Risk Levels

wtfisthiscve assigns risk levels based on exploit availability and detection coverage.

Critical Gap

The most dangerous category: exploits exist but no detection is available. Attackers can exploit this vulnerability while your security tools remain blind.

Only applies to HIGH and CRITICAL severity CVEs (CVSS 7.0+).

Why Critical Gaps Matter: These vulnerabilities have weaponized exploits available (Metasploit, ExploitDB, or public PoCs) but no detection rules in common security tools (OSV, Nuclei, Sigma, Snort, Suricata, YARA). This means attackers can exploit them while your security stack remains blind.

View all Critical Gaps →

High Risk

Exploits exist AND detection tools are available. Urgent priority - ensure your detection tools are deployed and updated.

Medium Risk

Detection available but no known exploits yet. Your security tools can catch this, giving you early warning before active exploitation begins.

Low Risk

No known exploits or detection coverage. Theoretical risk only - monitor but lower priority.

Critical Gap​

High Risk​

Medium Risk​

Low Risk​

Critical Gap

High Risk

Medium Risk

Low Risk