Exploit validation

Exploitability Validation Core

Stop chasing severity. Rank by what's actually exploitable — EPSS probability, CISA KEV, and proven reachability.

Launch heimdallXAll capabilities

Most scanners hand you a wall of CVSS scores and call it a day. heimdallX cross-references every finding against real-world exploit signals — EPSS exploit probability and the CISA Known Exploited Vulnerabilities (KEV) catalog — then re-ranks your queue so the issues attackers are actually using rise to the top. This is the paradigm the security market moved to in 2025–2026: from "detect and scan" to "validate exploitability."

Exploitability Validation CoreLIVEAKCRITApache httpd 2.4.49 — path traversal & RCEsrc: tech fingerprint · acme-corp.com · CWE-22CVE-2021-41773KEVEPSS97.5%NVDexploit: ActivePriorityfix-first queueseverity-only21+ EPSS · CISA KEV floor90KEV floor90Priority

From severity to exploitability

A high CVSS score doesn't mean anyone is exploiting it. heimdallX multiplies its base priority (severity × exploit-maturity × confidence) by EPSS exploit probability, and floors anything in the CISA KEV catalog to the top of the queue. A vulnerability with a modest score but active exploitation jumps the line — exactly the way an attacker prioritizes targets.

Zero false CVEs

Enrichment is only as good as its matching. heimdallX attaches a CVE only when it's explicitly cited in evidence, or when it matches a precise product-and-version range (e.g. Apache 2.4.49, OpenSSL 3.0.0–3.0.6). It never guesses, so KEV/EPSS enrichment never invents a vulnerability you don't actually have.

Graceful with or without live feeds

The validation layer degrades gracefully: with no API keys it still ranks findings with deterministic exploit playbooks; wired to live EPSS and KEV feeds it sharpens the ranking with up-to-the-day exploit intelligence. Either way, the fix-first queue reflects real-world risk.

How it works

1

Fingerprint

Identify technologies and exact versions on the asset.

2

Match CVEs

Attach CVEs by cited id or precise version range — never guessed.

3

Enrich

Pull EPSS probability and CISA KEV status for each CVE.

4

Re-rank

Weight by EPSS, floor known-exploited issues to the top.

Validation in practice
$ scan acme-corp.com
→ Apache httpd 2.4.49 detected
  matched CVE-2021-41773  ·  CISA KEV: yes
  EPSS 0.975  →  priority 21 → 90 (KEV floor)
→ Log4j  CVE-2021-44228  ·  EPSS 0.99999  ·  KEV

Explore more

Active validation

Proof-based Active Testing

Confirm vulnerabilities by safely triggering them — reflected XSS, error-based SQLi and open redirects, proven not guessed.

Learn more
Adversary emulation

Attack Simulation & MITRE ATT&CK

See findings the way an adversary chains them — mapped to MITRE ATT&CK tactics and techniques.

Learn more
Continuous EASM

Continuous Attack-Surface Discovery

Watch your external footprint change over time — new hosts, shadow IT and disappearing assets, run after run.

Learn more

Put it to work

Run your first scan in under two minutes. Free, no credit card, real findings.

Launch heimdallX
Exploitability Validation Core — heimdallX