How far public exploitation has progressed for each CVE. Medulus counts these signals; it never stores or links the exploit code.