CVSSv3 04/17/2017info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
999326.45.37.5
 
 
Sandstorm Cap'n Proto Compiler Optimization input validation0.00CVE-2017-7892
999315.24.36.1
 
 
sourcebans-pp admin.comms.php cross site scripting0.07CVE-2017-7891
999306.45.37.5
 
 
Apache Traffic Server input validation0.00CVE-2017-5659
999298.57.39.8
 
 
Apache Log4j Socket Server deserialization0.09CVE-2017-5645
999287.37.37.3
 
 
IBM API Connect Developer Portal input validation0.00CVE-2017-1161
999274.43.55.4
 
 
IBM Financial Transaction Manager Web UI cross site scripting0.00CVE-2017-1160
999266.45.37.5
 
 
Digium Asterisk chain_sip resource management0.04CVE-2016-7551
999256.45.37.5
 
 
Apache Traffic Server HPACK Bomb resource management0.00CVE-2016-5396
999243.53.53.5
 
 
Cybozu Office File Download Reflected access control0.00CVE-2016-4874
999235.36.34.3
 
 
Cybozu Office Project permission0.00CVE-2016-4873
999224.34.34.3
 
 
Cybozu Office Breadcrumb Trail information disclosure0.00CVE-2016-4872
999215.44.36.5
 
 
Cybozu Office resource management0.05CVE-2016-4871
999204.43.55.4
 
 
Cybozu Office Schedule cross site scripting0.00CVE-2016-4870
999195.95.36.5
 
 
Cybozu Office information disclosure0.00CVE-2016-4869
999185.87.34.3
 
 
Cybozu Office Email Header input validation0.00CVE-2016-4868
999174.34.34.3
 
 
Cybozu Office Project information disclosure0.00CVE-2016-4867
999163.62.44.8
 
 
Cybozu Office Project cross site scripting0.00CVE-2016-4866
999153.62.44.8
 
 
Cybozu Office Customapp cross site scripting0.00CVE-2016-4865
999144.43.55.4
 
 
IBM Cognos TM1 cross site scripting0.08CVE-2016-3038
999135.04.35.7
 
 
IBM Cognos TM1 Service information disclosure0.00CVE-2016-3037

Interested in the pricing of exploits?

See the underground prices here!