Assess and prioritize most exploitable vulnerabilities

In the context of vulnerability assessment, Helm provides a practical framework for understanding and prioritizing vulnerabilities based on severity, exploitability, and potential threats. This article outlines how Helm utilizes CVSS v2 and v3 scores, along with EPSS scores and threat sources, including indicating if vulnerabilities are on the CISA KEV list, whether they are in the Exploit Database ( or have a Metasploit toolkit available to make attacks easier, and whether they meet the criteria of the top 25 CWEs (Common Weakness Enumerations).

Rescoring vulnerabilities

You can adjust all vulnerability scores across an entire product version based on your device's environment and usage, or choose individual vulnerabilities to rescore. Customize vulnerability scores based on your device's unique environment and usage, recalibrating severity, exploitability, and threat information for a tailored assessment that minimizes false positives while pinpointing your more exploitable and critical vulnerabilities, thereby strengthening your cybersecurity defenses.

Prioritize what vulnerabilities to focus on

You can easily stay on top of new and updated vulnerabilities:

  • Get email notifications of new vulnerabilities impacting your software supply chain.

  • Identify those with available exploits or malware kits.

  • Consider suggested Windows KB updates (Windows operating systems only).

  • Stay updated with information from the National Vulnerability Database (NVD).

What vulnerabilities should I focus on first?

Create a reuseable rescore profile

To ensure you're focusing on the most exploitable vulnerabilities:

Once you've rescored your vulnerabilities, you can then prioritize the remaining vulnerabilities by filtering down on those that have a combination of high CVSS scores with high exploitability (EPSS) scores, as well as having exploits or threats publicly available.

Filter on most impactful vulnerabilities

You can filter down to just what you need:

  • Narrow down vulnerabilities by criteria such as severity, exploitability, and threat information.

  • Select "Any" or specific parameters in filter drop-downs.

  • Use text filters for direct input.



Search for all CVSS scores greater than or equal to the whole number you enter. For example, searching on 8 will give you 8-10.

  • Critical scores: 9 to 10

  • High scores: 7-8

  • Medium scores: 4-6

  • Low scores: 1-3

  • None: 0

Vulnerability ID...

Search for a particular vulnerability ID


Search for vulnerabilities that impact a particular supplier, such as Microsoft.

Dependency component...

Search for vulnerabilities that impact a particular dependency component, such as Windows.

Any score

If you're only interested in one CVSS version, you can filter on only CVSS v2 scores or only CVSS v3 scores. If a particular version's score is not available, the other version will display. If one or both scores do not exist, this will show as a blank in the CVSS column.

Any KB patch

Filter on vulnerabilities that have or have not been patched by Windows KB patches, or that have patches available:

  • Patched: Vulnerabilities for which a Windows KB patch has been successfully applied.

  • Unpatched: Vulnerabilities that still lack a corresponding Windows KB patch.

  • Patch available: Vulnerabilities for which a Windows KB patch is available, but has not yet been applied.

Any exploit

Filter down on exploits and threats to see vulnerabilities:

  • CISA KEV List: Vulnerability is listed in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) list.

  • Top CWEs list criteria: Ensure that the vulnerability meets the criteria of the top 25 Common Weakness Enumerations (CWE) list, indicating common software security weaknesses.

  • Exploit DB: Verify if the vulnerability is documented in the Exploit Database, a valuable resource for information on security vulnerabilities and exploits.

  • Metasploit toolkit availability: Vulnerability has a corresponding Metasploit toolkit to exploit the vulnerability. Metasploit is a penetration testing framework that aids in the development, testing, and use of exploit code.


Search for all EPSS scores greater than or equal to the whole number you enter. For example, searching on 80 will give you everything 80% or above. You do not need to enter a % in the value.

Start and End date

Select a date range to see all vulnerabilities added or updated in external sources during that timeframe. This does not include updates made by your team during security review and analysis.

Check whether a vulnerability has been updated

If you’ve previously assessed a vulnerability, but you see an Updated on date display in the Detected on column, this indicates that the vulnerability has been updated. You’ll want to check to make sure that this doesn’t increase its severity for your particular case.

Last updated

© Copyright MedCrypt 2023, All rights reserved.