The rules around CVE reporting changed recently and it would be expected a lot more are accepted.