/api/Vulnerability

This endpoint provides a detailed historical timeline and risk evolution profile for a specific vulnerability (CVE), including event-driven changes in EPSS scores, CVSS metrics, and references to external resources and exploit information.

The response includes not just the current state of the CVE but also a granular changelog of important scoring or metadata updates. This is ideal for forensic analysis, risk tracking, and understanding long-term exploitability patterns.

Each CVE record includes:

• CVE Identifier: Unique vulnerability ID (e.g., CVE-2002-1453).
• Recon URL: Link to the CVE details on Cytidel’s Recon platform.
• Description: A human-readable explanation of the vulnerability.
• Tags: Highlighted categories such as RisingEpss, CytidelSpotlight, etc.
• Identification and Update Timestamps: When the CVE was first seen and last updated.
• Events Timeline:
  • Chronological log of scoring changes (EPSS increases/decreases), CVSS additions, and identification milestones.
  • Each entry includes the event type, timestamp, old value, and new value.
• Risk Analysis:
  • EPSS Score: Current score, percentile, and last update date.
  • CVSS v2: Full vector, version, and base score. (v3, v4 included if available.)
  • CISA KEV, CWE, CAPEC: If applicable.
• References:
  • External links to bulletins, advisories, mailing lists, or exploit reports.
  • Some may be tagged (e.g., Exploit) to highlight actionable intelligence.
• Product and Vendor Info: If associated products or vendors exist.
• Empty/Null Fields: Placeholders for known-but-absent data like exploits, threatActors, etc., to maintain structure.

Example Use Case

This endpoint is ideal for:

• Tracking risk evolution of a specific CVE over time.
• Investigating why a CVE is resurfacing or gaining relevance.
• Supporting auditing or compliance workflows that demand historical insight.
• Correlating external exploit publication dates with score changes.