Research org contributor

VulnCheck

CNA assigner on 18 (independent) · credited finder on 1 of 18 known-exploited records. Every aggregate on this page is recomputed from the records listed below — each one already cited to its public source.

No vendor advisory domain is cited for this contributor in the corpus — its credit here is as a CNA/finder. Home URL is a stated coverage gap.

Independent CNA

records cited in

deterministic count

finder / reporter credits

CVE.org credits

CVE records catalogued (CNA)

independent

66%

avg modeled exploit prob.

FIRST EPSS, 18/18

17%

ransomware-associated

3 of 18 · CISA flag

Known for

— recomputed from this contributor’s own records

SurfacesApplication / other (17), Server / web platform (1)

WeaknessAuthentication (9), Injection (3), Path traversal / file (3), Web / client (2), Cryptography (1)

PortfolioKentico (3), PTZOptics (2), SysAid (2), Langflow (2), SmarterTools (2), ProjectSend (1)

PeopleNamed individuals credited under this contributor:

Cale Black of VulnCheck

Narrative reach

— how far this contributor’s records carry an attacker, front door → lights out

1Front door

18reach this stage

→

2Keys to the kingdom

18reach this stage

→

3Lateral reach

17reach this stage

→

4Data at risk

6reach this stage

→

5Lights out

0reach this stage

Furthest any of these records carries an attacker: 4 · Data at risk. 6 of 18 narrative-framed records reach data-at-risk or lights-out. (furthest-position idiom, reused from the landing map; the stage mapping is a model output over cited evidence.)

Recent highlights

— this contributor’s newest known-exploited records

CVE-2026-45247Mirasvit2%KEV CVE-2025-34291Langflow25%KEV CVE-2026-41940WebPros91%RWKEV CVE-2025-2749Kentico4%KEV CVE-2025-15556Notepad++1%KEV CVE-2026-24423SmarterTools88%RWKEV

Every record they’re cited in

— all 18, each linked to its cited source

This is the evidence behind every number above. Sorted ransomware-first, then by modeled exploit probability.

CVE-2026-23760SmarterTools96%RWKEV CVE-2026-41940WebPros91%RWKEV CVE-2026-24423SmarterTools88%RWKEV CVE-2025-3248Langflow100%KEV CVE-2024-23692Rejetto99%KEV CVE-2025-34028Commvault97%KEV CVE-2024-11680ProjectSend92%KEV CVE-2025-2747Kentico91%KEV CVE-2025-34026Versa83%KEV CVE-2024-8957PTZOptics82%KEV CVE-2025-2776SysAid73%KEV CVE-2025-2746Kentico58%KEV CVE-2024-8956PTZOptics57%KEV CVE-2025-2775SysAid55%KEV CVE-2025-34291Langflow25%KEV CVE-2025-2749Kentico4%KEV CVE-2026-45247Mirasvit2%KEV CVE-2025-15556Notepad++1%KEV

Coverage & confidence

— what this profile claims, and what it does not

Established (cited)

Cited in 18 known-exploited records — the list below; every one links to its public source.

Catalogued 18 CVE record(s) as the CNA assigner (from CVE.org).

Credited as the finder/reporter on 1 record(s) (CVE.org credits).

Coverage gaps — stated, not hidden

This profile is an aggregation: it asserts only what the listed records already cite — no new external claim about the contributor is made.

The TYPE badge and the narrative-stage mapping are editorial (our call), labeled as such, not a sourced fact.

No vendor advisory home domain is cited for this contributor in the corpus.