Automated Information Retrieval and Trust Scoring for CVE Exploitability Insights

The security of digital systems strongly depends on the accuracy and novelty of vulnerability-related data. While authoritative sources such as the National Vulnerability Database (NVD) and the Common Vulnerabilities and Exposures (CVE) provide standardized references, their content often suffers from outdated or incomplete information, which limits its usability in automated security workflows. At the same time, the increasing reliance on AI-driven solutions and automated vulnerability management processes requires high-quality datasets that can support effective risk mitigation. This thesis presents a modular framework designed to automatically retrieve data from verified sources, analyse associated references through web scraping, and apply Large Language Models (LLMs) to extract and evaluate technical information. The resulting data is validated and enriched with structured summaries, exploit and patch references, and quality assessments, which are stored in a graph-based NoSQL database for further querying and analysis. The proposed approach is validated with a focus on cybersecurity documentation in the automotive sector, producing enriched data that highlights the added value of trustworthy and prioritized information. Results demonstrate the feasibility of automating the enrichment and validation of CVE datasets, thereby improving the quality of technical documentation and supporting more efficient vulnerability management in domains where timeliness and accuracy are crucial.