CVSSv3 05/01/2021

CVSSv3 Base

≤10
≤21
≤31
≤410
≤57
≤65
≤76
≤87
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤31
≤410
≤57
≤610
≤73
≤85
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤31
≤411
≤56
≤65
≤710
≤83
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤61
≤71
≤80
≤94
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1744143.73.7
 
 
 
 
Amazon AWS Cognito password recovery0.04
1744133.53.5
 
 
 
 
OX Software OX App Suite Distribution List cross site scripting0.03CVE-2021-31935
1744123.53.5
 
 
 
 
OX Software OX App Suite Contact Object cross site scripting0.00CVE-2021-31934
1744114.43.55.4
 
 
 
SuiteCRM Client Account Page cross site scripting0.08CVE-2021-31792
1744101.91.9
 
 
 
 
Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility cleartext storage0.03CVE-2021-21547
1744095.35.3
 
 
 
 
Dell Hybrid Client access control0.06CVE-2021-21537
1744083.33.3
 
 
 
 
Dell Hybrid Client Register information disclosure0.00CVE-2021-21536
1744073.33.3
 
 
 
 
Dell Hybrid Client Local API information disclosure0.06CVE-2021-21534
1744065.35.3
 
 
 
 
Dell Unisphere for PowerMax Monitor Role authorization0.06CVE-2021-21531
1744055.55.5
 
 
 
 
OX Software OX App Suite Snippet server-side request forgery0.04CVE-2020-28943
1744043.53.5
 
 
 
 
yzmCMS login.html cross site scripting0.03CVE-2020-18084
1744033.53.5
 
 
 
 
OX Software OX Guard WKS Server denial of service0.04CVE-2020-28944
1744023.53.5
 
 
 
 
gosaml2 XML Signature null pointer dereference0.04CVE-2020-7731
1744017.37.3
 
 
 
 
Ampache sql injection0.06CVE-2020-15153
1744006.36.3
 
 
 
 
CubeCoders AMP Application Deployment Service permission0.00CVE-2021-31926
1743994.34.3
 
 
 
 
Dell EMC iDRAC9 cross site scripting0.04CVE-2021-21541
1743987.87.8
 
 
 
 
Dell Hybrid Client missing authentication0.00CVE-2021-21535
1743977.37.3
 
 
 
 
SUSI.AI Admin Config File path traversal0.09CVE-2020-4039
1743965.35.3
 
 
 
 
Exiv2 Metadata out-of-bounds read0.06CVE-2021-29463
1743952.72.7
 
 
 
 
Dell EMC iDRAC9 Comment improper authentication0.03CVE-2021-21544
1743946.36.3
 
 
 
 
Dell EMC iDRAC9 Configuration stack-based overflow0.04CVE-2021-21540
1743934.64.6
 
 
 
 
Dell EMC iDRAC9 Web Interface toctou0.04CVE-2021-21539
1743926.36.3
 
 
 
 
Dell OpenManage Enterprise-Modular Environment os command injection0.05CVE-2021-21530
1743913.53.5
 
 
 
 
Dell EMC iDRAC9 cross site scripting0.09CVE-2021-21543
1743903.53.5
 
 
 
 
Dell EMC iDRAC9 cross site scripting0.08CVE-2021-21542
1743896.36.3
 
 
 
 
Exiv2 Metadata heap-based overflow0.04CVE-2021-29464
1743884.34.3
 
 
 
 
Dell EMC Networking X-Series/PowerEdge VRTX Switch Module access control0.03CVE-2021-21507
1743875.35.3
 
 
 
 
cumulative-distribution-function infinite loop0.04CVE-2021-29486
1743866.76.76.7
 
 
 
IBM Informix Dynamic Server stack-based overflow0.04CVE-2021-20515
1743857.56.38.8
 
 
 
Google Chrome ANGLE heap-based overflow0.00CVE-2021-21233
1743847.56.38.8
 
 
 
Google Chrome Dev Tools use after free0.00CVE-2021-21232
1743836.36.3
 
 
 
 
Google Chrome V8 heap-based overflow0.04CVE-2021-21231
1743827.56.38.8
 
 
 
Google Chrome V8 type confusion0.04CVE-2021-21230
1743815.05.0
 
 
 
 
Google Chrome Extensions access control0.00CVE-2021-21228
1743807.56.38.8
 
 
 
Google Chrome V8 heap-based overflow0.06CVE-2021-21227
1743794.74.7
 
 
 
 
Chamilo fileUpload.lib.php pathname traversal0.03CVE-2021-31933
1743784.34.3
 
 
 
 
Google Chrome Downloads clickjacking0.05CVE-2021-21229

Interested in the pricing of exploits?

See the underground prices here!