This is not a CVE leaderboard. It is a curated record of research published when the attack class, the target, or the technique was still considered niche, theoretical, or uninteresting by the broader industry. Each item is included for what it documented at the time, not for the size of its identifier.
Research doctrine
There is no rule of thumb for individual research and the goal was never a checklist. Looking back across these advisories, a few recurring instincts are worth calling out.
Target the doubt, not the score
Pick issues where the industry disputes the impact. XSS in 2004, PDF JavaScript in 2008, Office as a malware carrier in 2006. Prove the impact concretely before the industry consensus catches up to the finding.
Surface forgotten primitives
Old operating system mechanisms keep returning as attack vectors. DDE, COM interop, OLE embedding. Document them properly the first time so they are not rediscovered a decade later under a different name.
Challenge category-defining claims
When a product class markets a guarantee, personal firewalls, virtual keyboards, anti-piracy attestation, test the guarantee rather than the product. The shape of the bypass usually outlives the vendor that shipped it.
Publish for the learner, not the leaderboard
Every advisory is written so a researcher reading it years later still extracts a transferable pattern. The CVE identifier is only the receipt, the writeup itself is the artifact worth keeping.
Landmark research
Selected entries with outsized point-in-time impact
Released within days of MS08-067 going public, when no reliable independent exploit existed outside of vendor and a handful of closed circles. The same primitive later powered Conficker. At that moment the choice was: wait for someone else, or write it.
Research insight
Reliability beats novelty when the window of relevance is days. Studying the canonicalization primitive taught more about Windows path parsing than any of the dozens of follow-up writeups that came months later.
Published when public Adobe Reader exploit code was almost non-existent. PDF was still considered a 'safe document format' by most enterprises. JavaScript-in-PDF was a niche even within client-side research.
Research insight
The interesting surface is rarely the parser, it is the embedded interpreter. JavaScript engines bolted onto document readers became the dominant client-side attack class for the next decade.
Another NDA-bound exploit. Released as a recorded PoC. One of the first widely circulated demonstrations of a malicious-PDF chain triggering code execution end to end.
Research insight
Method-name fingerprinting inside embedded JS APIs is a productive hunting ground. The same pattern (a long-deprecated method still reachable) recurred across multiple PDF and Office bugs for years.
Reported in mid-2006, during the very first wave of Excel zero-days to draw mainstream attention, and the third Excel issue surfaced in that early sequence. Awareness that an Office document could be a delivery vehicle for backdoors and malicious code was almost non-existent at the time: enterprises still treated .xls and .doc as inert content, antivirus engines barely parsed embedded OLE streams, and Office attacks were assumed to mean VBA macros. This advisory documented something different: cross-application code execution via an OLE-hosted Shockwave Flash object living inside the spreadsheet, so the foreign runtime, not Excel itself, carried the payload.
Research insight
Composite document formats are an attack surface union, not an intersection. Each embedded runtime drags its own bugs in, and the host application inherits them. The work was published as a need-of-the-hour awareness piece: Office-as-malware-carrier became one of the defining client-side attack patterns of the following decade, from targeted .xls droppers to the macro and DDE waves that followed years later.
MediumDiscovery & PoC
Nov 2005
Zone Labs Products Advance Program Control Bypass
CVE-2005-3560
Why it mattered then
Personal firewalls were the dominant endpoint control of the era. Showing that 'Advanced Program Control' could be sidestepped from inside a trusted process challenged a category-defining marketing claim.
Research insight
A security product that runs in the same trust domain as the threat cannot reliably enforce a policy against it. The argument predated and applies to today's userland EDR debates.
MediumDiscovery & Exploit
Sep 2005
Bypassing Zone Alarm Firewall Using DDE-IPC
ZoneAlarm DDE
Why it mattered then
Used Dynamic Data Exchange (DDE), an IPC mechanism nearly forgotten by 2005, to make an allowed process speak on a blocked process's behalf. Most personal firewalls of the era assumed a 1-to-1 process-to-network mapping.
Research insight
Old, dusty OS primitives are a permanent gift to attackers. DDE itself resurfaced as an Office attack vector more than a decade later. Nothing legacy in operating systems is ever fully retired.
Full archive in context
Every advisory, grouped by year, with the climate it landed in
Released within days of MS08-067 going public, when no reliable independent exploit existed outside of vendor and a handful of closed circles. The same primitive later powered Conficker. At that moment the choice was: wait for someone else, or write it.
Insight
Reliability beats novelty when the window of relevance is days. Studying the canonicalization primitive taught more about Windows path parsing than any of the dozens of follow-up writeups that came months later.
Published when public Adobe Reader exploit code was almost non-existent. PDF was still considered a 'safe document format' by most enterprises. JavaScript-in-PDF was a niche even within client-side research.
Insight
The interesting surface is rarely the parser, it is the embedded interpreter. JavaScript engines bolted onto document readers became the dominant client-side attack class for the next decade.
Exploit developed under contract with a vendor NDA. Code could not be released, so a PoC video was published instead to document the work and the technique.
Insight
Not every piece of useful research can ship as code. A captured demonstration is still primary evidence of capability, and worth more than a silent CVE bullet.
Another NDA-bound exploit. Released as a recorded PoC. One of the first widely circulated demonstrations of a malicious-PDF chain triggering code execution end to end.
Insight
Method-name fingerprinting inside embedded JS APIs is a productive hunting ground. The same pattern (a long-deprecated method still reachable) recurred across multiple PDF and Office bugs for years.
Anti-piracy and licensing checks were treated as out-of-scope by mainstream security research at the time. Defeating OGA documented that client-side validation of trust state is structurally broken, not just OGA-broken.
Insight
Wherever a vendor pushes a 'trust this client to attest to itself' check, the same class of bypass keeps reappearing: DRM, license servers, mobile attestation, supply-chain signing. The shape of the bug outlives the product.
HTTP Response Splitting (Klein, 2004) was still treated by most application security teams as a theoretical curiosity. Demonstrating it inside Google's flagship ads product made it operationally undeniable.
Insight
When industry calls a vulnerability class 'theoretical', it usually means nobody has weaponised it inside a recognisable brand yet. Picking the right target is half the research.
Companion work to the AdWords advisory, showing the same primitive in a mid-market e-commerce platform two months earlier. Documented the class across the size spectrum, not just in a marquee target.
Insight
Patterns generalise. If a category of bug exists at scale in Google, look for it next in the open-source stacks that share the same HTTP handling assumptions.
Reported in mid-2006, during the very first wave of Excel zero-days to draw mainstream attention, and the third Excel issue surfaced in that early sequence. Awareness that an Office document could be a delivery vehicle for backdoors and malicious code was almost non-existent at the time: enterprises still treated .xls and .doc as inert content, antivirus engines barely parsed embedded OLE streams, and Office attacks were assumed to mean VBA macros. This advisory documented something different: cross-application code execution via an OLE-hosted Shockwave Flash object living inside the spreadsheet, so the foreign runtime, not Excel itself, carried the payload.
Insight
Composite document formats are an attack surface union, not an intersection. Each embedded runtime drags its own bugs in, and the host application inherits them. The work was published as a need-of-the-hour awareness piece: Office-as-malware-carrier became one of the defining client-side attack patterns of the following decade, from targeted .xls droppers to the macro and DDE waves that followed years later.
Plugin and add-on security was a blind spot. The browser core was getting attention, the third-party extensions wrapping foreign engines inside it were not.
Insight
Trust boundaries dissolve at integration points. Any plugin that embeds a second rendering engine inside the first inherits both threat models and protects against neither.
Server-side .NET was being marketed as a managed, safer replacement for classic ASP. Triggering a worker process crash through COM interop showed managed runtimes do not erase the unmanaged surface underneath.
Insight
Managed runtimes are a thin film. Wherever they call into native code (COM, P/Invoke, FFI, JNI, ctypes), the old class of bugs comes back unchanged.
RSS aggregators were a brand-new class of product. Almost no one was modelling 'untrusted feed content rendered inside a logged-in session' as a threat. This advisory put it on the map.
Insight
Any pipeline that ingests third-party content and renders it inside an authenticated context is an XSS factory by default. The pattern repeats today in AI tool calls and MCP servers.
Auth logic in mid-2000s PHP applications was routinely written by hand. Demonstrating a structural bypass in a widely deployed package was about pointing at the pattern, not the project.
Insight
Authentication is almost never broken by cryptography. It is broken by control-flow assumptions about what a request 'must' have done before reaching a code path.
20053 advisories
MediumDiscovery & PoC
Nov 2005
Zone Labs Products Advance Program Control Bypass
CVE-2005-3560
Context at release
Personal firewalls were the dominant endpoint control of the era. Showing that 'Advanced Program Control' could be sidestepped from inside a trusted process challenged a category-defining marketing claim.
Insight
A security product that runs in the same trust domain as the threat cannot reliably enforce a policy against it. The argument predated and applies to today's userland EDR debates.
MediumDiscovery & Exploit
Sep 2005
Bypassing Zone Alarm Firewall Using DDE-IPC
ZoneAlarm DDE
Context at release
Used Dynamic Data Exchange (DDE), an IPC mechanism nearly forgotten by 2005, to make an allowed process speak on a blocked process's behalf. Most personal firewalls of the era assumed a 1-to-1 process-to-network mapping.
Insight
Old, dusty OS primitives are a permanent gift to attackers. DDE itself resurfaced as an Office attack vector more than a decade later. Nothing legacy in operating systems is ever fully retired.
MediumDiscovery & PoC
Aug 2005
Defeating Citi-Bank Virtual Keyboard Protection
Citibank VK
Context at release
Virtual keyboards were being adopted across global retail banking as anti-keylogger controls. The advisory demonstrated that the threat model (keystroke loggers only) ignored every other input observation channel a hostile process has.
Insight
Anti-keylogger UI controls solve the easiest attack and leave the rest. The same flawed shape now appears in 'security questions', SMS OTP, push-only MFA. Threat models that only block yesterday do not age well.
Reported in 2004, two years before the Samy worm. At the time, XSS was widely dismissed as 'just a JavaScript issue' with no real impact. Explaining session theft, CSRF amplification and worm potential was an uphill argument with vendors and editors alike.
Insight
Whole classes of vulnerabilities get dismissed for years before a public incident forces the industry to take them seriously. The window to do quiet, foundational research on a class is before the worm, not after.
A note on counts. The list above is intentionally short. Where a single, well-argued advisory documented a class, the class itself is the contribution. Stacking duplicates of the same bug in a hundred different targets is a scoreboard exercise, not research.