CVE-2025-11441 (GCVE-0-2025-11441)
Vulnerability from cvelistv5
Published
2025-10-08 07:02
Modified
2025-10-08 13:47
Severity ?
2.9 (Low) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE
  • CWE-307 - Improper Restriction of Excessive Authentication Attempts
  • CWE-799 - Improper Control of Interaction Frequency
Summary
A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is described as difficult. The exploit is publicly available and might be used. The identifier of the patch is 11e99960e14ca986b1a001a56e7533223d2cfa5b. It is suggested to install a patch to address this issue.
References
cna@vuldb.comhttps://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3Exploit, Third Party Advisory
cna@vuldb.comhttps://github.com/JhumanJ/OpnForm/pull/900/commits/11e99960e14ca986b1a001a56e7533223d2cfa5bPatch
cna@vuldb.comhttps://vuldb.com/?ctiid.327378Permissions Required, VDB Entry
cna@vuldb.comhttps://vuldb.com/?id.327378Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?submit.666888Third Party Advisory, VDB Entry
134c704f-9b21-4f2e-91b3-4a467353bcc0https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3Exploit, Third Party Advisory
Impacted products
Vendor Product Version
JhumanJ OpnForm Version: 1.9.0
Version: 1.9.1
Version: 1.9.2
Version: 1.9.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11441",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-08T13:47:23.607500Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-08T13:47:26.751Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "HTTP Header Handler"
          ],
          "product": "OpnForm",
          "vendor": "JhumanJ",
          "versions": [
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.9.2"
            },
            {
              "status": "affected",
              "version": "1.9.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "balejin (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is described as difficult. The exploit is publicly available and might be used. The identifier of the patch is 11e99960e14ca986b1a001a56e7533223d2cfa5b. It is suggested to install a patch to address this issue."
        },
        {
          "lang": "de",
          "value": "In JhumanJ OpnForm up to 1.9.3 wurde eine Schwachstelle gefunden. Es geht dabei um eine nicht klar definierte Funktion der Komponente HTTP Header Handler. Mit der Manipulation des Arguments X-Forwarded-For mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Die Ausnutzung wird als schwierig beschrieben. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Der Patch wird als 11e99960e14ca986b1a001a56e7533223d2cfa5b bezeichnet. Es empfiehlt sich, einen Patch einzuspielen, um dieses Problem zu beheben."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "Improper Restriction of Excessive Authentication Attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-799",
              "description": "Improper Control of Interaction Frequency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-08T07:02:11.296Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-327378 | JhumanJ OpnForm HTTP Header excessive authentication",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.327378"
        },
        {
          "name": "VDB-327378 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.327378"
        },
        {
          "name": "Submit #666888 | GitHub OpnForm 1.9.3 Authentication Bypass by Spoofing",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.666888"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3"
        },
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/JhumanJ/OpnForm/pull/900/commits/11e99960e14ca986b1a001a56e7533223d2cfa5b"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-07T15:22:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "JhumanJ OpnForm HTTP Header excessive authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11441",
    "datePublished": "2025-10-08T07:02:11.296Z",
    "dateReserved": "2025-10-07T13:17:27.203Z",
    "dateUpdated": "2025-10-08T13:47:26.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-11441\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-10-08T07:15:33.080\",\"lastModified\":\"2025-10-09T16:16:18.053\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is described as difficult. The exploit is publicly available and might be used. The identifier of the patch is 11e99960e14ca986b1a001a56e7533223d2cfa5b. It is suggested to install a patch to address this issue.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"},{\"lang\":\"en\",\"value\":\"CWE-799\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jhumanj:opnform:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.9.3\",\"matchCriteriaId\":\"C896A041-D9C4-42F0-9477-C57E07D6EFF6\"}]}]}],\"references\":[{\"url\":\"https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/JhumanJ/OpnForm/pull/900/commits/11e99960e14ca986b1a001a56e7533223d2cfa5b\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://vuldb.com/?ctiid.327378\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.327378\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.666888\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-11441\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-08T13:47:23.607500Z\"}}}], \"references\": [{\"url\": \"https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-08T13:47:16.274Z\"}}], \"cna\": {\"title\": \"JhumanJ OpnForm HTTP Header excessive authentication\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"balejin (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 2.6, \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"JhumanJ\", \"modules\": [\"HTTP Header Handler\"], \"product\": \"OpnForm\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.9.0\"}, {\"status\": \"affected\", \"version\": \"1.9.1\"}, {\"status\": \"affected\", \"version\": \"1.9.2\"}, {\"status\": \"affected\", \"version\": \"1.9.3\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-10-07T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-10-07T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-10-07T15:22:50.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.327378\", \"name\": \"VDB-327378 | JhumanJ OpnForm HTTP Header excessive authentication\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.327378\", \"name\": \"VDB-327378 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.666888\", \"name\": \"Submit #666888 | GitHub OpnForm 1.9.3 Authentication Bypass by Spoofing\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.va2ituwwqcf3\", \"tags\": [\"exploit\"]}, {\"url\": \"https://github.com/JhumanJ/OpnForm/pull/900/commits/11e99960e14ca986b1a001a56e7533223d2cfa5b\", \"tags\": [\"issue-tracking\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is described as difficult. The exploit is publicly available and might be used. The identifier of the patch is 11e99960e14ca986b1a001a56e7533223d2cfa5b. It is suggested to install a patch to address this issue.\"}, {\"lang\": \"de\", \"value\": \"In JhumanJ OpnForm up to 1.9.3 wurde eine Schwachstelle gefunden. Es geht dabei um eine nicht klar definierte Funktion der Komponente HTTP Header Handler. Mit der Manipulation des Arguments X-Forwarded-For mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Der Angriff kann \\u00fcber das Netzwerk passieren. Das Durchf\\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\\u00e4t verbunden. Die Ausnutzung wird als schwierig beschrieben. Der Exploit ist \\u00f6ffentlich verf\\u00fcgbar und k\\u00f6nnte genutzt werden. Der Patch wird als 11e99960e14ca986b1a001a56e7533223d2cfa5b bezeichnet. Es empfiehlt sich, einen Patch einzuspielen, um dieses Problem zu beheben.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-307\", \"description\": \"Improper Restriction of Excessive Authentication Attempts\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-799\", \"description\": \"Improper Control of Interaction Frequency\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-10-08T07:02:11.296Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-11441\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-08T13:47:26.751Z\", \"dateReserved\": \"2025-10-07T13:17:27.203Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-10-08T07:02:11.296Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.