CVSSv3 01/23/2020info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1493098.57.39.8
 
 
Plone privileges management0.00CVE-2020-7941
1493085.63.77.5
 
 
Plone weak password0.05CVE-2020-7940
1493077.56.38.8
 
 
Plone DTML sql injection0.08CVE-2020-7939
1493067.56.38.8
 
 
Plone plone.restapi privileges management0.00CVE-2020-7938
1493054.43.55.4
 
 
Plone cross site scripting0.00CVE-2020-7937
1493046.67.16.1
 
 
Plone Login Form redirect0.00CVE-2020-7936
1493037.56.38.8
 
 
JFrog Artifactory FreeMarker Template authorized_keys DefaultObjectWrapper code injection0.05CVE-2020-7931
1493028.57.39.8
 
 
CTFd Registration auth.py reset_password password recovery0.00CVE-2020-7245
1493017.57.57.5
 
 
Hashicorp Vault Enterprise information disclosure0.06CVE-2020-7220
1493004.34.34.3
 
 
Umbraco CMS cross-site request forgery0.00CVE-2020-7210
1492993.62.44.8
 
 
Zoho ManageEngine ServiceDesk Plus cross site scripting0.00CVE-2020-6843
1492988.57.39.8
 
 
Philips Hue Bridge ZCL String heap-based overflow0.00CVE-2020-6007
1492975.14.16.1
 
 
PrivateBin Persistent cross site scripting0.06CVE-2020-5223
1492965.05.54.4
 
 
secure_headers override_content_security_policy_directives OPT_OUT Remote Privilege Escalation0.09CVE-2020-5217
1492955.05.54.4
 
 
secure_headers Gem response splitting0.06CVE-2020-5216
1492945.45.35.5
 
 
Fortinet FortiOS CLI Console Private Key default permission0.06CVE-2019-5593
1492937.87.87.7
 
 
SuSE Linux Enterprise Server munge symlink0.00CVE-2019-3691
1492925.63.77.5
 
 
IXP EasyInstall Service Port 20050 cleartext storage0.00CVE-2019-19898
14929110.010.010.0
 
 
IPX EasyInstall Agent Service code injection0.00CVE-2019-19897
1492909.99.99.9
 
 
IXP EasyInstall Engine Service code injection0.00CVE-2019-19896
1492897.56.38.8
 
 
IXP EasyInstall Agent Service privileges management0.00CVE-2019-19895
1492885.45.35.5
 
 
IXP EasyInstall Agent Service privileges management0.00CVE-2019-19894
1492877.47.37.5
 
 
IXP EasyInstall Engine Service path traversal0.00CVE-2019-19893
1492869.89.89.8
 
 
Ruckus Wireless Unleashed emfd _cmdstat.jsp os command injection0.08CVE-2019-19839
1492859.89.89.8
 
 
Ruckus Wireless Unleashed emfd _cmdstat.jsp os command injection0.00CVE-2019-19838
1492845.35.35.3
 
 
Ruckus Wireless Unleashed Web Interface web.conf information disclosure0.07CVE-2019-19837
1492837.47.37.5
 
 
Ruckus Wireless Unleashed zap _rcmdstat.jsp AjaxRestrictedCmdStat server-side request forgery0.00CVE-2019-19835
1492825.75.36.2
 
 
openSUSE Leap apt-cacher-ng unnecessary privileges0.06CVE-2019-18899
1492817.87.87.7
 
 
SuSE Linux Enterprise Server symlink0.06CVE-2019-18898
1492803.62.54.7
 
 
Arm Mbed Crypto/mbed TLS ECDSA ecdsa.c information disclosure0.07CVE-2019-18222
1492798.57.39.8
 
 
Apache XML-RPC deserialization0.03CVE-2019-17570
1492788.07.98.2
 
 
FastTrack Admin By Request improper authentication0.06CVE-2019-17202
1492777.66.39.0
 
 
FastTrack Admin By Request AdminByRequest.exe privileges management0.08CVE-2019-17201
1492768.57.39.8
 
 
ConnectWise Control origin validation0.00CVE-2019-16517
1492755.35.35.3
 
 
ConnectWise Control Username information disclosure0.00CVE-2019-16516
1492746.56.56.5
 
 
ConnectWise Control HTTP Header unknown vulnerability0.00CVE-2019-16515
1492736.76.37.2
 
 
ConnectWise Control unrestricted upload0.07CVE-2019-16514
1492726.54.38.8
 
 
ConnectWise Control cross-site request forgery0.00CVE-2019-16513
1492713.62.44.8
 
 
ConnectWise Control Appearance Modifier Stored cross site scripting0.00CVE-2019-16512
1492708.57.39.8
 
 
Fortinet FortiSIEM Database hard-coded credentials0.06CVE-2019-16153
1492696.76.37.2
 
 
Fortinet FortiMail Admin WebUI Web Console authorization0.13CVE-2019-15712
1492684.64.34.9
 
 
Fortinet FortiMail Admin WebUI System Backup Config authorization0.04CVE-2019-15707
1492676.45.37.5
 
 
Undertow HTTP Server HTTPS resource consumption0.00CVE-2019-14888
1492664.84.35.4
 
 
Red Hat JBoss EAP Vault System Log information disclosure0.03CVE-2019-14885
1492564.83.75.9
 
 
Parity libsecp256k1-rs check_overflow race condition0.06CVE-2019-20399

Do you know our Splunk app?

Download it now for free!