Hot CVEs

Hot CVEs help security teams quickly identify vulnerabilities that are drawing urgent real-world attention.

ARMO flags CVEs as Hot when signals indicate active exploitation, public exploit availability, critical new disclosure, or increased threat intelligence activity.

Hot CVEs enable security teams to respond immediately when critical real-world exposure emerges in their environment.

View Hot CVEs

To view Hot CVEs in your environment, go to Vulnerabilities and turn on the Hot CVEs 🔥 toggle in the top-right corner.

When enabled, the view shows only vulnerabilities in your environment that are currently marked as Hot CVEs.

Get notified about Hot CVEs

Use Hot CVE as a condition in Workflows and automatically get notified when a Hot CVE is detected.

Create a new Vulnerability workflow, or edit an existing one, and add Hot CVE as a condition.

📘

If Hot CVE is used alongside other conditions in a workflow, it acts as an OR condition. This means the workflow will trigger if either the CVE is a Hot CVE or if the other configured conditions are met.

How Hot CVEs are updated

How often is the Hot CVE list updated?

ARMO reviews and updates the Hot CVE list as new high-profile vulnerabilities emerge and as threat intelligence changes.

How long does a CVE remain a Hot CVE?

Hot CVEs are not limited to the initial disclosure period. A CVE may remain marked as a Hot CVE after the initial discovery period so security teams can continue identifying exposure in their environment.

The Hot CVE list is maintained by ARMO and may change over time as threat intelligence changes.