CVSSv3 01/14/2021info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1679934.34.3
 
 
 
Apache Tomcat NTFS File System File.getCanonicalPath information disclosure0.11CVE-2021-24122
1679925.55.5
 
 
 
XMLBeans XML Parser xml external entity reference0.17CVE-2021-23926
1679913.53.5
 
 
 
ZTE ZXV10 B860A Log information disclosure0.05CVE-2021-21722
1679905.35.3
 
 
 
acmailer/acmailer DB improper authentication0.06CVE-2021-20618
1679896.36.3
 
 
 
acmailer/acmailer DB access control0.00CVE-2021-20617
1679882.42.4
 
 
 
Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross site scripting0.07CVE-2020-6777
1679874.34.3
 
 
 
Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross-site request forgery0.00CVE-2020-6776
1679863.53.5
 
 
 
SimplCommerce Bootbox.js html cross site scripting0.05CVE-2020-29587
1679857.37.3
 
 
 
Fortinet FortiWeb httpd stack-based overflow0.07CVE-2020-29019
1679846.36.3
 
 
 
Fortinet FortiWeb format string0.22CVE-2020-29018
1679836.36.3
 
 
 
Fortinet FortiDeceptor Customization Page os command injection0.05CVE-2020-29017
1679827.37.3
 
 
 
Fortinet FortiWeb Request stack-based overflow0.06CVE-2020-29016
1679815.65.6
 
 
 
Fortinet FortiWeb Authorization Header sql injection0.05CVE-2020-29015
1679806.36.3
 
 
 
scullyio scully HTML Page JSON.stringify state issue0.05CVE-2020-28470
1679793.53.5
 
 
 
TOTOLINK A702R Directory Indexing information disclosure0.06CVE-2020-27368
1679783.53.5
 
 
 
Skyworth GN542VF Configuration Page cross site scripting0.05CVE-2020-26733
1679773.73.7
 
 
 
Skyworth GN542VF Boa Session Cookie missing secure attribute0.05CVE-2020-26732
1679766.36.3
 
 
 
Open-iSCSI tcmu-runner tcmur_cmd_handler.c xcopy_locate_udev pathname traversal0.05CVE-2021-3139
1679756.36.3
 
 
 
Discourse 2FA improper authentication0.06CVE-2021-3138
1679744.34.3
 
 
 
1C:Enterprise URL Parameter information disclosure0.04CVE-2021-3131
1679732.72.7
 
 
 
Palo-Alto PAN-OS log file0.04CVE-2021-3032
1679724.34.3
 
 
 
Palo-Alto PAN OS Ethernet Packet information disclosure0.06CVE-2021-3031
1679715.55.5
 
 
 
git-big-picture Branch Name unknown vulnerability0.05CVE-2021-3028
1679703.53.5
 
 
 
OWASP json-sanitizer JSON denial of service0.04CVE-2021-23900
1679693.53.5
 
 
 
OWASP json-sanitizer Script Tag cross site scripting0.00CVE-2021-23899
1679683.53.5
 
 
 
Bumblebee HP ALM Plugin Configuration File credentials storage0.04CVE-2021-21614
1679673.53.5
 
 
 
TICS Plugin cross site scripting0.05CVE-2021-21613
1679663.53.5
 
 
 
TraceTronic ECU-TEST Plugin Configuration File credentials storage0.00CVE-2021-21612
1679653.53.5
 
 
 
Jenkins Display Name cross site scripting0.06CVE-2021-21611
1679643.53.5
 
 
 
Jenkins Markup cross site scripting0.06CVE-2021-21610
1679635.55.5
 
 
 
Jenkins URL handler authorization0.06CVE-2021-21609
1679623.53.5
 
 
 
Jenkins cross site scripting0.06CVE-2021-21608
1679613.53.5
 
 
 
Jenkins URL memory allocation0.00CVE-2021-21607
1679603.53.5
 
 
 
Jenkins XML File information disclosure0.06CVE-2021-21606
1679595.55.5
 
 
 
Jenkins Agent config.xml permission0.00CVE-2021-21605
1679585.55.5
 
 
 
Jenkins Old Data Monitor deserialization0.06CVE-2021-21604
1679573.53.5
 
 
 
Jenkins Notification Bar cross site scripting0.00CVE-2021-21603
1679565.55.5
 
 
 
Jenkins File Browser link following0.06CVE-2021-21602
1679555.35.3
 
 
 
jQuery Validation Plugin resource consumption0.00CVE-2021-21252
1679546.36.3
 
 
 
Adobe Bridge TTF File out-of-bounds write0.00CVE-2021-21013
1679536.36.3
 
 
 
Adobe Bridge TTF File out-of-bounds write0.05CVE-2021-21012
1679525.35.3
 
 
 
Adobe Captivate 2019 uncontrolled search path0.05CVE-2021-21011
1679515.35.3
 
 
 
Adobe InCopy uncontrolled search path0.05CVE-2021-21010
1679505.35.3
 
 
 
Adobe Campaign Classic server-side request forgery0.06CVE-2021-21009
1679495.35.3
 
 
 
Adobe Animate uncontrolled search path0.00CVE-2021-21008
1679485.35.3
 
 
 
Adobe Illustrator uncontrolled search path0.04CVE-2021-21007
1679476.36.3
 
 
 
Adobe Photoshop Font File heap-based overflow0.05CVE-2021-21006
1679467.27.2
 
 
 
Cisco Small Business Web-based Management Interface stack-based overflow0.05CVE-2021-1360
1679453.13.1
 
 
 
Cisco WebEx Meetings/WebEx Meetings Server Host Key excessive authentication0.05CVE-2021-1311
1679446.36.3
 
 
 
Cisco Webex Meetings Web-based Management Interface redirect0.05CVE-2021-1310

Want to stay up to date on a daily basis?

Enable the mail alert feature now!