Low-impact vulnerabilities are often excluded from public disclosure due to their minimal risk, unlikely exploitation scenarios, and the need to prioritize higher-impact security threats.