CVSSv3 09/16/2021info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1828206.36.3
 
 
 
 
Wuzhi CMS card.php sql injection0.09CVE-2021-40670
1828196.36.3
 
 
 
 
Wuzhi CMS index.php sql injection0.09CVE-2021-40669
1828185.55.5
 
 
 
 
Xiaomi Community App JS Interface access control0.05CVE-2020-14130
1828175.55.5
 
 
 
 
NetMotion Mobility Group Membership access control0.04CVE-2021-40067
1828165.55.5
 
 
 
 
NetMotion Mobility Group Membership access control0.04CVE-2021-40066
1828154.73.3
 
6.2
 
 
Enbra EWM Wireless M-Bus calculation0.07CVE-2021-34573
1828146.46.3
 
6.5
 
 
Enbra EWM Wireless M-Bus insufficient verification of data authenticity0.08CVE-2021-34572
1828135.44.3
 
6.5
 
 
Enbra ER-AM DN 15-SV/ER-AM DN 15-TV Wireless M-Bus hard-coded credentials0.09CVE-2021-34571
1828128.08.0
 
 
 
 
Xiaomi AX3600 xqnetwork.lua command injection0.05CVE-2020-14119
1828118.08.0
 
 
 
 
Xiaomi AX3600 meshd command injection0.09CVE-2020-14109
1828104.34.3
 
4.3
 
 
Kaden PICOFLUX Air information exposure0.05CVE-2021-34576
1828095.55.5
 
 
 
 
Xiaomi AX3600 Interface librsa.so getwifipwdurl buffer overflow0.05CVE-2020-14124
1828086.85.6
 
8.1
 
 
mitmproxy request smuggling0.05CVE-2021-39214
1828074.95.4
 
4.3
 
 
SharpCompress File Creation dir destinationDirectory path traversal0.00CVE-2021-39208
1828066.36.3
 
 
 
 
Apache Jena XML xml external entity reference0.06CVE-2021-39239
1828055.55.5
 
 
 
 
OpenSIS Community Edition DownloadWindow.php file inclusion0.06CVE-2021-27341
1828043.53.5
 
 
 
 
OpenSIS Community Edition Parameter EmailCheck.php cross site scripting0.00CVE-2021-27340
1828035.65.6
 
 
 
 
Apache HTTP Server ap_escape_quotes buffer overflow1.63CVE-2021-39275
1828025.35.3
 
 
 
 
Apache HTTP Server mod_proxy_uwsgi out-of-bounds read0.25CVE-2021-36160
1828015.35.3
 
 
 
 
Apache HTTP Server null pointer dereference1.27CVE-2021-34798
1828007.37.3
 
 
 
 
Apache HTTP Server mod_proxy server-side request forgery9.72CVE-2021-40438
1827993.82.5
 
5.1
 
 
IBM DB2 resource consumption0.05CVE-2021-29763
1827985.35.3
 
 
 
 
Apache Tomcat TLS Packet infinite loop0.05CVE-2021-41079
1827973.73.7
 
3.7
 
 
IBM WebSphere Application Server/Liberty information exposure0.05CVE-2021-29842
1827964.83.7
 
5.9
 
 
IBM DB2 information disclosure0.00CVE-2021-29825
1827952.22.2
 
2.2
 
 
IBM DB2 information disclosure0.00CVE-2021-29752
1827944.74.7
 
 
 
 
Atlassian JIRA Server/Data Center Service Management Addon injection0.36CVE-2021-39128
1827933.53.5
 
 
 
 
RGCMS Message Board cross site scripting0.05CVE-2020-21482
1827923.53.5
 
 
 
 
TinyFileManager cross-site request forgery0.10CVE-2021-40965
1827916.13.5
 
8.8
 
 
GLPI cross-site request forgery0.05CVE-2021-39209
1827903.53.5
 
 
 
 
TechRadar App cross site scripting0.05CVE-2021-37412
1827893.53.5
 
 
 
 
SITA Azur CMS Parameter aouCustomerAdresse cross site scripting0.00CVE-2021-28901
1827883.53.5
 
 
 
 
MetInfo cross-site request forgery0.05CVE-2020-21126
1827874.64.6
 
 
 
 
TinyFileManager Working Directory path traversal0.05CVE-2021-40964
1827865.55.5
 
 
 
 
PublicCMS BAT File Parameter Privilege Escalation0.04CVE-2021-40881
1827853.53.5
 
 
 
 
Jfinal CMS db.properties&config=filemanager.config.js access control0.10CVE-2021-40639
1827845.44.3
 
6.5
 
 
GLPI Autologin Cookie cookie without 'httponly' flag0.15CVE-2021-39210
1827833.53.5
 
 
 
 
Youseries UReport Designer Page server-side request forgery0.10CVE-2020-21122
1827822.42.4
 
 
 
 
Nagios XI Dashboard Page # cross site scripting0.05CVE-2021-38156
1827813.53.5
 
 
 
 
S-CMS cross site scripting0.00CVE-2020-19158
1827803.53.5
 
 
 
 
Jfinal CMS profile.html cross site scripting0.09CVE-2020-19148
1827795.95.0
 
6.8
 
 
GLPI API REST injection0.10CVE-2021-39213
1827786.45.3
 
7.5
 
 
semver-regex incorrect regex0.05CVE-2021-3795
1827776.36.3
 
 
 
 
MetInfo sql injection0.00CVE-2020-21127
1827765.55.5
 
 
 
 
Youseries UReport File Creation Privilege Escalation0.00CVE-2020-21125
1827755.55.5
 
 
 
 
Youseries UReport Designer Page access control0.04CVE-2020-21124
1827746.36.3
 
 
 
 
Autodesk Licensing Service FBX File null pointer dereference0.00CVE-2021-40157
1827733.53.5
 
 
 
 
ARI Adminer Add New Connections save cross site scripting0.04CVE-2020-19156
1827726.15.3
 
7.0
 
 
SAP Business One authentication bypass0.07CVE-2021-33700
1827714.43.5
 
5.4
 
 
SAP BusinessObjects Business Intelligence Platform cross site scripting0.05CVE-2021-33696

Want to stay up to date on a daily basis?

Enable the mail alert feature now!