🔓
Exploit Intelligence Centre
Track actively exploited vulnerabilities, emerging threats, and real-world attacker behavior – powered by Rootshell’s Velma platform.
Velma Threat Prioritisation Matrix
Continuously updated list of vulnerabilities actively exploited in the wild, helping security teams prioritize what actually matters.
Priority | Threat | CVE | Likelihood | Impact | Exploit Maturity | Velma Score |
|---|---|---|---|---|---|---|
1 | Veeam Backup RCE | 21666 / 21667 / 21708 | High | Very High | High | 9.8 |
2 | SolarWinds Web Help Desk | 26399 | High | Very High | High | 9.7 |
3 | SolarWinds Serv-U Chain | 40538–40541 | High | Very High | High | 9.6 |
4 | Chrome Exploit Chain | 3909 / 3910 | Very High | High | High | 9.4 |
5 | VMware Aria Ops (KEV) | 22719 | High | Very High | High | 9.3 |
6 | Ivanti Auth Bypass | 1603 | High | High | High | 9.0 |
7 | Cisco SD-WAN | 20775 | Medium | Very High | Medium | 8.6 |
8 | Veeam LPE | 21668 / 21672 | Medium | High | Medium | 8.4 |
9 | Cisco File Overwrite | 20122 | Medium | High | Medium | 8.2 |
10 | FileZen Injection | 25108 | Medium | High | Medium | 8.1 |
11 | Microsoft MSHTML | 21513 | Medium | High | Medium | 8.0 |
12 | VMware SSRF | 22054 | Medium | Medium | Medium | 7.5 |
13 | Apple Memory Corruption | 43000 | Medium | Medium | Medium | 7.3 |
14 | Cisco Info Disclosure | 20128 | Low | Medium | Low | 6.5 |
15 | Wing FTP | 47813 | Low | Low | Low | 5.8 |
Latest Velma KEV Reports
Velma’s KEV Report – March 2026
Velma’s KEV Report – February 2026
Velma’s KEV Report – January 2026
Velma’s KEV Report – December 2025
Velma’s KEV Report – Oct & November 2025
Velma’s KEV Report – September 2025
Velma’s KEV Report – August 2025
Velma’s KEV Report – July 2025
Velma’s KEV Report – June 2025
How is This Intelligence Is Generated?
This intelligence is powered by Velma (Vulnerability Enhanced Learning Machine AI) – Rootshell’s exploit intelligence engine.
Velma focuses on one thing: understanding when vulnerabilities actually become a problem.
There’s no shortage of vulnerability data available, and most of it is driven by static scoring models. But risk isn’t static. A vulnerability can exist for months with little real-world impact, then quickly become critical when exploit code is released or it begins to be used in the wild.
Velma tracks that shift.
By analysing exploit availability, attacker activity, and how vulnerabilities are being used in real-world scenarios, Velma highlights what’s genuinely worth paying attention to – not just what’s highly scored, but what’s actually exploitable.
This Exploit Centre provides a current view of the threat landscape, prioritising vulnerabilities that are actively being weaponised or realistically used in attack paths.
For most organizations, the challenge isn’t a lack of vulnerabilities – it’s knowing which ones actually matter.
Ready to get started?
1
Discover your needs
2
Dive into a personalized demo
3
