> ## Documentation Index
> Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Searching the CVE database with CISA KEV and EPSS

> Browse and search the SOC Defenders CVE database, enriched with CISA Known Exploited Vulnerabilities status and EPSS exploit probability scores.

The SOC Defenders CVE database gives you a searchable view of vulnerabilities sourced from the National Vulnerability Database (NVD), enriched with two critical prioritization signals: CISA Known Exploited Vulnerabilities (KEV) status and EPSS exploit probability scores. Together these signals help you focus patching and detection effort on vulnerabilities that pose real, active risk — not just theoretical severity.

## What the database contains

Every CVE entry includes:

* CVE identifier and description from NVD
* CVSS base score and severity rating (Critical, High, Medium, Low)
* CISA KEV flag — whether the vulnerability is confirmed as actively exploited in the wild
* EPSS score — the probability that the vulnerability will be exploited in the next 30 days
* Published date

## Searching by CVE ID

Type a CVE identifier (e.g., `CVE-2024-12345`) into the **CVE Search** box at the top of the database page. The list filters to matching entries as you type.

## Severity filtering

Use the severity buttons to restrict the list to vulnerabilities in a given CVSS band:

| Severity | CVSS range |
| -------- | ---------- |
| Critical | 9.0–10.0   |
| High     | 7.0–8.9    |
| Medium   | 4.0–6.9    |
| Low      | 0.1–3.9    |

You can select multiple severity levels simultaneously.

## CISA KEV filter

Enable **CISA KEV Only** to show only vulnerabilities that CISA has confirmed are being actively exploited in the wild. The KEV catalog is maintained by CISA and represents the highest-priority vulnerabilities for remediation — federal agencies are required to patch them within set deadlines, and the catalog is a reliable signal for any organization's patching queue.

## Sort options

Sort the database using any of three columns:

* **Published Date** — most recently disclosed CVEs first
* **CVSS Score** — highest severity first
* **EPSS Score** — highest exploitation probability first

Sorting by EPSS is particularly useful when you want to prioritize based on real-world exploitation likelihood rather than theoretical severity alone.

## Understanding EPSS

The Exploit Prediction Scoring System (EPSS) is a community-driven model that estimates the probability a given CVE will be exploited in the wild within the next 30 days. Scores range from 0.0 to 1.0 (0% to 100%). A high EPSS score means exploitation tooling exists or active exploitation has been observed, making the vulnerability a strong candidate for immediate attention regardless of its CVSS score.

## Understanding CISA KEV

The CISA Known Exploited Vulnerabilities catalog lists CVEs for which CISA has confirmed active exploitation. A KEV designation means threat actors are using the vulnerability right now, in real attacks, against real targets. When a CVE appears in the KEV catalog, treat it as requiring immediate remediation.

## API access

You can query CVE-related articles programmatically using the articles endpoint with a CVE tag filter:

```bash theme={null}
curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://socdefenders.ai/api/v1/articles?tag=CVE-2024-12345"
```

For the full list of supported parameters, see the [API documentation](https://socdefenders.ai/docs/api).
