Cyber Resilience

Named CVEs

A small catalog of vulnerabilities that earned their own names. Every card links to the canonical CVE-detail page on this site so you can pivot from the colloquial name into the full posture record — controls, references, attributed actors, and EU/UK enrichment.

How a CVE earns a name

Almost every entry in the CVE corpus is known only by its identifier, like CVE-2024-3094. A small number cross over into a memorable name. That crossover is itself a signal: a vulnerability usually only earns a name when it is easy to weaponise, hits widely deployed software, or both. Three things tend to produce one.

  1. A researcher or vendor brands it. The team that discovers a high-impact bug gives it a name, and often a logo, to drive urgency and patching. Heartbleed, Log4Shell, and regreSSHion were named by their finders precisely so the world would pay attention. Here the name is a communications tool.
  2. CISA assigns an official name. Once a flaw is exploited in the wild it is added to CISA's Known Exploited Vulnerabilities (KEV) catalog, which carries a human-readable vulnerabilityName field alongside the CVE ID. That is the closest thing to an authoritative naming source.
  3. The community coins a nickname. Media coverage, advisory write-ups, and proof-of-concept repositories on GitHub converge on a handle that sticks; Follina, PrintNightmare, and Dirty Pipe spread this way before showing up in NVD references.

The catalog below is a curated pick of those crossover cases. Some names cover a single CVE; others, like ProxyShell, bundle a chain of several. Each card links straight to the full CVE-detail page so you can move from the colloquial name into the underlying record.

Copy Fail

Linux kernel copy_file_range() race-condition LPE — local user escalates to root via cross-filesystem copies; named CopyFail by community / Cloudflare write-up.

regreSSHion

Signal-handler race in OpenSSH sshd that re-introduced a 2006 RCE — pre-auth, root, exploitable under tight conditions.

XZ backdoor

Multi-year supply-chain implant in xz-utils that targeted OpenSSH via systemd's liblzma linkage — caught days before it hit stable distros.

Terrapin

SSH BPP prefix-truncation attack that lets a network-level adversary downgrade negotiated parameters and strip channel-binding messages.

MOVEit

Progress MOVEit Transfer SQL injection that Clop weaponized into one of the largest mass-data-exfiltration campaigns on record.

Looney Tunables

glibc dynamic loader GLIBC_TUNABLES buffer overflow exploitable by any local user to escalate to root on most Linux distros.

GoAnywhere

Fortra GoAnywhere MFT pre-auth RCE chain — Clop's earlier 2023 mass-exfil campaign and a 2025 recurrence in the same product.

CitrixBleed

Citrix NetScaler buffer over-read that leaked session tokens, enabling session hijacking — used by LockBit and others against major orgs.

Spring4Shell

Spring Core RCE via parameter binding to ClassLoader fields — the spring-framework equivalent of Log4Shell.

PwnKit

Polkit pkexec argv parsing flaw — any unprivileged local user becomes root, present in Linux for 12+ years before disclosure.

ProxyNotShell

Exchange Server SSRF + post-auth PowerShell RCE pair, exploited as a 0-day before Microsoft shipped a fix.

Follina

Office MSDT URI handler executed arbitrary PowerShell from a Word document — no macros required.

Dirty Pipe

Linux pipe-buffer flag mishandling let an unprivileged user overwrite data in arbitrary read-only files.

Sudo Baron Samedit

Heap-based buffer overflow in sudo's argument parsing, exploitable by any local user to gain root — affected default installs across most distros.

ProxyLogon

Exchange SSRF chained into pre-auth RCE — the HAFNIUM mass-compromise spree of early 2021.

PrintNightmare

Windows Print Spooler RCE/LPE pair — Microsoft patched it, then re-patched, then re-patched again.

MSHTML zero-day

Office DOCX MSHTML ActiveX RCE — used in mass campaigns as a Cobalt Strike loader before Follina shipped.

Log4j follow-up

Log4Shell patch-bypass: the 2.15 release still allowed JNDI lookup via certain non-default configurations.

Log4Shell

Unauthenticated RCE in Apache Log4j via JNDI lookup substitution in a single logged string.

ZeroLogon

Netlogon cryptographic flaw let any unauthenticated attacker on the network reset a domain controller's machine password.

SMBGhost

SMBv3 compression-header integer overflow giving pre-auth wormable RCE on Windows 10 / Server 2019.

BlueKeep

Pre-auth wormable RCE in Windows RDP — Microsoft was alarmed enough to ship XP patches.

Spectre

Speculative-execution side channel (bounds-check bypass) that leaks data across security boundaries on virtually every modern CPU.

Meltdown

Out-of-order execution side channel on Intel CPUs that let unprivileged code read kernel memory.

KRACK

WPA2 four-way handshake key-reinstallation flaw that let an attacker decrypt Wi-Fi traffic.

EternalBlue

SMBv1 RCE leaked from the NSA via Shadow Brokers; the engine behind WannaCry and NotPetya.

Dirty COW

Race condition in the Linux kernel's copy-on-write handling that turned read-only mappings into a local root primitive.

DROWN

Cross-protocol attack reusing a still-enabled SSLv2 endpoint to break TLS sessions sharing the same RSA key.

GHOST

Heap buffer overflow in glibc's gethostbyname() reachable from many network-facing daemons.

Shellshock

Bash parsed function definitions out of environment variables, turning CGI servers into remote shells.

POODLE

SSL 3.0 CBC padding oracle that let a network attacker decrypt session cookies one byte at a time.

Heartbleed

OpenSSL TLS heartbeat extension leaked up to 64 KB of process memory per request, exposing keys and passwords.