Skip to content

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Company

About us
Blog
Learn
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Home
CNAs
Sba Research

sba-research CNA: CVE Report Card & Published CVEs

Grade A

Active

sba-research

CVE Numbering Authority

7

CVEs published

Total assigned

1

Years active

2024–2025

6.7

Avg CVSS

Across scored CVEs

7

Recent CVEs

Last 2 years

Overview

sba-research is a CVE Numbering Authority that has published 7 CVE records since 2024. It is currently classified as active, with 7 CVEs published in the last two years. Its CVE data quality is graded A (100% overall completeness).

Among the 370 CNAs tracked here, sba-research ranks #334 by CVE volume and reports more complete records than 60% of all CNAs.

Data quality report card

How complete and consistent sba-research's CVE records are, scored across vendor, product, CVSS, and CWE coverage.

A CVE record only requires a description to be published. “Completeness” measures how often sba-research also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.

Report card grade

A

100%

Overall score

Overall completeness100%

Vendor completeness100%

Product completeness100%

CVSS completeness100%

CWE completeness100%

100%

Update rate

Records revised after publishing

5

Vendor diversity

Distinct vendors covered

213 chars

Avg description length

Per CVE record

2024-06-06

First CVE date

Earliest assignment

2025-06-25

Latest CVE date

Most recent assignment

6.7

Average CVSS

Across scored CVEs

What these scores mean

Vendor completeness: The share of this CNA's CVEs that name an affected vendor.
Product completeness: The share that name a specific affected product.
CVSS completeness: The share that include a CVSS severity score.
CWE completeness: The share mapped to a CWE weakness type.
Update rate: How often this CNA revises CVE records after first publishing them.
Vendor diversity: How many distinct vendors this CNA publishes CVEs for.

Severity and exploitation

How the CVSS severity of sba-research's published CVEs breaks down, and how many are known to be exploited in the wild.

Critical0

High5

Medium3

Low1

In CISA’s Known Exploited Vulnerabilities catalog

0

None of sba-research's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Common weakness types

The CWE weakness categories sba-research most often assigns to its CVEs. Follow any weakness to its full explanation.

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2 CVEs
CWE-266Incorrect Privilege Assignment1 CVE
CWE-284Improper Access Control1 CVE
CWE-303Incorrect Implementation of Authentication Algorithm1 CVE
CWE-20Improper Input Validation1 CVE
CWE-352Cross-Site Request Forgery (CSRF)1 CVE
CWE-499Serializable Class Containing Sensitive Data1 CVE
CWE-328Use of Weak Hash1 CVE

Publishing activity by year

How many CVEs sba-research has published each year.

2024

3

2025

4

2026

2

Top vendors

The vendors sba-research publishes the most CVEs for.

composer4 CVEs
Born052 CVEs
iterate-ch2 CVEs
iterate GmbH2 CVEs
laravel2 CVEs
Laravel Holdings Inc.2 CVEs
danny-avila1 CVEs
Suprema1 CVEs

Top products

The products sba-research publishes the most CVEs for.

two-factor authentication2 CVEs
born05/craft-twofactorauthentication2 CVEs
framework2 CVEs
Laravel Framework2 CVEs
laravel/framework2 CVEs
Mountain Duck2 CVEs
CraftCMS Plugin - Two-Factor Authentication2 CVEs
craft-twofactorauthentication2 CVEs

Latest CVEs

The most recent CVEs assigned by sba-research.

CVE-2025-41258CWE-284
LibreChat RAG API Authentication Bypass
High · CVSS 8.0
EPSS 0.1%2026-03-18
CVE-2025-41257CWE-20
Suprema BioStar 2 Insecure Password Change
Medium · CVSS 4.8
EPSS 0.0%2026-03-04
CVE-2025-41255CWE-266
Cyberduck and Mountain Duck - Improper Certificate Store Handling
High · CVSS 8.0
EPSS 0.1%2025-06-25
CVE-2025-41256CWE-328
Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint
High · CVSS 7.4
EPSS 0.1%2025-06-25
CVE-2024-13919CWE-79
Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page
High · CVSS 8.0
EPSS 0.3%2025-03-10
CVE-2024-13918CWE-79
Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page
High · CVSS 8.0
EPSS 1.1%2025-03-10
CVE-2024-5676CWE-352
Medium · CVSS 6.8
EPSS 0.2%2024-06-19
CVE-2024-5658CWE-303
CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use
Medium · CVSS 4.8
EPSS 0.2%2024-06-06
CVE-2024-5657CWE-499
CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure
Low · CVSS 3.7
EPSS 0.2%2024-06-06

Track new sba-research CVEs as they are published and get AI-written analysis and remediation guidance.

Monitor sba-research CVEs

Other CNAs

Compare data quality across other CVE Numbering Authorities.

mitreGrade F · 112,208 CVEs PatchstackGrade A · 14,729 CVEs VulDBGrade A · 12,140 CVEs microsoftGrade F · 11,701 CVEs redhatGrade F · 10,745 CVEs GitHub_MGrade A · 10,605 CVEs LinuxGrade F · 10,294 CVEs WordfenceGrade A · 8,652 CVEs

Browse all CNAs

Frequently asked questions

Common questions about the sba-research CNA.

What is the sba-research CNA?

sba-research is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 7 CVE records since 2024.

How many CVEs has sba-research published?

sba-research has published 7 CVE records, including 7 in the last two years.

What is sba-research's CVE data quality grade?

RadicalNotion.AI grades sba-research's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.

What products does sba-research publish CVEs for?

sba-research most frequently publishes CVEs for two-factor authentication, born05/craft-twofactorauthentication, framework, Laravel Framework, laravel/framework.

Which vendors does sba-research cover?

sba-research publishes CVEs across 5 distinct vendors, most often composer, Born05, iterate-ch, iterate GmbH, laravel.

Is sba-research actively publishing CVEs?

sba-research is currently active, based on 7 CVEs in the last two years.

What is the average severity of sba-research's CVEs?

The average CVSS base score across sba-research's scored CVEs is 6.7.

Are any of sba-research's CVEs in CISA's Known Exploited Vulnerabilities catalog?

No. None of sba-research's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

What are the most common weakness types in sba-research's CVEs?

sba-research's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-266 (Incorrect Privilege Assignment), CWE-284 (Improper Access Control), CWE-303 (Incorrect Implementation of Authentication Algorithm).

How does sba-research rank among CNAs?

By total CVE volume, sba-research ranks #334 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.

References

Official CVE.org list of CNA partners (opens in a new tab)
Learn: What is a CNA?
CWE directory: the weakness types this CNA maps its CVEs to

CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.

Track sba-research CVEs

Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Data quality report card
Severity and exploitation
Common weakness types
Publishing activity
Top vendors
Top products
Latest CVEs
Other CNAs
FAQ
References