basicsecurity.net
Proof, not just disclosure.
Threats / Outcomes

What these flaws actually unlock

Exploitability evidence earns attention; an attacker’s use case earns a decision. Every known-exploited record on this site aligns to one or more of five canonical attacker-outcome narratives — the bridge between a technical detail and a resource conversation. Tag the outcome, and the “why care” writes itself. Every count below is recomputed deterministically from the same cited record corpus; no new data, no model in the loop.

1,612 of 1,631 records carry the five-narrative framing 14 carry a named, advisory-backed actor 208 reach data-at-risk or lights-out

Most consequential exploits span more than one outcome: a pre-auth RCE is the front door a named crew uses to reach the keys to the kingdom and, from there, lights-out. A record counts toward every outcome its attack path reaches. Named-adversary attribution is sparse and surfaced as a coverage finding on each page — never papered over.