ALL SYSTEMS LIVE·CISA KEV · EPSS · SIGNED GROUND TRUTH
DATA WITH RECEIPTS · ED25519 · RFC 3161 · KEYLESS·--:--:-- UTC
Home  /  Vulnerability watch
LIVE VULNERABILITY WATCH · CISA KEV · EPSS · SIGNED

Which exploited CVEs are in your stack right now?

A live watch of the vulnerabilities being exploited in the wild, for your exact tech stack. Pass your stack and get back precisely the CISA Known-Exploited-Vulnerabilities entries that affect it, ranked by EPSS exploitation probability and ransomware linkage, each one Ed25519-signed ground truth you can verify. Not a noisy CVE firehose, the few that are actually being exploited, today, in the software you named.

Scan a stack, live.

Type a comma-separated tech stack and we'll match it against the live CISA KEV catalog right now. This is the exact call a watch runs on a schedule, and that an AI agent runs per prospect.

live · POST /v1/batch · exploited_vulnerabilities · Ed25519-signed

try: Fortinet, Ivanti, Citrix · VMware, Microsoft, Apache · Cisco, Palo Alto, Juniper · Atlassian, GitLab, Jenkins

Exploited in your stack

,

actively exploited (CISA KEV)

Ransomware-linked

,

tied to known campaigns

High probability

,

EPSS ≥ 50%

Highest risk

,

,

Every result is Ed25519-signed, verify it on /proof. CISA KEV + FIRST.org EPSS.

Why a signed watch beats a CVE firehose.

There are ~250,000 published CVEs. The number being exploited in the wild is ~1,600, and only a handful touch any one stack. Dynamic Feed serves that exploited set (CISA's authoritative KEV catalog) enriched with EPSS (FIRST.org's modeled 30-day exploitation probability) and ransomware-campaign linkage, filtered to the stack you actually run. Every datapoint is Ed25519-signed and independently time-stamped by an accredited RFC 3161 authority, so an alert is verifiable ground truth, not an unattributable feed entry. It pairs with security_advisories (newly disclosed CVEs) and check_vulnerability (is package@version affected).

Quickstart. Keyless.

One call from anything that can POST JSON. Pass your stack; get the matched exploited CVEs + a risk summary.

SHELL · live vulnerability watch for a stack · POST /v1/batchCOPY
curl -s https://dynamicfeed.ai/v1/batch \
  -H "Content-Type: application/json" \
  -d '{"calls":[{"tool":"exploited_vulnerabilities",
        "args":{"stack":"Fortinet, Ivanti, Citrix","sort":"risk","limit":10}}]}'

# -> summary: { matched, ransomware_linked, high_epss_50pct_plus, highest_epss }
# keyless over MCP too: npx -y dynamicfeed-mcp  ·  verify: /.well-known/keys

Evidence, not a safety guarantee.

read this before you rely on it

This is a signed, timestamped view of the public CISA KEV catalog matched to a stack you describe, proof-of-existence and tamper-evidence for each datapoint. It is not a vulnerability scanner, not a SIEM, and not a security guarantee: it does not inspect your systems or confirm exposure, and a match means a CVE in your stack's software is being exploited in the wild, not that you are compromised. Use it to prioritise and verify; your security team and tooling own remediation. The signature proves what the catalog said at a time, not the completeness of your security posture.

THE FUTURE, HERE AND NOW

Fully automated. Run by AI, end to end.

No sales calls and no waiting. Mint a key and you are live in seconds, on any tier.

KEV exposure receipts: was this CVE known-exploited at time T? Get a signed answer