Terms of Use

Last updated 19 July 2026

Introduction and Acceptance

KEVIntel ("we", "us") operates kevintel.com (the "Service"), a known exploited vulnerability intelligence platform. By accessing or using the Service — including the website, RSS feed, APIs, or a registered account — you agree to these Terms of Use and our Privacy Policy. If you do not agree, do not use the Service.

The Service

KEVIntel provides known exploited vulnerability intelligence through a public website, a registered Free KEV RSS Feed, a registered Free KEV JSON Feed, and a Pro API for paid accounts. We may update, modify, or interrupt the Service for maintenance, security, or operational reasons without prior notice.

Accounts and API Access

To access the Free KEV RSS Feed or Free KEV JSON Feed, you must create an account with accurate information, confirm your email address, and accept these Terms. API tokens and RSS feed URLs are credentials tied to your account — do not share, publish, or embed them in client-side code or public repositories.

Unless we approve otherwise in writing, one account should be used per individual or organization. We may suspend, restrict, or terminate accounts and revoke API access if we reasonably believe you are abusing the Service, violating these Terms, or creating security or operational risk — with or without notice.

Abusive behavior includes, without limitation: excessive automated requests, circumventing rate limits or access controls, sharing API tokens, fraudulent signup, unauthorized probing or security testing, or any use that degrades the Service for others.

Acceptable Use — Website and Automation

Unauthorized scraping, spidering, or bulk harvesting of website HTML or UI content is prohibited. Do not use bots, scripts, or automated tools to extract data from the website outside the approved channels listed below.

Approved access channels:

  • Free KEV RSS Feed: GET /feeds/kevs.rss?token=… (registered account and personal RSS token required)
  • Free KEV JSON Feed: GET /api/v2/kevs (registered account and X-API-Token header required)
  • Pro API: /api/v2/pro/* (Pro account required) and Enterprise API: /api/v2/enterprise/* (Enterprise account required); your API token works only within your account tier's namespace. Separate commercial terms may apply.

Do not attempt to evade authentication, rate limits, or other access controls. Do not reverse engineer, probe, or disrupt the Service, including denial-of-service attacks or security testing without our prior written permission. We may block IP addresses, User-Agents, or accounts that violate this section.

API Rate Limits and Fair Use

API access is subject to rate limiting and fair-use controls. Exceeding these limits may result in HTTP 429 responses and further enforcement action.

Use reasonable polling intervals. Do not continuously hammer API endpoints to mirror the full catalog when RSS delivery or paginated requests are the intended integration pattern.

Attribution and Use of Data

If you publish, redistribute, or display KEVIntel data — in reports, dashboards, products, blog posts, or other public or client-facing materials — you must clearly attribute KEVIntel with a link to https://kevintel.com or the relevant CVE detail page where applicable.

Do not imply endorsement, partnership, or official status (for example, describing KEVIntel as an official CISA feed) unless we agree in writing.

Pro API enrichment — including confidence scores, telemetry, PoCs, IoCs, and related fields — is licensed only to the subscribing account. Do not sublicense or publicly republish Pro-only fields without our permission.

KEVIntel aggregates data from CISA, NVD, and other third-party sources. You remain responsible for complying with applicable upstream terms and licenses for any data you reuse.

Intellectual Property

KEVIntel branding, website design, enrichment, scoring methodology, and proprietary telemetry are our intellectual property. CVE identifiers and some source data are subject to third-party terms; we do not grant ownership of third-party data.

Virtual Patch Guidance

KEVIntel may provide virtual patch guidance, WAF-style matching ideas, IPS/IDS guidance, detection logic, payload patterns, request indicators, and related mitigation context. This material is provided for informational and defensive security purposes only.

Virtual patch guidance is not a managed security service, professional legal advice, compliance advice, or a guarantee of protection. It is intended to support temporary risk reduction while you assess, prioritize, and apply official vendor patches, configuration changes, mitigations, or other remediation steps.

Although KEVIntel may test or validate guidance against observed exploitation patterns, known payloads, public proof-of-concept material, or internally developed test cases, such testing is not exhaustive. KEVIntel does not warrant that any guidance will be compatible with your systems, safe for all environments, free from error, free from false positives or false negatives, or effective against all exploitation attempts.

You are solely responsible for assessing the suitability of any guidance for your environment, testing it before deployment, monitoring its impact, tuning it as required, and obtaining all internal approvals before use in production. You should not deploy virtual patch guidance blindly or rely on it as your only control.

To the fullest extent permitted by applicable law, KEVIntel disclaims all warranties, express or implied, relating to virtual patch guidance and shall not be liable for any loss, interruption, degradation, missed detection, false positive, false negative, compromise, or other damage arising from the use, non-use, modification, or deployment of such guidance. Nothing in these terms excludes or limits liability where such exclusion or limitation is not permitted by law.

Disclaimers

The Service and all intelligence provided through it are offered "as is" and "as available" without warranties of any kind, whether express or implied. KEVIntel does not guarantee complete coverage of all exploited vulnerabilities, accuracy at all times, or that any particular CVE will or will not be exploited.

KEVIntel is not legal, compliance, or professional security advice. You are solely responsible for remediation, risk, and operational decisions based on information from the Service.

Limitation of Liability

To the fullest extent permitted by applicable law, KEVIntel shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service. Our total liability for any claim relating to the Service is limited to the fees you paid to KEVIntel in the twelve months preceding the claim, or £100 for free accounts, whichever is greater.

Indemnity

You agree to indemnify and hold KEVIntel harmless from claims, damages, and expenses arising from your misuse of the Service or violation of these Terms.

Changes to These Terms

We may update these Terms from time to time. The "Last updated" date at the top of this page indicates when changes were last made. Continued use of the Service after updated Terms are posted constitutes acceptance of the revised Terms.

Governing Law and Contact

These Terms are governed by the laws applicable to the operator of kevintel.com, without regard to conflict-of-law principles.

Questions about these Terms: hello@kevintel.com.