ALL SYSTEMS LIVE·CYBERSECURITY · ADVISORY EVIDENCE · NEUTRAL WITNESS
DATA WITH RECEIPTS · ED25519 · RFC 3161·--:--:-- UTC
Home  /  Proof  /  KEV receipt
CYBERSECURITY · CYBER INSURANCE · KEV-AT-TIME-T

Was it a known-exploited CVE? Signed answer.

Denied cyber claims and breach litigation keep turning on one factual question: was the vulnerability on CISA's Known Exploited Vulnerabilities catalog at a point in time, and how long had it been there before the incident? A screenshot of the catalog doesn't survive scrutiny. This page issues a signed, independently re-verifiable receipt of what the KEV catalog shows for a CVE right now, and every receipt is archived, so the state at time T stays re-checkable long after the catalog moves on.

LIVE

A signed receipt for any CVE, right now.

Enter a CVE id. Dynamic Feed checks it against CISA's live Known Exploited Vulnerabilities catalog and returns one Ed25519-signed Decision Receipt produced by /v1/answer, carrying the full catalog record as evidence. Nothing is mocked and nothing is stored about you.

checked against CISA KEV: presence, date added, ransomware association, catalog version at query time
WHY IT MATTERS

Coverage disputes are decided on records.

When an insurer argues a breach was preventable, or a plaintiff argues a patch window was negligent, the timeline of public knowledge is the battleground: when was the CVE added to KEV, and what did the catalog say on the day that mattered? A screenshot is the arguing party's own word. A contemporaneous record from an independent witness, signed at the moment, carrying its source and observation time, and verifiable years later against a published key, is the corroboration that survives cross-examination. Our records work against us just as well as they work for you: anyone can re-check them, including the other side.

Data with Receipts. The receipt proves what CISA's Known Exploited Vulnerabilities catalog showed for that CVE at that time, and that the record has not been altered since. It is one independent input beside your own vulnerability management logs, not a replacement for them.
THE BOUNDARY

Evidence, not a security assessment.

held on purpose

Dynamic Feed is a neutral witness, not a regulator, certifier or adviser. Presence on the KEV catalog is CISA's designation, not ours, and absence does not mean a CVE is safe or unexploited; the catalog lists what CISA has confirmed, nothing more. This receipt is a record of what the catalog showed, not a security assessment, not a coverage determination and not a patching recommendation. Advisory evidence, tamper-evident not tamper-proof, zero personal data, and not legal advice.

FOR INSURERS, BREACH COUNSEL & SECURITY TEAMS

One API call per CVE.

Claims platforms and security tooling can mint a signed KEV receipt for every vulnerability decision automatically, keyless to try, self-serve to scale.