CVSSv3 05/28/2021

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1760573.53.5
 
 
 
FreeBSD libradius denial of service0.32CVE-2021-29629
1760565.55.5
 
 
 
FreeBSD System Call unknown vulnerability0.72CVE-2021-29628
1760553.53.5
 
 
 
pki-core POST Request cross site scripting0.08CVE-2020-25715
1760543.53.5
 
 
 
Keycloak cross site scripting0.56CVE-2021-20195
1760536.36.3
 
 
 
Kiali OpenID authentication spoofing0.08CVE-2021-20278
1760525.55.5
 
 
 
gdk-pixbuf GIF Image out-of-bounds write0.09CVE-2021-20240
1760515.55.5
 
 
 
ZeroMQ Topic Subscription stack-based overflow0.32CVE-2021-20236
1760503.53.5
 
 
 
QEMU am53c974 SCSI Host Bus Adapter Emulation denial of service0.16CVE-2020-35505
1760493.53.5
 
 
 
QEMU SCSI Emulation Support null pointer dereference0.16CVE-2020-35504
1760486.36.3
 
 
 
dex SAML Connector authentication spoofing0.32CVE-2020-27847
1760474.64.6
 
 
 
KeyCloak Account REST API unnecessary privileges0.24CVE-2020-27826
1760466.36.3
 
 
 
Naver Comic Viewer HTML Page Remote Privilege Escalation0.48CVE-2021-33591
1760454.34.3
 
 
 
Spice Renegotiation resource consumption0.16CVE-2021-20201
1760445.55.5
 
 
 
QEMU am53c974 SCSI Host Bus Adapter Emulation CMD_TI denial of service0.25CVE-2020-35506
1760434.34.3
 
 
 
OpenLDAP Packet csnNormalize23 assertion0.16CVE-2020-25710
1760425.35.3
 
 
 
ZeroMQ PUB Message xpub.cpp resource consumption0.00CVE-2021-20237
1760414.34.3
 
 
 
Linux Kernel BPF information disclosure0.34CVE-2021-20239
1760407.27.2
 
 
 
Linux Kernel Nouveau DRM Subsystem nouveau_sgdma.c nouveau_sgdma_create_ttm use after free0.48CVE-2021-20292
1760393.53.5
 
 
 
Baijia 101EIP System Announcement cross site scripting0.17CVE-2021-32540
1760384.34.3
 
 
 
Harvest Information CTS Web Trading System cross site scripting0.32CVE-2021-32542
1760373.53.5
 
 
 
Baijia 101EIP System cross site scripting0.17CVE-2021-32539
1760366.36.3
 
 
 
Harvest Information CTS Web Transaction System improper authentication0.43CVE-2021-32543
1760355.35.3
 
 
 
Harvest Information CTS Web Trading System user session0.24CVE-2021-32541
1760345.55.5
 
 
 
OpenShift Web Console security check for standard0.41CVE-2020-1761
1760333.53.5
 
 
 
RESTEasy RESTEASY003870 Exception cross site scripting0.17CVE-2020-10688
1760325.35.3
 
 
 
Spring Framework Multipart Request privileges management3.50CVE-2021-22118
1760315.55.5
 
 
 
Ansible Tower server-side request forgery0.00CVE-2020-14328
1760305.55.5
 
 
 
Ansible Tower server-side request forgery0.09CVE-2020-14327
1760293.33.3
 
 
 
please search_path information disclosure0.33CVE-2021-31153
1760285.55.5
 
 
 
Citrix Workspace App access control0.56CVE-2021-22907
1760276.36.3
 
 
 
CubeCart Session Cookie session fixiation0.17CVE-2021-33394
1760265.55.5
 
 
 
Siemens Luxion KeyShot STP File Parser stack-based overflow0.34CVE-2021-27494
1760255.55.5
 
 
 
Siemens Luxion KeyShot Datakit Software Libraries out-of-bounds read0.72CVE-2021-27490
1760245.55.5
 
 
 
Siemens Luxion KeyShot CATPart File Parser out-of-bounds write0.25CVE-2021-27488
1760235.55.5
 
 
 
SonicWall NSM On-Prem HTTP Request os command injection1.43CVE-2021-20026
1760226.36.3
 
 
 
FFmpeg vf_edgedetect.c gaussian_blur heap-based overflow0.56CVE-2020-22025
1760213.53.5
 
 
 
Kubevirt virt-handler permission assignment0.40CVE-2020-1701
1760203.53.5
 
 
 
Mozilla Network Security Services CHACHA20-POLY1305 out-of-bounds read0.48CVE-2020-12403
1760193.53.5
 
 
 
Ansible Engine Template Caching random values0.32CVE-2020-10729
1760186.36.3
 
 
 
Ansible Tower OAuth2 Authentication improper authentication0.56CVE-2020-10709
1760175.55.5
 
 
 
libvirt API authorization0.80CVE-2020-10701
1760163.53.5
 
 
 
Ansible Tower Openshift resource consumption1.04CVE-2020-10697
1760155.55.5
 
 
 
runc Configuration pathname traversal1.20CVE-2021-30465
1760144.74.7
 
 
 
Pulse Secure Pulse Connect Secure Administrator Web Interface unrestricted upload2.07CVE-2021-22900
1760135.55.5
 
 
 
Huawei Secospace USG9500 out-of-bounds write1.04CVE-2021-22411
1760123.53.5
 
 
 
Huawei Mate 30 denial of service0.72CVE-2021-22364
1760115.55.5
 
 
 
Huawei CloudEngine 12800 out-of-bounds write0.72CVE-2021-22362
1760103.53.5
 
 
 
Huawei S5700/S6700 Message denial of service0.80CVE-2021-22359
1760095.55.5
 
 
 
Huawei FusionCompute input validation0.88CVE-2021-22358
1760084.34.3
 
 
 
Ab Initio Control Center file inclusion0.80CVE-2021-33408

Interested in the pricing of exploits?

See the underground prices here!