FAQ : CVE
Are these resources really free?
Yes. All our white papers, templates and guides are 100% free. Some exclusive content simply requires following our LinkedIn page and subscribing to our newsletter (max. 2 mailings/month, unsubscribe in one click). No credit card is required.
Can I adapt your templates to my organisation?
Yes, each template is designed to be personalised. The documents are in PDF format with clearly identified sections to adapt (company name, scope, responsible parties). Bexxo can also support you with personalisation as part of a compliance audit.
How can I raise my employees' awareness of phishing?
91% of cyberattacks start with a phishing email (Deloitte). Our white paper on phishing provides concrete cases and practical recommendations. For ongoing training, our PhishTrainer platform simulates realistic attacks and reduces the click rate by an average of 75%.
How does CVE Find help with nFADP compliance?
The nFADP requires appropriate technical measures to protect data. Vulnerability monitoring is one of these measures: identifying and fixing flaws in your systems demonstrates proactive security management. CVE Find provides the traceability needed in the event of an inspection by the FDPIC.
How does the CVE Find alert system work?
You configure the list of products and technologies you use (servers, CMS, libraries, network equipment). CVE Find continuously monitors the MITRE database and alerts you by email or SMS as soon as a new vulnerability affects one of your products, with the severity score and patch recommendations.
How many CVEs are published each year?
The volume of published CVEs increases every year: 25,227 in 2022, 29,065 in 2023, 40,009 in 2024, and 48,185 in 2025. In 2026, the trend continues to accelerate with more than 130 CVEs published per day. CVE Find indexes all these vulnerabilities in real time.
Is CVE Find free?
Consulting the CVE Find database on www.cvefind.com is free and accessible to all. Advanced features (personalised alerts, monitoring of specific products, SMS notifications) are available to Bexxo clients as part of our audit and monitoring packages.
What is CVE Find?
CVE Find is a Swiss vulnerability monitoring platform, developed and maintained by Bexxo (tesweb SA). It covers the entire MITRE CVE database with real-time updates, email and SMS alerts, and integrated scoring to prioritise patches. The interface is available in French, English and German.
What is a CVE?
A CVE (Common Vulnerabilities and Exposures) is a unique identifier assigned to a known security flaw (e.g. CVE-2024-12345). This system, maintained by the MITRE Corporation, allows security professionals to reference the same vulnerability universally. In 2025, more than 48,000 new CVEs were published (+20% vs 2024).
What is the difference between CVE Find and the NIST NVD database?
The NVD (National Vulnerability Database) from NIST is the official US source. CVE Find aggregates this data and adds a layer of personalised alerts, product filtering and EPSS scoring (real-world exploitation probability) that the NVD does not offer natively. The interface is available in English.
Which password manager do you recommend for a Swiss SME?
Our comparative analysis from February 2026 evaluates 8 solutions for Swiss SMEs (5-200 employees). Only 3 fully comply with the nFADP with hosting in Switzerland or Europe. Download the full report to discover our detailed recommendation by SME profile.
Which standards are your security policy templates based on?
Our 12 security policy templates are aligned with the controls of ISO 27001:2022 (Annex A) and NIST CSF recommendations. They cover key areas: authentication, access control, data classification, cryptography, backups, supplier management and human resources.
Why is CVE monitoring essential for an SME?
More than 130 vulnerabilities are published every day, and this number increases year on year (+20% between 2024 and 2025). Without active monitoring, your company may be using software with known and exploitable flaws. 60% of data breaches exploit vulnerabilities for which a patch already existed (Verizon DBIR).