FAQ : CVE Find
Does CVE Find indicate if a vulnerability is actively exploited?
Yes, our CVE Find service integrates the KEV (Known Exploited Vulnerabilities) status maintained by CISA. If a vulnerability is confirmed to be actively exploited in the wild, it is marked as such on the corresponding CVE record, with a link to the official source.
This allows users to immediately identify urgent threats without having to manually cross-reference data with other databases. The KEV status is updated regularly and can also be used as a filtering criterion in the interface.
How does CVE Find help with nFADP compliance?
The nFADP requires appropriate technical measures to protect data. Vulnerability monitoring is one of these measures: identifying and fixing flaws in your systems demonstrates proactive security management. CVE Find provides the traceability needed in the event of an inspection by the FDPIC.
How does the CVE Find alert system work?
You configure the list of products and technologies you use (servers, CMS, libraries, network equipment). CVE Find continuously monitors the MITRE database and alerts you by email or SMS as soon as a new vulnerability affects one of your products, with the severity score and patch recommendations.
How many CVEs are published each year?
The volume of published CVEs increases every year: 25,227 in 2022, 29,065 in 2023, 40,009 in 2024, and 48,185 in 2025. In 2026, the trend continues to accelerate with more than 130 CVEs published per day. CVE Find indexes all these vulnerabilities in real time.
How to use CVE Find to track critical vulnerabilities?
Our CVE Find service allows you to filter and sort vulnerabilities according to several key criteria: CVSS score, EPSS score, membership in the KEV list, severity level, publication date, etc. These combined indicators allow you to quickly identify the most serious and most likely to be exploited vulnerabilities.
Once the filters are applied, the user can subscribe to alerts or export the data for integration into internal tools. This makes it possible to maintain active monitoring, focused on genuinely dangerous vulnerabilities, while avoiding the noise of irrelevant information.
Is CVE Find free?
Yes, our CVE Find service is accessible free of charge online. All users can consult CVE records, apply filters, and access enriched information (scores, exploitation status, KEV/EPSS data). The objective of the site is to democratize access to vulnerability information, without financial barriers.
Advanced functionalities (e.g., API integration, automatic export, personalized alerts) are offered as options or premium services, but the basic functionality remains open to all.
Is CVE Find free?
Consulting the CVE Find database on www.cvefind.com is free and accessible to all. Advanced features (personalised alerts, monitoring of specific products, SMS notifications) are available to Bexxo clients as part of our audit and monitoring packages.
What is CVE Find?
CVE Find is a Swiss vulnerability monitoring platform, developed and maintained by Bexxo (tesweb SA). It covers the entire MITRE CVE database with real-time updates, email and SMS alerts, and integrated scoring to prioritise patches. The interface is available in French, English and German.
What is a CVE?
A CVE (Common Vulnerabilities and Exposures) is a unique identifier assigned to a known security flaw (e.g. CVE-2024-12345). This system, maintained by the MITRE Corporation, allows security professionals to reference the same vulnerability universally. In 2025, more than 48,000 new CVEs were published (+20% vs 2024).
What is the difference between CVE Find and the NIST NVD database?
The NVD (National Vulnerability Database) from NIST is the official US source. CVE Find aggregates this data and adds a layer of personalised alerts, product filtering and EPSS scoring (real-world exploitation probability) that the NVD does not offer natively. The interface is available in English.
What is the difference between CVE Find and the official cve.org website?
The cve.org website, managed by MITRE, is the official source of CVE identifiers. It is essential for ensuring the uniqueness and structure of entries. However, cve.org focuses on the administrative aspect and does not provide EPSS scores, exploitation indicators, or advanced sorting functionalities.
Our CVE Find service takes this official data, enriches it with complementary metrics (KEV, EPSS, CVSS), and presents it in a more modern, faster, and filterable interface. It is therefore a practical monitoring tool, designed for operational and decision-making use on a daily basis.
What is the purpose of the CVE Find website?
Our service www.cvefind.com is a search and monitoring platform dedicated to IT vulnerabilities. It allows cybersecurity professionals, developers, administrators, or CISOs to quickly consult known vulnerabilities (CVEs), track their evolution, and access additional indicators to prioritize remediation.
Our goal with CVE Find is to make information more accessible, readable, and actionable than on official databases, which are often too technical or not very user-friendly. We centralize useful data (CVSS, EPSS, KEV status, dates, affected products), and facilitate decision-making for remediation or alert actions.
Why is CVE monitoring essential for an SME?
More than 130 vulnerabilities are published every day, and this number increases year on year (+20% between 2024 and 2025). Without active monitoring, your company may be using software with known and exploitable flaws. 60% of data breaches exploit vulnerabilities for which a patch already existed (Verizon DBIR).