Overview
This website is designed as a CVE monitoring and triage interface. It shows vulnerability information from external sources and may also display internal manual notes that are maintained from the server backend.
The browser interface is read-only for manual notes. Visitors cannot create, edit or delete notes from the website.
Local data
The application stores manual notes in the local database. These notes are intended for internal operational context, such as affected systems, patch status, internal priority and recommended actions.
Manual notes can only be added through backend access, for example by using the SSH/CLI script on the server. They are shown read-only in the browser.
External vulnerability API requests
When the CVE console is used, selected filters may be sent to external vulnerability sources. This can include search terms, selected Linux distributions, selected services, severity filters and CVE identifiers.
The website may use data from sources such as NVD, OSV.dev, FIRST EPSS and CISA KEV. These services are used to retrieve vulnerability descriptions, CVSS scores, exploit probability, known exploited status and related metadata.
Avoid entering private customer data, credentials, confidential infrastructure names or incident details into public CVE search fields.
Google AdSense and advertising cookies
This website may display advertisements through Google AdSense or a similar advertising network.
Advertising partners may use cookies, device identifiers or similar technologies to show ads, measure ad performance, prevent fraud and limit repeated ad display.
If personalized advertising is enabled, Google and its partners may use information from this website and other websites to provide more relevant ads. Visitors should be able to manage their consent choices where required by law.
Before enabling advertising scripts in production, configure a cookie banner or consent management platform for visitors in regions where consent is required.
Production placeholders: add your Google AdSense publisher ID, ad provider name, consent platform and advertising settings link here.
Analytics and traffic measurement
This website may use analytics tools, such as Google Analytics, Plausible, Matomo or a similar provider, to understand how visitors use the site.
Analytics data can include page views, referrers, device type, browser type, approximate location, session information and interaction events.
Analytics should be configured with privacy-friendly settings where possible. Recommended settings include IP anonymization, limited retention, no unnecessary tracking events and no collection of sensitive CVE search context unless it is explicitly needed for operational reporting.
Production placeholders: add your analytics provider, measurement ID, retention period and opt-out or cookie preference link here.
Server logs
Your web server, reverse proxy or hosting provider may store technical logs. These logs can include IP address, request path, browser type, timestamp, response status and error details.
Use server logs only for security, debugging, abuse prevention and availability monitoring. Define a retention period that matches your production policy.
Cookies and consent
Essential cookies may be used for basic site functionality. Non-essential cookies, such as advertising or analytics cookies, should only be loaded after the required consent has been collected.
If you enable AdSense, Google Analytics or another third-party provider, update this page with the exact providers, cookie purposes, retention periods and opt-out options.
Production checklist
- Update the security contact and SITE_URL before going live.
- Run the website behind HTTPS.
- Protect SSH access and rotate API keys when needed.
- Add a cookie and consent banner before enabling AdSense or non-essential analytics.
- Document your server log retention period.
- Do not store sensitive incident details in public search fields.
Contact
For privacy, security or vulnerability reporting questions, use the contact details security@publicdns.nl