Vulnerability Records
NVD-style CVE data and site seed records
Used for CVE IDs, summaries, severity, vendor/product context, references, and update dates where present.
Sources And Freshness
Read freshness as source context, not as proof of safety.
A record can be newly retrieved, old at the source, newly added to KEV, saved locally, or included in a fresh site build. Those states mean different things.
Configured Sources
What the public Intelligence views are built from
Coverage depends on the sources currently available to the site API, static seed data, and generated public indexes. Always open source links for decisions.
Known Exploited
CISA KEV indicators
Used to highlight known-exploited vulnerability pressure. KEV does not prove a local asset is exposed or affected.
Advisories And Alerts
Vendor, government, patch, and security-alert sources
Used for source guidance, product scope, fixed-version notes, and caveats when available.
Threat Context
Campaign, ransomware, actor, and exploit-chain references
Used for factual situational awareness. The site should avoid speculative attribution and local compromise claims.
Local Browser Data
Saved Intelligence, comparisons, notes, and practice progress
Stored in your browser when features use local state. It is not synchronized with upstream sources or ticketing systems.
Generated Site Files
Search indexes, sitemap, feed, metadata, minified assets, and dist output
Generated during production builds. Build time shows when the public site files were produced, not when each source changed.
Timestamp Meanings
Do not mix these freshness labels
Published
Source record agewhen the CVE, advisory, or alert was originally publishedUpdated
Source revisionwhen the upstream source last changed that recordKEV-added
Exploitation catalogwhen CISA KEV added the vulnerability, where availableRetrieved
Site source pullwhen the site API or build last successfully saw the source dataSaved
Browser statewhen you saved, compared, or edited a local itemBuilt
Public outputwhen the static public files in dist were generatedDecision Caveats
What freshness should and should not change
Fresh Intelligence can guide review order
Use fresh CVE, KEV, advisory, and patch views to choose what to inspect next. Still confirm asset presence, affected version, exposure, owner, and fix path.
Stale or degraded sources should slow conclusions
If source status is stale, degraded, unavailable, or unknown, avoid treating empty lists, low counts, or missing flags as low risk.
New site build does not mean new upstream data
A static page can be freshly generated while a CVE or advisory record still has old source timestamps.
Local saved work is not evidence of remediation
Saved notes, copied drafts, and exported reports are useful work aids, but closure requires external evidence from owners, scanners, tickets, or source systems.
KEV is strong signal, not local proof
Known exploitation should increase urgency, but you still need local affected-version and exposure evidence before making environment claims.
Vendor coverage may be incomplete
Vendor/product pages depend on available source data and naming. Missing product entries do not prove no advisory exists.
Best next move: before tickets or reports, open the original source, compare published and updated dates, confirm local evidence, and state the confidence level clearly.