For which vulnerabilities can you submit a CVD notification to us?
You can report vulnerabilities to us that pose a risk to the security of a system we maintain or have created. An example of such a vulnerability is the ability to bypass a login form or gain unintended access to a database containing sensitive data.
Not every deviation in a system is a vulnerability. Generally, the following deviations do not lead to an unsafe situation. Therefore, we kindly request that you do not submit a CVD notification to us for the following deviations:
- A deviation that has no impact on the availability, integrity, or confidentiality of information.
- The availability of WordPress xmlrpc.php functionality when its abuse is limited to a so-called ping-back denial-of-service.
If you are unsure whether the deviation you have found falls under any of the above exceptions, you are welcome to report it to us. We will then determine whether it is a vulnerability and take appropriate follow-up actions.