Security check

CVE exposure: known vulnerabilities on your surface, prioritised

Attackers scan the internet for known vulnerable versions within hours of a CVE. We match your exposed services against known CVEs and prioritise by what's actually being exploited.

Run a free domain scan All checks β†’
Relates to: NIS2 Β· art. 21 β€” vulnerability handling ISO 27001 Β· A.8.8 CISA Β· KEV

What we check

Via our internal agent we identify the versions of your services (web server, framework, VPN, appliances) and match them against a curated CVE set (offline, with KEV marking) β€” surfacing KEV hits first. Current KEV/EPSS prioritisation with live feeds is provided via our Threat Radar module (optional).

Why it matters

An internet-exposed service with a KEV-listed vulnerability is an urgent target β€” attackers automate the exploitation. But most CVE lists are noise without prioritisation. We show which can actually hit you first.

How Security Guru tests it

Common mistakes

  • Patching by CVSS regardless of exposure/exploitability
  • Missing KEV-listed vulnerabilities in the flood of alerts
  • Old appliance versions (VPN/firewall) left unpatched
  • No check of new CVEs against existing exposure

What you get in the report

  • Exposed services with known CVEs
  • KEV hits (proven exploited) flagged separately
  • Prioritisation by actual exploitability
  • Mapping to NIS2 vulnerability handling / ISO A.8.8

FAQ

What makes the KEV list special?

CISA KEV lists vulnerabilities proven to be exploited in the wild. A KEV hit on your exposed surface is always top priority.

Do you attack the services?

No β€” we identify versions and match against CVE data. We do not exploit your services.

Continuous monitoring?

Yes β€” new CVEs are continuously matched against your known exposure, with alerts.

Want to know your status?

Run a free scan or order a full Security Assessment β€” prioritised, not noise.

Run a free domain scan