Exploited CVEs visible in GUI and PDF reports

You're already familiar with the CVEs in the GUI and PDF reports. They are blue boxes with rounded corners that have a color on the left side signalling the CVSS severity: red (critical), orange (high), yellow (medium) and green (low).

As of now, a red bar on the right side signals that the CVE is exploited. If you click on the CVE, you will be shown a page that shows you where that information comes from. IT can be because the US CISA says so on their Known Exploited Vulnerability list, or because a Proof-of-Concept is publicly available. In that last case, the link to the PoC is shown too.

There's also a new report available (query: $exploited_vulnerabilities_report) that only shows you the exploitable CVEs you have for you assets. Who knows, they might already have been exploited. Patch them as soon as possible!