diff --git a/docs/index.html b/docs/index.html
index 110adcd..b5c742e 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -99,53 +99,42 @@
       </div>
     </div>
 
-    <p style="color: var(--text-muted); font-size:0.92rem; margin:0.5rem 0 1rem;">
-      Sortable by clicking column headers. 🟢 = lands root by
-      default · 🟡 = primitive + opt-in <code>--full-chain</code>.
-    </p>
+    <h3 style="color: var(--green);">🟢 Lands root on a vulnerable host</h3>
+    <p style="color: var(--text-muted); font-size:0.92rem; margin:0.25rem 0 0.25rem;">Structural exploits + page-cache writes. No per-kernel offsets needed.</p>
+    <div class="pills">
+      <span class="pill green">copy_fail</span>
+      <span class="pill green">copy_fail_gcm</span>
+      <span class="pill green">dirty_frag_esp</span>
+      <span class="pill green">dirty_frag_esp6</span>
+      <span class="pill green">dirty_frag_rxrpc</span>
+      <span class="pill green">dirty_pipe</span>
+      <span class="pill green">dirty_cow</span>
+      <span class="pill green">pwnkit</span>
+      <span class="pill green">overlayfs</span>
+      <span class="pill green">overlayfs_setuid</span>
+      <span class="pill green">cgroup_release_agent</span>
+      <span class="pill green">ptrace_traceme</span>
+      <span class="pill green">sudoedit_editor</span>
+      <span class="pill green">entrybleed</span>
+    </div>
 
-    <div class="table-wrap">
-      <table class="cve-table" id="cve-table">
-        <thead>
-          <tr>
-            <th data-key="year"  class="sortable" data-dir="desc">Year</th>
-            <th data-key="cve"   class="sortable">CVE</th>
-            <th data-key="bug">Bug</th>
-            <th data-key="module" class="sortable">Module</th>
-            <th data-key="tier"   class="sortable">Tier</th>
-          </tr>
-        </thead>
-        <tbody>
-          <tr><td>2024</td><td>CVE-2024-1086</td><td>nf_tables <code>nft_verdict_init</code> cross-cache UAF</td><td><code>nf_tables</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2023</td><td>CVE-2023-32233</td><td>nf_tables anonymous-set UAF</td><td><code>nft_set_uaf</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2023</td><td>CVE-2023-22809</td><td>sudoedit <code>EDITOR</code>/<code>VISUAL</code> <code>--</code> argv escape</td><td><code>sudoedit_editor</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2023</td><td>CVE-2023-4622</td><td>AF_UNIX garbage-collector race UAF</td><td><code>af_unix_gc</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2023</td><td>CVE-2023-3269</td><td>StackRot — maple-tree VMA-split UAF</td><td><code>stackrot</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2023</td><td>CVE-2023-2008</td><td>vmwgfx DRM buffer-object OOB write</td><td><code>vmwgfx</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2023</td><td>CVE-2023-0386</td><td>overlayfs <code>copy_up</code> preserves setuid bit</td><td><code>overlayfs_setuid</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2023</td><td>CVE-2023-0458</td><td>EntryBleed — KPTI prefetchnta KASLR bypass</td><td><code>entrybleed</code></td><td><span class="tier green">🟢 leak</span></td></tr>
-          <tr><td>2023</td><td>CVE-2023-0179</td><td>nft_payload set-id memory corruption</td><td><code>nft_payload</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2022</td><td>CVE-2022-25636</td><td>nft_fwd_dup_netdev_offload heap OOB</td><td><code>nft_fwd_dup</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2022</td><td>CVE-2022-2588</td><td>net/sched cls_route4 dangling-filter UAF</td><td><code>cls_route4</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2022</td><td>CVE-2022-0492</td><td>cgroup v1 <code>release_agent</code> ns mismatch</td><td><code>cgroup_release_agent</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2022</td><td>CVE-2022-0847</td><td>Dirty Pipe — page-cache write via splice</td><td><code>dirty_pipe</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2022</td><td>CVE-2022-0185</td><td>fsconfig <code>legacy_parse_param</code> 4k heap OOB</td><td><code>fuse_legacy</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2021</td><td>CVE-2021-33909</td><td>Sequoia — <code>seq_file</code> size_t→int wrap</td><td><code>sequoia</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2021</td><td>CVE-2021-3156</td><td>sudo Baron Samedit heap overflow</td><td><code>sudo_samedit</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2021</td><td>CVE-2021-3493</td><td>Ubuntu overlayfs userns file-cap injection</td><td><code>overlayfs</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2021</td><td>CVE-2021-22555</td><td>iptables xt_compat 4-byte heap OOB</td><td><code>netfilter_xtcompat</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2021</td><td>CVE-2021-4034</td><td>Pwnkit — pkexec NULL argv env-injection</td><td><code>pwnkit</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2020</td><td>CVE-2020-14386</td><td>AF_PACKET <code>tp_reserve</code> integer underflow</td><td><code>af_packet2</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2019</td><td>CVE-2019-13272</td><td>PTRACE_TRACEME → setuid execve race</td><td><code>ptrace_traceme</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2017</td><td>CVE-2017-7308</td><td>AF_PACKET TPACKET_V3 integer overflow</td><td><code>af_packet</code></td><td><span class="tier yellow">🟡 primitive</span></td></tr>
-          <tr><td>2016</td><td>CVE-2016-5195</td><td>Dirty COW — COW race via <code>/proc/self/mem</code></td><td><code>dirty_cow</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2026</td><td>CVE-2026-31431</td><td>Copy Fail — algif_aead authencesn page-cache write</td><td><code>copy_fail</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2026</td><td>CVE-2026-43284</td><td>Dirty Frag — IPv4 xfrm-ESP page-cache write</td><td><code>dirty_frag_esp</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2026</td><td>CVE-2026-43284</td><td>Dirty Frag — IPv6 xfrm-ESP (esp6)</td><td><code>dirty_frag_esp6</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2026</td><td>CVE-2026-43500</td><td>Dirty Frag — RxRPC handshake forgery</td><td><code>dirty_frag_rxrpc</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-          <tr><td>2026</td><td>variant</td><td>Copy Fail GCM — rfc4106(gcm(aes)) sibling</td><td><code>copy_fail_gcm</code></td><td><span class="tier green">🟢 full chain</span></td></tr>
-        </tbody>
-      </table>
+    <h3 style="color: var(--yellow);">🟡 Fires kernel primitive · opt-in <code>--full-chain</code></h3>
+    <p style="color: var(--text-muted); font-size:0.92rem; margin:0.25rem 0 0.25rem;">Default returns <code>EXPLOIT_FAIL</code> honestly. With <code>--full-chain</code> + resolved offsets, runs the shared modprobe_path finisher.</p>
+    <div class="pills">
+      <span class="pill yellow">nf_tables</span>
+      <span class="pill yellow">nft_set_uaf</span>
+      <span class="pill yellow">nft_fwd_dup</span>
+      <span class="pill yellow">nft_payload</span>
+      <span class="pill yellow">netfilter_xtcompat</span>
+      <span class="pill yellow">af_packet</span>
+      <span class="pill yellow">af_packet2</span>
+      <span class="pill yellow">af_unix_gc</span>
+      <span class="pill yellow">cls_route4</span>
+      <span class="pill yellow">fuse_legacy</span>
+      <span class="pill yellow">stackrot</span>
+      <span class="pill yellow">sudo_samedit</span>
+      <span class="pill yellow">sequoia</span>
+      <span class="pill yellow">vmwgfx</span>
     </div>
   </div>
 </section>
@@ -292,36 +281,6 @@ function copyInstall(btn) {
   });
 }
 
-/* CVE table sort */
-(function() {
-  var table = document.getElementById('cve-table');
-  if (!table) return;
-  var headers = table.querySelectorAll('th.sortable');
-  headers.forEach(function(th, idx) {
-    th.style.cursor = 'pointer';
-    th.addEventListener('click', function() {
-      var tbody = table.querySelector('tbody');
-      var rows = Array.prototype.slice.call(tbody.querySelectorAll('tr'));
-      var dir = th.getAttribute('data-dir') === 'asc' ? 'desc' : 'asc';
-      headers.forEach(function(h) { h.removeAttribute('data-dir'); });
-      th.setAttribute('data-dir', dir);
-      rows.sort(function(a, b) {
-        var av = a.children[idx].innerText.trim();
-        var bv = b.children[idx].innerText.trim();
-        var na = parseFloat(av), nb = parseFloat(bv);
-        if (!isNaN(na) && !isNaN(nb)) { av = na; bv = nb; }
-        if (av < bv) return dir === 'asc' ? -1 : 1;
-        if (av > bv) return dir === 'asc' ?  1 : -1;
-        return 0;
-      });
-      rows.forEach(function(r) { tbody.appendChild(r); });
-    });
-  });
-  /* default sort: Year desc */
-  var first = table.querySelector('th[data-key="year"]');
-  if (first) first.click(); /* asc */
-  if (first) first.click(); /* desc */
-})();
 </script>
 
 </body>
diff --git a/docs/style.css b/docs/style.css
index b8bb499..8c07be6 100644
--- a/docs/style.css
+++ b/docs/style.css
@@ -253,66 +253,6 @@ section h3 {
 .pill.green { border-color: rgba(63, 185, 80, 0.4); color: var(--green); }
 .pill.yellow { border-color: rgba(210, 153, 34, 0.4); color: var(--yellow); }
 
-/* CVE table */
-.table-wrap {
-  overflow-x: auto;
-  border: 1px solid var(--border);
-  border-radius: 6px;
-  background: var(--bg-elevated);
-}
-table.cve-table {
-  width: 100%;
-  border-collapse: collapse;
-  font-size: 0.9rem;
-}
-table.cve-table th,
-table.cve-table td {
-  text-align: left;
-  padding: 0.55rem 0.85rem;
-  border-bottom: 1px solid var(--border);
-  vertical-align: top;
-  white-space: nowrap;
-}
-table.cve-table th {
-  background: rgba(255, 255, 255, 0.02);
-  color: var(--text-muted);
-  font-weight: 600;
-  font-size: 0.82rem;
-  text-transform: uppercase;
-  letter-spacing: 0.05em;
-}
-table.cve-table th.sortable { cursor: pointer; user-select: none; }
-table.cve-table th.sortable:hover { color: var(--text); }
-table.cve-table th[data-dir="asc"]::after  { content: " ▲"; opacity: 0.7; }
-table.cve-table th[data-dir="desc"]::after { content: " ▼"; opacity: 0.7; }
-table.cve-table td:nth-child(3) { white-space: normal; min-width: 280px; }
-table.cve-table tr:last-child td { border-bottom: none; }
-table.cve-table tr:hover td { background: rgba(255, 255, 255, 0.025); }
-table.cve-table code {
-  background: rgba(255, 255, 255, 0.04);
-  border: 1px solid var(--border);
-  padding: 0.05rem 0.3rem;
-  border-radius: 3px;
-  font-size: 0.86em;
-}
-
-.tier {
-  display: inline-block;
-  font-family: var(--mono);
-  font-size: 0.78rem;
-  padding: 0.15rem 0.5rem;
-  border-radius: 4px;
-  border: 1px solid var(--border);
-}
-.tier.green  { color: var(--green);  border-color: rgba(63, 185, 80, 0.4); }
-.tier.yellow { color: var(--yellow); border-color: rgba(210, 153, 34, 0.4); }
-
-@media (max-width: 600px) {
-  table.cve-table { font-size: 0.82rem; }
-  table.cve-table th,
-  table.cve-table td { padding: 0.45rem 0.6rem; }
-}
-
 /* Code block */
 pre.code {
   background: var(--bg-elevated);

Year	CVE	Bug	Module	Tier
2024	CVE-2024-1086	nf_tables `nft_verdict_init` cross-cache UAF	`nf_tables`	🟡 primitive
2023	CVE-2023-32233	nf_tables anonymous-set UAF	`nft_set_uaf`	🟡 primitive
2023	CVE-2023-22809	sudoedit `EDITOR`/`VISUAL` `--` argv escape	`sudoedit_editor`	🟢 full chain
2023	CVE-2023-4622	AF_UNIX garbage-collector race UAF	`af_unix_gc`	🟡 primitive
2023	CVE-2023-3269	StackRot — maple-tree VMA-split UAF	`stackrot`	🟡 primitive
2023	CVE-2023-2008	vmwgfx DRM buffer-object OOB write	`vmwgfx`	🟡 primitive
2023	CVE-2023-0386	overlayfs `copy_up` preserves setuid bit	`overlayfs_setuid`	🟢 full chain
2023	CVE-2023-0458	EntryBleed — KPTI prefetchnta KASLR bypass	`entrybleed`	🟢 leak
2023	CVE-2023-0179	nft_payload set-id memory corruption	`nft_payload`	🟡 primitive
2022	CVE-2022-25636	nft_fwd_dup_netdev_offload heap OOB	`nft_fwd_dup`	🟡 primitive
2022	CVE-2022-2588	net/sched cls_route4 dangling-filter UAF	`cls_route4`	🟡 primitive
2022	CVE-2022-0492	cgroup v1 `release_agent` ns mismatch	`cgroup_release_agent`	🟢 full chain
2022	CVE-2022-0847	Dirty Pipe — page-cache write via splice	`dirty_pipe`	🟢 full chain
2022	CVE-2022-0185	fsconfig `legacy_parse_param` 4k heap OOB	`fuse_legacy`	🟡 primitive
2021	CVE-2021-33909	Sequoia — `seq_file` size_t→int wrap	`sequoia`	🟡 primitive
2021	CVE-2021-3156	sudo Baron Samedit heap overflow	`sudo_samedit`	🟡 primitive
2021	CVE-2021-3493	Ubuntu overlayfs userns file-cap injection	`overlayfs`	🟢 full chain
2021	CVE-2021-22555	iptables xt_compat 4-byte heap OOB	`netfilter_xtcompat`	🟡 primitive
2021	CVE-2021-4034	Pwnkit — pkexec NULL argv env-injection	`pwnkit`	🟢 full chain
2020	CVE-2020-14386	AF_PACKET `tp_reserve` integer underflow	`af_packet2`	🟡 primitive
2019	CVE-2019-13272	PTRACE_TRACEME → setuid execve race	`ptrace_traceme`	🟢 full chain
2017	CVE-2017-7308	AF_PACKET TPACKET_V3 integer overflow	`af_packet`	🟡 primitive
2016	CVE-2016-5195	Dirty COW — COW race via `/proc/self/mem`	`dirty_cow`	🟢 full chain
2026	CVE-2026-31431	Copy Fail — algif_aead authencesn page-cache write	`copy_fail`	🟢 full chain
2026	CVE-2026-43284	Dirty Frag — IPv4 xfrm-ESP page-cache write	`dirty_frag_esp`	🟢 full chain
2026	CVE-2026-43284	Dirty Frag — IPv6 xfrm-ESP (esp6)	`dirty_frag_esp6`	🟢 full chain
2026	CVE-2026-43500	Dirty Frag — RxRPC handshake forgery	`dirty_frag_rxrpc`	🟢 full chain
2026	variant	Copy Fail GCM — rfc4106(gcm(aes)) sibling	`copy_fail_gcm`	🟢 full chain