close

Features

See it the day it moves, not the day the catalog blesses it.

A threat-intelligence platform that scores CVEs by what attackers are actually doing, keeps watching after the first alert, and plugs into every tool your team already runs.

Start free View pricing →
CVE detail page with composite threat score and watchlist pills

Only on rdintel

Find CVEs before the mainstream catalogs publish them.

We watch commit activity, vendor advisories, regulatory catalogs, and researcher channels continuously. When something surfaces publicly before the primary catalogs pick it up, we capture the first-seen timestamp and start scoring it the same minute.

  • First-seen timestamp per CVE, per feed
  • A pre-publication badge on every affected CVE
  • One preset watchlist subscribes you to the whole cohort
  • Typical head start on commercial scanners: days, not hours
Watchlist presets page showing the pre-publication signal preset

RDI — Ranked Disclosure Intelligence

Rank vulnerability fixes before they become CVEs.

Not every vulnerability gets a CVE. Many real fixes land as silent commits — maintainers patch a bug, ship a release, and move on. RDI catches them the day they land: we triage every candidate commit, reject the noise, and tier the survivors P0–P3 with a 0–100 threat score, a short title, and a plain-English description. It's a co-product to CVEs, not a replacement.

  • Each ranking gets its own rdi-YY-NNN ID, a P0–P3 tier, and a 0–100 threat score.
  • Every P0/P1 ranking carries a plain-language title + description so triage takes seconds, not minutes.
  • Docs-only, test-only, version-bump, and refactor commits are filtered out before they ever reach the ranking.
  • When a CVE is eventually assigned, RDI automatically cross-links so your history stays intact.
Browse the ranking →

Only on rdintel

A threat score that reflects reality, not just CVSS.

CVSS says how bad a vulnerability could be. Our threat score says how dangerous it actually is right now. Exploit availability, active exploitation, ransomware campaigns, news velocity, and social chatter all feed into one number that updates as the world changes.

  • Exploit code published or observed in the wild
  • Listed in active-exploitation catalogs
  • EPSS probability (the likelihood it gets exploited this month)
  • Ransomware-campaign association and threat-actor mentions
  • News and community velocity across the last 72 hours
Attack-flow kill chain with MITRE technique nodes

Only on rdintel

Watchlists that keep watching.

Most platforms fire one alert and forget. We track the state of every matched CVE and re-fire a separate event when something meaningful changes. You hear about the active-exploitation flag three months later, the fresh PoC, the severity bump, and the threat score spike. Not silence.

  • Four distinct event kinds, one per change type
  • Idempotent: each kind fires at most once per CVE per watchlist
  • Email subject and color code differ per event so triage is fast
  • Push to email, in-app feed, Slack, Discord, Teams, Jira, Linear, PagerDuty, Splunk, or signed webhook
Watchlist detail page with event pills showing active-exploitation and score jump

Only on rdintel

Spot malicious PoCs before you run them.

Red teams pull exploits from GitHub every day. Some of them are backdoored: credential stealers, reverse shells, honeypots disguised as proof-of-concept code. We score every PoC repo on obfuscation, network behaviour, and known-bad patterns, then surface the score right next to the repo link.

  • Per-repo suspicion score, visible on every CVE's exploit list
  • A preset watchlist that alerts only on the flagged ones
  • Entropy, obfuscated strings, and outbound-connection heuristics
  • Safe for red teams, blue teams, and independent researchers
Dangerous repositories panel with malware and suspicious PoC flags

Only on rdintel

The first threat-intel platform agents can reason over.

Our MCP server gives agents like Claude, Cursor, and Windsurf direct access to every piece of threat intelligence we collect. 'What are the riskiest Fortinet CVEs this week, and what exploit code is public for them?' becomes one prompt, not a twelve-tab investigation.

  • Native Model Context Protocol server, two lines of config to add
  • Tools for CVE lookup, enrichment, detection rules, and threat feeds
  • Same API key and rate limits as REST, no separate auth path
  • Runs locally via Docker over stdio, so no data leaves your environment
MCP server Docker setup for Claude, Cursor, and Windsurf

Only on rdintel

Remediation written for the specific product, not a template.

Every critical CVE ships with a prescriptive playbook: the exact patched version, a targeted workaround keyed to real endpoints and config flags, a verification check your team can run, and post-compromise hygiene written for the affected product — not copy-paste advice scraped off the rest of the internet.

  • Exact patched version per product, merged across vendor aliases
  • Workaround keyed to real endpoints, flags, and config directives from the advisory
  • Verification step your team can run after patching to confirm the fix took effect
  • Post-compromise rotation and forensic pointers specific to the compromised product
  • Remediation deadline with days-remaining counter on actively exploited CVEs
Respond section with a per-product remediation playbook, upgrade target, workaround, verification, and post-compromise pointers

The whole toolbox

Everything you need, in one place.

Beyond the data we uniquely collect, rdintel gives you every workflow security teams actually run.

330K+ enriched CVEs

The entire public CVE catalog continuously enriched with 15+ real-world signals.

Composite threat score

Severity + exploit probability + active-exploitation flags + public PoCs + ransomware + news + social, recomputed hourly.

Public PoC tracking

Live proof-of-concept repositories, commits, stars, and forks across every CVE — the earliest weaponization signal.

Watchlists with change detection

Track vendors, products, keywords, or presets. Re-fires on exploit, severity, and score changes.

9 integration destinations

Slack, Discord, Teams, Jira, Linear, PagerDuty, Splunk, signed webhook, email.

WordPress & CMS coverage

Plugin, theme, and core vulnerabilities — patched, unpatched, and zero-day — indexed per CVE.

EU regulatory context

EU-relevance tagging, regulatory advisory linkage, and cross-referenced identifiers for NIS2 / CRA alignment.

Bug bounty signals

Public bounty program matches and disclosed reward tiers per CVE.

Zero-day researcher feeds

Independent researcher submissions and coordinated-disclosure advisories surfaced alongside the mainstream catalog.

Domain intelligence

Subdomain enumeration, certificate transparency, WHOIS — map attack surfaces at scale.

Network intelligence

IP, CIDR, ASN lookups with RDAP + WHOIS. Free and unauthenticated.

48-tool MCP server

Native Model Context Protocol — agents reason over threat intel in real time.

REST API

OpenAPI schema, token auth, per-plan rate limits with burst control, paginated everywhere.

Daily digests & briefings

Morning inbox rundown of newly weaponized CVEs, fresh PoCs, trending topics, and your watchlist hits.

Threat actor attribution

APT groups and campaigns tied to each CVE, with source citations.

Only on rdintel

Modern severity scoring, across the catalog.

Next-generation vulnerability scoring with subsequent-system impact and attack-requirement metrics, surfaced on CVEs where the rest of the industry still only publishes the legacy version. Every vector is broken out — attack vector, complexity, privileges, user interaction, impact on the vulnerable system, impact on downstream systems — with color-graded severity dots so triage is visual, not arithmetic.

  • v4.0 vectors on CVEs where upstream catalogs haven't published them
  • Vulnerable-system and subsequent-system impact broken out separately
  • Per-metric tooltips explaining what each value means for exploitability
  • Consistent treatment across legacy, current-year, and pre-publication CVEs
CVE detail header showing v3.1 and v4.0 vectors side by side with per-metric severity dots

Only on rdintel

CVE pages that keep working.

Static vendor advisory. PDF report. Screenshot pasted into a ticket. That's how the rest of the market ships context. Our CVE page is a living surface: sibling CVEs affecting the same version roll in, the threat score replots as new exploitation signal lands, watchlist hits render a badge in real time, and your team's patch-priority ranking reorders based on reachability and velocity.

  • Sibling CVEs on the same product version rendered inline
  • Threat-score history charted across the last 90 days
  • Per-user patch priority that factors in watchlist reachability
  • Share link with live data — not a stale PDF — for every paid plan
CVE page showing threat score history chart, sibling CVEs, and patch priority badge

Detection rules, for you

Nuclei, Sigma, YARA. Indexed per CVE.

Where public detection rules exist, we pull them in and pin them to the CVE. Nuclei templates for scanning, Sigma rules for your SIEM, YARA rules for file signatures — all one click from the CVE page, with technique mappings carried through when the upstream rule provides them.

  • Nuclei, Sigma, and YARA rules indexed per CVE
  • Technique mappings carried through from upstream rule metadata
  • Copy a single template or bulk-export a per-CVE pack
  • Coverage grows as the public detection ecosystem grows
Detect section showing Nuclei, Sigma, and YARA rules indexed per CVE

Plugs into your stack

Nine destinations. One API key.

Slack, Discord, Teams, email, Jira, Linear, PagerDuty, Splunk, or a signed outbound webhook. Pick the channel, pick the style, send a test CVE, and you're live.

Slack Discord Teams Jira Linear PagerDuty Splunk Webhook Email
See the full API →
Integrations grid showing all 9 providers with plan-tier badges

Start free. Upgrade when you need the API.

14-day trial on any paid plan. No card required to browse the intelligence.

Create account Compare plans →