Discovering CVE details

The CVE Details page in Recon provides a comprehensive view of a vulnerability, combining vulnerability data, threat intelligence, and Cytidel's analysis in one place.

This page helps security teams quickly assess the severity, exploitability, and real-world threat activity associated with a CVE.

You can open a CVE details page from multiple areas in Recon, such as the Trends page, search results, or vulnerability tables.

To view a CVE:

1. Locate a vulnerability in Recon.
2. Select the CVE identifier.
3. The CVE Details page will open with a full intelligence overview.

Overview

The Overview card provides a quick summary of the vulnerability and its key indicators.

This section includes:

• Published and Updated dates – when the CVE was first disclosed and when its information was last updated
• Description – the vulnerability description sourced from the National Vulnerability Database (NVD)
• Vulnerability type tags – classifications generated by Cytidel’s AI model, trained on CVE descriptions
• Cytidel Risk Rating – Cytidel’s assessment of the vulnerability based on threat activity and intelligence signals
• Intel tags – intelligence indicators associated with the CVE, shown as active or inactive
• Quick statistics, including: news mentions in the last 30 days social mentions in the last 30 days CVSS score EPSS score number of associated vendors and products
• External sources, with links to references such as the NVD, EUVD, GitHub advisories, or vendor advisories

Together, these indicators provide a high-level view of the vulnerability’s severity, visibility, and potential impact.

Exploit Trends & Activity

The Exploit Trends & Activity section highlights signals related to exploit development and public discussion.

This includes:

• EPSS trends over time
• news and social activity related to the vulnerability

This section helps identify vulnerabilities that are gaining attention or becoming more likely to be exploited.

References & External Coverage

The References & External Coverage section lists external sources related to the vulnerability.

This includes:

• vendor advisories
• security research publications
• vulnerability databases
• additional intelligence sources

These references provide additional context and allow analysts to explore external analysis of the vulnerability. 

Cytidel Spotlight Analysis

If a vulnerability has been added to Cytidel Spotlight, the page will include analysis from Cytidel’s CTI team.

This analysis may include:

• an executive summary of the vulnerability
• technical details about the vulnerability and exploitation methods
• risk notes and business impact considerations
• recommended remediation guidance

This section helps provide deeper context on vulnerabilities that require closer attention. 

Event Timeline

The Event Timeline tracks important events related to the vulnerability over time.

Examples of tracked events include:

• EPSS score changes
• exploit or proof-of-concept releases
• new intelligence signals
• significant updates to vulnerability data

This timeline helps analysts understand how the risk associated with a vulnerability evolves.

Exploits & Threat Actors

This section highlights exploitation activity and any associated threat actors.

It may include:

• known exploit sources
• proof-of-concept references
• threat actors linked to the vulnerability

These insights help analysts understand whether the vulnerability is being used in real-world campaigns. 

Affected Software

The Affected Software section lists the vendors and products associated with the vulnerability.

This information helps determine whether the CVE may impact technologies used within your organisation.