CVE change feed — the CVE records MODIFIED within a time window, so an agent can incrementally maintain a vulnerability view instead of re-scanning. Pass since (YYYY-MM-DD or ISO datetime); until defaults to now (window must be ≤ 120 days, the NVD limit). Optionally narrow by keyword (product/text) or cpe (exact CPE). Returns each changed CVE with its id, published + lastModified timestamps, current vulnStatus (e.g. Modified, Analyzed, Rejected), best-available CVSS score/severity, description, and kevListed — whether it is now on the CISA Known-Exploited Vulnerabilities catalog (the high-signal flag for a poller). Newest modification first. Sourced live from NVD (NIST) + CISA KEV, free/keyless. Pair with security.cve for full per-CVE detail.