CVSSv3 06/17/2021

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1772114.34.3
 
 
 
Fiyo CMS Parameter cross site scripting0.05CVE-2020-35373
1772103.53.5
 
 
 
IPFire Captive Portal cross site scripting0.00CVE-2020-19202
1772095.65.6
 
 
 
lutils Prototype merge code injection0.05CVE-2021-23396
1772083.53.5
 
 
 
Wagtail Template Tag cross site scripting0.00CVE-2021-32681
1772076.36.3
 
 
 
Elemin Themify Framework themify-ajax.php unrestricted upload0.00CVE-2013-20002
1772066.36.3
 
 
 
IBM AIX Remote Privilege Escalation0.00CVE-2021-29706
1772054.34.3
 
 
 
Trend Micro InterScan Web Security Virtual Appliance Captive Portal cross site scripting0.06CVE-2021-31521
1772044.34.3
 
 
 
Quassel x.509 Certificate cryptographic issues0.00CVE-2021-34825
1772035.35.3
 
 
 
Intel Brand Verification Tool permission0.04CVE-2021-0143
1772025.55.5
 
 
 
Open Design Alliance Drawings SDK DGN File out-of-bounds write0.00CVE-2021-32952
1772015.55.5
 
 
 
Open Design Alliance Drawings SDK DXF File out-of-bounds read0.00CVE-2021-32950
1772005.55.5
 
 
 
Open Design Alliance Drawings SDK out-of-bounds write0.00CVE-2021-32948
1771995.55.5
 
 
 
Open Design Alliance Drawings SDK DGN File out-of-bounds read0.00CVE-2021-32946
1771985.55.5
 
 
 
Open Design Alliance Drawings SDK DWG File Recovery out-of-bounds read0.00CVE-2021-32940
1771973.53.5
 
 
 
Open Design Alliance Drawings SDK DWG File out-of-bounds read0.05CVE-2021-32938
1771965.55.5
 
 
 
Open Design Alliance Drawings SDK DXF File out-of-bounds write0.00CVE-2021-32936
1771956.36.3
 
 
 
Octopus Server Events REST API sql injection0.05CVE-2021-31818
1771945.55.5
 
 
 
Open Design Alliance Drawings SDK DGN use after free0.00CVE-2021-32944
1771935.05.0
 
 
 
ConnectWise Automate Core Agent Inventory Communication sql injection0.00CVE-2021-32582
1771923.53.5
 
 
 
EIP Stack Group OpENer UDP out-of-bounds read0.05CVE-2021-21777
1771915.65.6
 
 
 
PHPMailer validateAddress injection0.12CVE-2021-3603
1771903.53.5
 
 
 
Linux Kernel personal-pci.c out-of-bounds read0.00CVE-2021-32078
1771896.36.3
 
 
 
Monstra file inclusion0.00CVE-2020-25414
1771883.53.5
 
 
 
PageKit SVG File cross site scripting0.10CVE-2021-32245
1771875.35.3
 
 
 
D-Link DIR-2640-US BSS Section out-of-bounds read0.00CVE-2021-34201
1771866.36.3
 
 
 
D-Link DIR-2640-US PPPoE hard-coded password0.06CVE-2021-34203
1771854.34.3
 
 
 
Matrix-Appservice-Bridge Room Upgrade missing authentication0.00CVE-2021-32659
1771843.53.5
 
 
 
Moodle cross site scripting0.06CVE-2021-32244
1771837.37.3
 
 
 
Apollos Apps New User authentication bypass0.00CVE-2021-32691
1771823.73.7
 
 
 
Helm information disclosure0.18CVE-2021-32690
1771816.36.3
 
 
 
FOGProject unrestricted upload0.05CVE-2021-32243
1771807.37.3
 
 
 
GE Reason RPV311 Firmware hard-coded credentials0.05CVE-2021-31477
1771796.36.3
 
 
 
Foxit PhantomPDF XFA Template type confusion0.10CVE-2021-31476
1771783.13.1
 
 
 
Enphase Envoy Custom PAM Module info.xml improper authentication0.04CVE-2020-25754
1771773.13.1
 
 
 
Enphase Envoy info.xml improper authentication0.00CVE-2020-25753
1771763.13.1
 
 
 
Enphase Envoy Web-Panel info.xml unknown vulnerability0.05CVE-2020-25752
1771755.35.3
 
 
 
D-Link AC2600 out-of-bounds read0.05CVE-2021-34202
1771744.34.3
 
 
 
Matrix libolm olm_pk_decrypt stack-based overflow0.04CVE-2021-34813
1771736.86.8
 
 
 
D-Link DIR-2640-US Serial Port access control0.13CVE-2021-34204
1771726.36.3
 
 
 
Enphase Envoy upgrade_start Remote Privilege Escalation0.05CVE-2020-25755
1771716.36.3
 
 
 
74cms wap-company-show.php sql injection0.00CVE-2020-22212
1771706.36.3
 
 
 
74cms ajax_street.php sql injection0.05CVE-2020-22211
1771696.36.3
 
 
 
74cms ajax_officebuilding.php sql injection0.21CVE-2020-22210
1771686.36.3
 
 
 
74cms ajax_common.php sql injection0.04CVE-2020-22209
1771676.36.3
 
 
 
74cms ajax_street.php sql injection0.05CVE-2020-22208
1771666.36.3
 
 
 
PHPCMS job.php sql injection0.08CVE-2020-22203
1771656.36.3
 
 
 
Shopex EcShop affiliate_ck.php sql injection0.10CVE-2020-22206
1771646.36.3
 
 
 
Shopex EcShop shophelp.php sql injection0.04CVE-2020-22205
1771636.36.3
 
 
 
Shopex EcShop flow.php sql injection0.11CVE-2020-22204
1771624.34.3
 
 
 
Cisco AnyConnect Secure Mobility Client VPN Agent Service memory allocation0.00CVE-2021-1568

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!