2026-41940 | Very High | Very High | High | 9.9 (Critical) |
2 | MOVEit Automation Auth Bypass | CVE-2026-4670 | Very High | Very High | High | 9.8 (Critical) |
3 | Weaver E-cology Unauth RCE | CVE-2026-22679 | Very High | Very High | High | 9.8 (Critical) |
4 | Palo Alto PAN-OS Pre-Auth RCE | CVE-2026-0300 | Very High | Very High | High | 9.7 (Critical) |
5 | Apache HTTP Server RCE | CVE-2026-23918 | High | Very High | High | 9.5 (Critical) |
6 | marimo Pre-Auth PTY RCE | CVE-2026-39987 | High | Very High | High | 9.4 (Critical) |
7 | SonicWall Auth Bypass | CVE-2026-0204 | High | High | High | 9.1 (Critical) |
8 | Ivanti EPMM RCE | CVE-2026-6973 | High | High | Medium | 8.9 (High) |
9 | PraisonAI Missing Authentication | CVE-2026-44338 | High | High | High | 8.8 (High) |
10 | Linux Kernel LPE (“Copy Fail”) | CVE-2026-31431 | Medium | High | Medium | 8.3 (High) |
11 | Linux Kernel “Fragnesia” LPE | CVE-2026-46300 | Medium | High | Medium | 8.2 (High) |
12 | Microsoft Defender Privilege Escalation | CVE-2026-33825 | Medium | Medium | Medium | 7.6 (Medium) |
Latest Velma KEV Reports
Velma’s KEV Report – May 2026
Velma’s KEV Report – April 2026
Velma’s KEV Report – March 2026
Velma’s KEV Report – February 2026
Velma’s KEV Report – January 2026
Velma’s KEV Report – December 2025
Velma’s KEV Report – Oct & November 2025
Velma’s KEV Report – September 2025
Velma’s KEV Report – August 2025
Ready to get started?
1
Discover your needs
2
Dive into a personalized demo
3
