What is the zdi CNA?
zdi is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 3,256 CVE records since 2015.
How many CVEs has zdi published?
zdi has published 3,256 CVE records, including 1,822 in the last two years.
What is zdi's CVE data quality grade?
RadicalNotion.AI grades zdi's CVE data quality as A, with an overall completeness score of 96.8%. This reflects how consistently its CVE records include vendor (99.8%), product (99.8%), CVSS (87.7%), and CWE (99.8%) information.
What products does zdi publish CVEs for?
zdi most frequently publishes CVEs for Windows, PhantomPDF, Foxit Reader, PDF-XChange Editor, PDF Editor.
Which vendors does zdi cover?
zdi publishes CVEs across 229 distinct vendors, most often Foxit, Microsoft, foxitsoftware, PDF-XChange, dlink.
Is zdi actively publishing CVEs?
zdi is currently active, based on 1,822 CVEs in the last two years.
What is the average severity of zdi's CVEs?
The average CVSS base score across zdi's scored CVEs is 7.3.
How many critical CVEs has zdi published?
zdi has published 154 critical-severity CVEs and 2,122 high-severity CVEs.
Are any of zdi's CVEs in CISA's Known Exploited Vulnerabilities catalog?
Yes. 5 of zdi's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
What are the most common weakness types in zdi's CVEs?
zdi's CVEs most often map to these CWE weakness types: CWE-125 (Out-of-bounds Read), CWE-416 (Use After Free), CWE-787 (Out-of-bounds Write), CWE-121 (Stack-based Buffer Overflow).
How does zdi rank among CNAs?
By total CVE volume, zdi ranks #18 of 370 CNAs, and it reports more complete CVE records than 45% of all CNAs.
