CVE risks in Censys ASM help you identify software vulnerabilities in your attack surface and understand how critical and exploitable they are, enabling you to respond to the most important risks in your attack surface first and avoid chasing low-risk issues.

CVE risks feature CVE data, KEV information, and CVSS scores along with first seen and last seen dates to make it easy for you to evaluate risks at a glance. This information is highlighted in your risk instances page in the ASM web interface as well as on individual risk detail pages on your inventory assets.

You have complete control over the criteria used to surface CVE risks in your workspace--you can restrict CVE risks to only those that have been scored as critical, that utilize specific attack vectors, and are present in the KEV catalog. By default, only CVE risks that have been scored high to critical, use network attack vectors, or are present in the KEV catalog will be shown in your attack surface.

Learn more about how to use CVE risks in ASM with the following resources:

• This short lesson in the Censys Academy
• Our documentation
• Or in the brief video embedded below

If you have any questions about CVE risks, let us know! We recommend working with your customer success manager to ensure that you get the best results out of CVE risks.