🔓
Exploit Intelligence Centre
Track actively exploited vulnerabilities, emerging threats, and real-world attacker behavior – powered by Rootshell’s Velma platform.
This report is generated using Velma (Vulnerability Enhanced Learning Machine AI) – Rootshell’s exploit intelligence engine.
Velma focuses on one thing: understanding when vulnerabilities actually become a problem.
There’s no shortage of vulnerability data out there, and most of it is driven by static scores. But risk isn’t static. A vulnerability can sit there for months with little real-world relevance, then overnight become critical when exploit code is released or it starts being used in the wild.
Velma tracks that shift.
By analysing exploit availability, attacker activity, and how vulnerabilities are being used in real-world scenarios, Velma highlights what’s genuinely worth paying attention to – not just what’s highly scored, but what’s actually exploitable.
This report provides a current view of the threat landscape, prioritizing vulnerabilities that are actively being weaponised or realistically used in attack paths.
For most organizations, the challenge isn’t a lack of vulnerabilities – it’s knowing which ones actually matter.
Velma Threat Prioritisation Matrix
Continuously updated list of vulnerabilities actively exploited in the wild, helping security teams prioritize what actually matters.
Priority | Threat | CVE | Likelihood | Impact | Exploit Maturity | Velma Risk Score |
1 | Next.js RCE (CVSS 10) | CVE-2025-55182 | Very High | Very High | High | 9.9 (Critical) |
2 | Flowise Code Injection RCE | CVE-2025-59528 | High | Very High | High | 9.8 (Critical) |
3 | Fortinet Pre-Auth RCE | CVE-2026-35616 | Very High | Very High | High | 9.8 (Critical) |
4 | Marimo Pre-Auth RCE | CVE-2026-39987 | High | Very High | High | 9.7 (Critical) |
5 | Adobe Acrobat Zero-Day RCE | CVE-2026-34621 | Very High | High | High | 9.6 (Critical) |
6 | Chrome Exploited Use-After-Free | CVE-2026-5281 | Very High | High | High | 9.5 (Critical) |
7 | Cisco ISE RCE Cluster | CVE-2026-20147 / 148 / 186 / 180 | High | Very High | High | 9.4 (Critical) |
8 | Apache ActiveMQ RCE | CVE-2026-34197 | High | Very High | Medium | 9.2 (Critical) |
9 | Quest KACE Auth Bypass | CVE-2025-32975 | High | High | High | 9.1 (Critical) |
10 | PaperCut Auth Bypass | CVE-2023-27351 | Very High | High | High | 9.0 (Critical) |
11 | Kentico Authenticated RCE | CVE-2025-2749 | Medium | High | Medium | 8.5 (High) |
12 | Cisco SD-WAN File Overwrite | CVE-2026-20122 | Medium | High | Medium | 8.3 (High) |
13 | Cisco SD-WAN Info Disclosure | CVE-2026-20133 | Medium | Medium | Medium | 7.9 (High) |
14 | NetScaler Memory Overread | CVE-2026-3055 | Medium | Medium | Medium | 7.5 (Medium) |
15 | SharePoint Spoofing (Exploited) | CVE-2026-32201 | Medium | Medium | High | 7.4 (Medium) |
16 | Zimbra XSS | CVE-2025-48700 | Medium | Medium | Medium | 7.2 (Medium) |
17 | JetBrains TeamCity Path Traversal | CVE-2024-27199 | Medium | Medium | Medium | 7.0 (Medium) |
18 | Legacy Excel RCE (Historical Exploit) | CVE-2009-0238 | Low | Medium | Low | 6.5 (Medium) |
Latest Velma KEV Reports
Velma’s KEV Report – April 2026
Velma’s KEV Report – March 2026
Velma’s KEV Report – February 2026
Velma’s KEV Report – January 2026
Velma’s KEV Report – December 2025
Velma’s KEV Report – Oct & November 2025
Velma’s KEV Report – September 2025
Velma’s KEV Report – August 2025
Velma’s KEV Report – July 2025
Ready to get started?
1
Discover your needs
2
Dive into a personalized demo
3
