Question 1

What is EPSS?

Accepted Answer

EPSS (Exploit Prediction Scoring System) is a daily probability score between 0 and 1 predicting the likelihood a CVE will be exploited within 30 days. Maintained by FIRST.org. An EPSS score of 0.97 means 97% probability of exploitation in 30 days. EPSS is more predictive of actual exploitation than CVSS severity scores.

Question 2

What is CISA KEV?

Accepted Answer

The CISA Known Exploited Vulnerabilities catalog is maintained by the U.S. Cybersecurity and Infrastructure Security Agency. It lists CVEs confirmed actively exploited in the wild. Federal agencies are required to patch KEV-listed CVEs on a defined timeline. 42% of CVEs with confirmed public exploitation are NOT on KEV, so KEV alone is not sufficient as a prioritization signal.

Question 3

What is the difference between a PoC and a weaponized exploit?

Accepted Answer

A proof-of-concept (PoC) demonstrates that a vulnerability is exploitable but may not be immediately usable as an attack. A weaponized exploit (e.g., a Metasploit module) is packaged for direct offensive use. pingtwice distinguishes between PoC-only, Metasploit module present, Nuclei template present, and confirmed in-the-wild exploitation.

Question 4

How often is CVE data updated?

Accepted Answer

The pipeline runs hourly. EPSS scores are updated daily. CISA KEV additions are detected within hours of publication. New CVE publications from MITRE are ingested on the same schedule.

Question 5

Does pingtwice replace a vulnerability scanner?

Accepted Answer

No. Scanners (Tenable, Qualys, Rapid7) detect which CVEs are present in a specific environment by scanning hosts. pingtwice tracks CVE intelligence signals (EPSS, KEV, exploit activity) across the full CVE database and matches them to a declared tech stack. The two are complementary: a scanner tells you what is present; pingtwice tells you which present CVEs are actually dangerous and changing.

Question 6

Is the CVE Explorer free?

Accepted Answer

Yes. The Explorer at https://pingtwice.com/explorer allows full CVE search and filtering with no account required. Stack monitoring and alerts require a free account.

Every CVE,enriched and ready to search

Every CVE,
enriched and ready to search