CVE pages, second pass: keyword search, AI interpretation, and broader NVD coverage

What changed

Latest CVE notices is now a CVE-discovery surface, not just a feed. The page still leads with awareness — three tabs over CISA's Known Exploited Vulnerabilities catalog, NVD critical CVEs, and recently-published NVD entries — but a search box above the tabs accepts either a CVE ID or a free-text keyword. ID input navigates straight to that CVE's detail page; keyword input fires a live NVD search and renders matching cards inline.

/cve/<id> previously only resolved entries in CISA KEV (~1,500 CVEs). It now falls back to NVD for any other valid CVE ID — that's the difference between ~1,500 records and ~270,000.

Plain-English and technical AI summaries on every detail page

NVD's description for kernel CVEs is often the verbatim git commit message that the linked vendor advisory points to — readers click the vendor link and see the same paragraph they just read. That's not interpretation; that's duplication.

Every CVE detail page now carries two short AI-generated summaries above the raw record: a **Plain English** read for website operators (what subsystem, does this realistically affect a typical public web app, what to do) and a **Technical Detail** read for engineers (attack vector, affected versions, exploitation requirements, severity nuance). The raw NVD or CISA description stays on the page as a verbatim source — relabeled "From NVD" or "From CISA" — but it's no longer the page's primary read.

For many kernel, firmware, or niche-device CVEs the honest plain-English answer is: "your hosting provider absorbs this patch — you can skip it." That's often the most useful thing to say. The prompt explicitly endorses saying so and bans filler like "consult a security professional."

Three tabs, with the right defaults

**Exploited** — CISA Known Exploited Vulnerabilities catalog. CVEs CISA has confirmed are being actively used by attackers. Treat as a patch-today list.

**Critical** — NVD CVEs scored CVSS ≥ 9.0 in the last 14 days. Recent severe disclosures; not all are observed in the wild yet.

**Newest** — NVD CVEs published in the last 7 days regardless of severity. Useful for spotting fresh disclosures before they're scored or while they're still in NVD's "Received" intake state.

Each tab caps the visible list at 25 entries by default with a *Load more* button that extends to 50 on click — initial paint stays light without hiding the data.

Faster initial load

The previous version of Latest CVE notices rendered both tabs into the initial HTML — about 1,300 DOM nodes for 100 cards even though only one tab was visible. The new version renders the default tab only (about 380 nodes); the other tabs fetch their data on first click, cached so subsequent visits and clicks resolve nearly instantly.

Total initial HTML payload dropped from ~308 KB to ~85–95 KB.

How to use it

**Searching for a specific CVE** — paste the ID into the search box. The page navigates to the detail page, which works whether the CVE is in KEV or only in NVD.

**Searching by keyword** — type a vendor (`openssl`), a library (`log4j`), or a concept (`ptrace`). The page calls NVD's keyword endpoint live and lists matching CVEs sorted newest first. Click any result to land on its detail page.

**Browsing** — leave the search box empty and use the tabs as before. Exploited for actively-attacked, Critical for serious-and-recent, Newest for fresh and unscored.

**Reading a detail page** — the AI summaries are the first thing under the metadata cards. The raw NVD/CISA description sits below, labeled as the source's verbatim text. References, vendor fix links, and (for KEV pages) related CVEs from the same vendor remain on the page.

Scope reminder

These pages remain an *awareness* surface, not a scan of your servers. The CVE detail and search pages help you understand what's been disclosed and whether it plausibly affects you. To verify your own public posture after patching or configuration changes, use the homepage scanner and review the methodology page for scope and weights.