VULNERABILITIES are piling up, with more than 48,100 documented in 2025, up 21% from the previous year, prompting security teams to seek smarter triage. A tool called KEV Collider aims to help by combining data from the KEV Catalog with CVSS scores, EPSS, and Metasploit automation status so organisations can filter issues by multiple signals and focus on what matters.
The KEV Catalog, maintained by the US Cyber and Infrastructure Security Agency, has long been used as a quick patch-first list, though Beardsley notes that many organisations’ priorities do not align with it, leading to wasted cycles. According to KEV Collider, the 235 KEVs included in both the Nuclei framework and Metasploit are considered highly commoditised and potentially critical for affected products, illustrating how signals can be reconciled to aid decision-making.
The analysis is open-source, with data fed into a GitHub repository managed by runZero, and Beardsley argues that a total solution will likely involve multiple products and data sources, especially in OT and BYOD environments. According to KEV Collider, the aim is to help security teams decide quickly what to patch now, later, or perhaps never.