When you navigate to any website, CVE Lookup extracts the vendor name from the domain and queries two sources in parallel:
CISA KEV (Known Exploited Vulnerabilities): a local copy of CISA's catalogue, refreshed every 24 hours, flagging CVEs that are actively exploited in the wild.
NVD (National Vulnerability Database): live queries to the NVD 2.0 API for CVEs published in the last 3 months matching the vendor.
