This endpoint provides a detailed historical timeline and risk evolution profile for a specific vulnerability (CVE), including event-driven changes in EPSS scores, CVSS metrics, and references to external resources and exploit information.

The response includes not just the current state of the CVE but also a granular changelog of important scoring or metadata updates. This is ideal for forensic analysis, risk tracking, and understanding long-term exploitability patterns.

Each CVE record includes:

CVE Identifier: Unique vulnerability ID (e.g., CVE-2002-1453).
Recon URL: Link to the CVE details on Cytidel’s Recon platform.
Description: A human-readable explanation of the vulnerability.
Tags: Highlighted categories such as RisingEpss, CytidelSpotlight, etc.
Identification and Update Timestamps: When the CVE was first seen and last updated.
Events Timeline:
- Chronological log of scoring changes (EPSS increases/decreases), CVSS additions, and identification milestones.
- Each entry includes the event type, timestamp, old value, and new value.
Risk Analysis:
- EPSS Score: Current score, percentile, and last update date.
- CVSS v2: Full vector, version, and base score. (v3, v4 included if available.)
- CISA KEV, CWE, CAPEC: If applicable.
References:
- External links to bulletins, advisories, mailing lists, or exploit reports.
- Some may be tagged (e.g., Exploit) to highlight actionable intelligence.
Product and Vendor Info: If associated products or vendors exist.
Empty/Null Fields: Placeholders for known-but-absent data like exploits, threatActors, etc., to maintain structure.

Example Use Case

This endpoint is ideal for:

Tracking risk evolution of a specific CVE over time.
Investigating why a CVE is resurfacing or gaining relevance.
Supporting auditing or compliance workflows that demand historical insight.
Correlating external exploit publication dates with score changes.