Please discuss and report any and all vulnerabilities here FIRST before reporting them to a national database. BE REALISTIC. Don't let your youthful optimism, idealism, and sense of do-goodery shoot thisproject in the foot. THERE ARE REALITIES TO THOSE REPORTS. Also, According to both NIST & Mitre "You should make a GOOD FAITH EFFORT to NOTIFY the affected vendor and WORK WITH THEM to ENSURE that a patch is available PRIOR to PUBLICLY DISCLOSING the vulnerability." https://cve.mitre.org/cve/researcher_reservation_guidelines#researcher_reservation_guidelines#2 In other words, lets talk BEFORE you report/disclose publicly. Dropping unwitting CVEs on us causes much wasted effort and many other problems. It is time spent chasing the unnecessary, which couldgo into actually fixing problems. Even so, we're all about that netsec. Please come and join us.