CNA no CVE

As a CVE Numbering Authority (CNA) we have to respect the CNA Rules which are defined by MITRE. These define what a vulnerability is and what requirements are neccessary to assign a CVE. Some submissions might not be eligeble to receive a CVE or their reserved CVE might be revokes for various reasons (e.g. false-positive).

Vendor

Not Defined4360
Microsoft760
IBM172
Google116
Apple101

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

FFmpeg450
Microsoft Windows435
Microsoft Internet Explorer111
cPanel70
ImageMagick49

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official fix2830
Temporary fix7
Workaround1212
Not available366
Not defined4160

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

Attacked4
Highly functional131
Functional56
Proof-of-Concept3158
Unproven161
Not defined5065

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical3
Local2511
Adjacent185
Network5876

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High12
Low5657
None2906

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required1729
None6846

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤21
≤317
≤42028
≤5721
≤62632
≤71728
≤81081
≤9109
≤10258

Our moderation team is always defining realistic the base vector and base score for an entry. These and all other available scores are used to generate the aggregated meta score.

Exploit 0-day

<1k364
<2k2264
<5k3499
<10k498
<25k873
<50k704
<100k307
≥100k66

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilitySubmissionCreatedUpdatedSubmitCNAGCVE
337856Backdoor.Win32.ControlTotal.t credentials storage12/21/202512/23/202512/23/2025721014rejectedGCVE-100-337856
337855HEUR.Backdoor.Win32.Poison.gen WININET.dll uncontrolled search path12/21/202512/23/202512/23/2025721012rejectedGCVE-100-337855
336710MuYuCMS Template Management Template.php delete_dir_file path traversal11/27/202512/16/202512/16/2025702489
in progress
GCVE-100-336710
325686Amazon AWS Bedrock Model access control09/24/202509/24/2025
 
 
GCVE-100-325686
323640Amazon AWS CloudShell privileges management09/11/202509/11/2025
 
 
GCVE-100-323640
323639Amazon AWS Bucket Monopoly code injection09/11/202509/11/2025
 
 
GCVE-100-323639
310277GuardDuty S3 Bucket Policy GetBucketPolicyStatus permission05/26/202505/26/2025
 
 
GCVE-100-310277
309017Microsoft Windows xrm-ms File xml injection05/01/202505/15/202505/15/2025568300
in progress
GCVE-100-309017
303155Google Cloud Platform Cloud Run Service permission04/03/202504/03/2025
 
 
GCVE-100-303155
303148Vertex AI LLM access control04/03/202504/03/2025
 
 
GCVE-100-303148
302089Amazon AWS CloudTrail VPC Endpoint information disclosure03/31/202503/31/2025
 
in progress
GCVE-100-302089
300725Amazon CloudTrail S3 S3 API information exposure03/24/202503/24/2025
 
 
GCVE-100-300725
300724Microsoft Defender for Cloud Configuration Template improper authorization03/24/202503/24/2025
 
 
GCVE-100-300724
300707Microsoft Azure iPaaS Services access control03/23/202503/23/2025
 
 
GCVE-100-300707
300706Microsoft Azure Key Vault permission03/23/202503/23/2025
 
 
GCVE-100-300706
290271Microsoft Azure Data Factory Apache Airflow access control01/06/202501/06/2025
 
 
GCVE-100-290271
289150ISC BIND QPzone NSEC3 assertion12/21/202412/21/2024
 
in progress
GCVE-100-289150
285146Google Cloud Vertex AI Workbench server-side request forgery11/19/202411/19/2024
 
 
GCVE-100-285146
284946Google Cloud IAP information disclosure11/18/202402/26/2025
 
 
GCVE-100-284946
284580Microsoft Azure Machine Learning Cloud Audit Log server-side request forgery11/14/202411/14/2024
 
 
GCVE-100-284580
282059Amazon AWS Cloud Development Kit S3 Bucket Name Format random values10/28/202410/28/2024
 
in progress
GCVE-100-282059
282023Google Kubernetes Engine API Server improper authentication10/28/202410/28/2024
 
 
GCVE-100-282023
281988Microsoft Azure Machine Learning Service server-side request forgery10/27/202410/27/2024
 
 
GCVE-100-281988
279050Backdoor.Win32.Benju.a missing authentication10/01/202410/02/202410/02/2024416704rejectedGCVE-100-279050
278834Backdoor.Win32.Prorat.jz FTP Service stack-based overflow09/27/202409/28/202409/28/2024415150rejectedGCVE-100-278834
278833Backdoor.Win32.Amatu.a Service Port 2121 mine.exe backdoor09/27/202409/28/202409/28/2024415149rejectedGCVE-100-278833
278832Backdoor.Win32.Agent.pw Service Port 21111 stack-based overflow09/27/202409/28/202409/28/2024415145rejectedGCVE-100-278832
278831Backdoor.Win32.Boiling Service Port 4369 backdoor09/27/202409/28/202409/28/2024415144rejectedGCVE-100-278831
278462Google Document AI permission09/25/202409/25/2024
 
rejectedGCVE-100-278462
278461Microsoft Copilot Studio Cloud Console Private API Service insufficient logging09/25/202409/25/2024
 
rejectedGCVE-100-278461
278460Google Bazel config09/25/202409/25/2024
 
rejectedGCVE-100-278460
278391Google Cloud Storage XML API Audit Log insufficient logging09/24/202409/25/2024
 
rejectedGCVE-100-278391
278263Google Cloud Composer GCP Service injection09/22/202409/25/2024
 
rejectedGCVE-100-278263
278247Backdoor.Win32.BlackAngel.13 Service Port 1850 backdoor09/18/202409/21/202409/21/2024409906rejectedGCVE-100-278247
278246Backdoor.Win32.CCInvader.10 FTP Server improper authentication09/18/202409/21/202409/21/2024409905rejectedGCVE-100-278246
278245Backdoor.Win32.Delf.yj Service Port 8080 information disclosure09/18/202409/21/202409/21/2024409904rejectedGCVE-100-278245
276772Backdoor.Win32.Symmi.qua ksomnbi.dll stack-based overflow09/04/202409/06/202409/06/2024402091rejectedGCVE-100-276772
276771HackTool.Win32.Freezer.br credentials storage09/04/202409/06/202409/06/2024402090rejectedGCVE-100-276771
276770Backdoor.Win32.Optix.02.b TCP Port 5151 hard-coded credentials09/04/202409/06/202409/06/2024402082rejectedGCVE-100-276770
276769Backdoor.Win32.JustJoke.21 TCP Port 28072 improper authentication09/04/202409/06/202409/06/2024402081rejectedGCVE-100-276769
276768Backdoor.Win32.PoisonIvy.ymw PoisonIvy PE File Generator PILib.dll cleartext storage09/04/202409/06/202409/06/2024402080rejectedGCVE-100-276768
274118Backdoor.Win32.Nightmare.25 Service Port 666 improper authentication08/10/202408/10/202408/10/2024388719rejectedGCVE-100-274118
273539FFmpeg jpegxl_anim_dec.c jpegxl_collect_codestream_header use after free07/17/202408/03/202403/16/2025376451rejectedGCVE-100-273539
273538FFmpeg get_bits.h get_bits_long stack-based overflow07/17/202408/03/202403/16/2025376450rejectedGCVE-100-273538
273288Google Cloud Shell ssh.cloud.google.com redirect07/31/202403/16/2025
 
 
GCVE-100-273288
272289Amazon AWS ElasticSearch Index Name information disclosure07/23/202407/23/2024
 
 
GCVE-100-272289
272288Amazon AWS CodeBuild Token information disclosure07/23/202407/23/2024
 
 
GCVE-100-272288
272287Amazon AWS AppFlow WooCommerce Connector server-side request forgery07/23/202407/23/2024
 
 
GCVE-100-272287
272286Amazon AWS AppFlow information disclosure07/23/202407/23/2024
 
 
GCVE-100-272286
272285Amazon AWS IAM access control07/23/202407/23/2024
 
 
GCVE-100-272285

8525 More entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 8,525 results.

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!