Was it a known-exploited CVE? Signed answer.
Denied cyber claims and breach litigation keep turning on one factual question: was the vulnerability on CISA's Known Exploited Vulnerabilities catalog at a point in time, and how long had it been there before the incident? A screenshot of the catalog doesn't survive scrutiny. This page issues a signed, independently re-verifiable receipt of what the KEV catalog shows for a CVE right now, and every receipt is archived, so the state at time T stays re-checkable long after the catalog moves on.
A signed receipt for any CVE, right now.
Enter a CVE id. Dynamic Feed checks it against CISA's live Known Exploited Vulnerabilities catalog and returns one Ed25519-signed Decision Receipt produced by /v1/answer, carrying the full catalog record as evidence. Nothing is mocked and nothing is stored about you.
full signed receipt (JSON)
Coverage disputes are decided on records.
When an insurer argues a breach was preventable, or a plaintiff argues a patch window was negligent, the timeline of public knowledge is the battleground: when was the CVE added to KEV, and what did the catalog say on the day that mattered? A screenshot is the arguing party's own word. A contemporaneous record from an independent witness, signed at the moment, carrying its source and observation time, and verifiable years later against a published key, is the corroboration that survives cross-examination. Our records work against us just as well as they work for you: anyone can re-check them, including the other side.
Evidence, not a security assessment.
Dynamic Feed is a neutral witness, not a regulator, certifier or adviser. Presence on the KEV catalog is CISA's designation, not ours, and absence does not mean a CVE is safe or unexploited; the catalog lists what CISA has confirmed, nothing more. This receipt is a record of what the catalog showed, not a security assessment, not a coverage determination and not a patching recommendation. Advisory evidence, tamper-evident not tamper-proof, zero personal data, and not legal advice.
One API call per CVE.
Claims platforms and security tooling can mint a signed KEV receipt for every vulnerability decision automatically, keyless to try, self-serve to scale.