CVSSv3 01/27/2021info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1687975.55.5
 
 
 
JasPer libjasper jp2_dec.c jp2_decode heap-based overflow0.04CVE-2021-3272
1687966.36.3
 
 
 
KLog Server async.php shell_exec command injection0.01CVE-2021-3317
1687956.36.3
 
 
 
Wekan Connection ldap.js unknown vulnerability0.01CVE-2021-3309
1687945.55.5
 
 
 
SmartAgent users unknown vulnerability0.00CVE-2021-3165
1687934.34.3
 
 
 
CKeditor Autolink Plugin incorrect regex0.01CVE-2021-26272
1687926.36.3
 
 
 
CKeditor Dialogs Plugin incorrect regex0.00CVE-2021-26271
1687913.53.5
 
 
 
Flarum Sticky Extension cross site scripting0.00CVE-2021-21283
1687905.35.3
 
 
 
RSSHub injection0.01CVE-2021-21278
1687894.34.3
 
 
 
Tendermint Core resource consumption0.01CVE-2021-21271
1687887.57.5
 
 
 
NVIDIA Jetson AGX Xavier INA3221 Driver access control0.00CVE-2021-1071
1687878.88.8
 
 
 
NVIDIA Jetson AGX Xavier apply_binaries.sh access control0.00CVE-2021-1070
1687865.55.5
 
 
 
Winmail HTTP app.php server-side request forgery0.01CVE-2020-23776
1687853.53.5
 
 
 
Winmail convert.php cross site scripting0.01CVE-2020-23774
1687849.89.8
 
 
 
Backdoor.Win32.Wollf.14 Service Port 7614 improper authentication0.00
1687835.35.3
 
 
 
Constructor.Win32.SpyNet.a information disclosure0.00
1687824.34.3
 
 
 
Xen IDT Vector resource consumption0.01CVE-2021-3308
1687813.53.5
 
 
 
TIBCO BPM Enterprise/BPM Enterprise Distribution cross site scripting0.01CVE-2021-23272
1687807.87.8
 
 
 
Proofpoint Insider Threat Management Windows Agent access control0.01CVE-2021-22159
1687795.55.5
 
 
 
Matrikon OPC UA Tunneller out-of-bounds read0.00CVE-2020-27299
1687786.36.3
 
 
 
Matrikon OPC UA Tunneller heap-based overflow0.01CVE-2020-27297
1687774.34.3
 
 
 
Matrikon OPC UA Tunneller resource consumption0.01CVE-2020-27295
1687764.34.3
 
 
 
Matrikon OPC UA Tunneller Thread unusual condition0.00CVE-2020-27274
1687753.53.5
 
 
 
Micrium uC-HTTP HTTP Request denial of service0.04CVE-2020-13582
1687745.55.5
 
 
 
Sagemcom F@ST 3686 v2 login buffer overflow0.04CVE-2021-3304
1687737.47.4
 
 
 
ZyXEL NBG2105 Login Cookie access control0.01CVE-2021-3297
1687725.55.5
 
 
 
Zen Cart Modules Edit Page os command injection0.00CVE-2021-3291
1687716.36.3
 
 
 
Spotweb notAllowedCommands sql injection0.00CVE-2021-3286
1687705.65.6
 
 
 
Texas Instruments Code Composer Studio IDE X.509 certificate validation0.00CVE-2021-3285
1687696.36.3
 
 
 
Local Service Search Engine Management System Login Page sql injection0.01CVE-2021-3278
1687683.53.5
 
 
 
node-red-dashboard pathname traversal0.00CVE-2021-3223
1687676.36.3
 
 
 
ONLYOFFICE Document Server JWT upload pathname traversal0.00CVE-2021-3199
1687665.55.5
 
 
 
Bitcoin Core dumpwallet RPC Call .bitcoin path traversal0.01CVE-2021-3195
1687656.36.3
 
 
 
Nagios XI Docker Config Wizard Remote Privilege Escalation0.01CVE-2021-3193
1687645.55.5
 
 
 
async-git Package os command injection0.01CVE-2021-3190
1687635.55.5
 
 
 
PHPList Export csv injection0.00CVE-2021-3188
1687623.53.5
 
 
 
Tenda AC5 AC1200 main.html cross site scripting0.01CVE-2021-3186
1687615.55.5
 
 
 
gst-plugins-bad h264 Header stack-based overflow0.00CVE-2021-3185
1687606.36.3
 
 
 
ChurchRota POST Request resources.php unrestricted upload0.05CVE-2021-3164
1687595.55.5
 
 
 
Home Assistant path traversal0.02CVE-2021-3152
1687586.36.3
 
 
 
Google Go Fetch Module command injection0.01CVE-2021-3115
1687575.55.5
 
 
 
Google Go p224.go unknown vulnerability0.01CVE-2021-3114
1687565.55.5
 
 
 
cPanel Suspension access control0.01CVE-2021-26267
1687555.55.5
 
 
 
cPanel Suspension Lock access control0.01CVE-2021-26266
1687546.36.3
 
 
 
ACDSee Professional 2021 BMP Image IDE_ACDStd.apl memory corruption0.00CVE-2021-26026
1687536.36.3
 
 
 
ACDSee Professional 2021 BMP Image IDE_ACDStd.apl memory corruption0.00CVE-2021-26025
1687525.55.5
 
 
 
fil-ocl Crate double free0.00CVE-2021-25908
1687515.55.5
 
 
 
containers Crate mutate2 unknown vulnerability0.00CVE-2021-25907
1687505.55.5
 
 
 
basic_dsp_matrix Crate unknown vulnerability0.05CVE-2021-25906
1687495.55.5
 
 
 
bra Crate uninitialized pointer0.00CVE-2021-25905
1687483.53.5
 
 
 
av-data Crate null pointer dereference0.06CVE-2021-25904

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!