CVSSv3 09/30/2021

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1836244.86.3
 
3.3
 
 
Adobe Acrobat Reader out-of-bounds read0.78CVE-2021-21089
1836235.55.5
 
 
 
 
lodash Parameter command injection1.39CVE-2021-41720
1836226.45.3
 
7.5
 
 
Parse Server Session Token Parse.User information disclosure0.44CVE-2021-41109
1836217.55.3
 
9.8
 
 
ECOA BAS Controller Special Page insufficiently protected credentials0.00CVE-2021-41300
1836206.35.3
 
7.3
 
 
ECOA BAS Controller Backup Export missing encryption0.00CVE-2021-41302
1836196.73.7
 
9.8
 
 
ECOA BAS Controller weak password0.26CVE-2021-41296
1836187.86.5
 
9.1
 
 
ECOA BAS Controller GET Parameter path traversal0.00CVE-2021-41294
1836178.57.3
 
9.8
 
 
ECOA BAS Controller POST Parameter unrestricted upload0.00CVE-2021-41290
1836169.89.8
 
9.8
 
 
ECOA BAS Controller authentication bypass0.09CVE-2021-41292
1836157.55.3
 
9.8
 
 
ECOA BAS Controller HTTP GET Request information disclosure0.00CVE-2021-41301
1836149.89.8
 
9.8
 
 
ECOA BAS Controller hard-coded credentials0.00CVE-2021-41299
1836137.56.3
 
8.8
 
 
ECOA BAS Controller access control0.00CVE-2021-41298
1836126.54.3
 
8.8
 
 
ECOA BAS Controller insufficiently protected credentials0.00CVE-2021-41297
1836116.45.3
 
7.5
 
 
ECOA BAS Controller POST Parameter path traversal0.17CVE-2021-41293
1836106.45.3
 
7.5
 
 
ECOA BAS Controller File Manager path traversal0.70CVE-2021-41291
1836094.64.6
 
 
 
 
BaiCloud-cms ppsave.php unknown vulnerability0.61CVE-2021-41729
1836086.54.3
 
8.8
 
 
ECOA BAS Controller cross-site request forgery0.61CVE-2021-41295
1836075.24.3
 
6.1
 
 
Shuup Error Page cross site scripting0.44CVE-2021-25963
1836065.55.5
 
 
 
 
Apache DB DdlUtils BinaryObjectsHelper.java BinaryObjectsHelper deserialization0.79CVE-2021-41616
1836055.55.5
 
 
 
 
Craft CMS csv injection0.70CVE-2021-41824
1836045.55.5
 
 
 
 
PlaceOS Authentication Service sessions_controller.rb redirect0.62CVE-2021-41826
1836034.64.6
 
 
 
 
Zoho ManageEngine Remote Access Plus random values0.44CVE-2021-41829
1836025.55.5
 
 
 
 
Zoho ManageEngine Remote Access Plus resetPWD.xml hard-coded credentials0.62CVE-2021-41828
1836017.65.59.8
 
 
 
Floodlight StaticFlowEntryPusherResource.java checkFlow input validation0.44CVE-2020-18685
1836005.55.5
 
 
 
 
Floodlight StaticFlowEntryPusherResource.java checkFlow integer overflow0.36CVE-2020-18684
1835997.65.59.8
 
 
 
Floodlight StaticFlowEntryPusherResource.java checkFlow input validation0.81CVE-2020-18683
1835983.53.5
 
 
 
 
Zoho ManageEngine Remote Access Plus DCBackupRestore JAR Archive hard-coded credentials1.14CVE-2021-41827
1835976.13.58.8
 
 
 
Streama cross-site request forgery0.54CVE-2021-41764
1835964.43.55.4
 
 
 
LaraCMS Management Module cross site scripting0.53CVE-2020-20131
1835954.43.55.4
 
 
 
LaraCMS Content Editor cross site scripting0.61CVE-2020-20129
1835945.24.3
 
6.1
 
 
OpenCRX Password Reset cross site scripting0.44CVE-2021-25959
1835934.34.3
 
 
 
 
1Password authorization0.81CVE-2021-41795
1835925.53.57.5
 
 
 
Couchbase Server memcached buffer overflow0.97CVE-2021-35945
1835915.53.57.5
 
 
 
Couchbase Server memcached buffer overflow0.81CVE-2021-35944
1835903.13.1
 
 
 
 
Couchbase Server credentials management0.71CVE-2021-35943
1835893.73.7
 
 
 
 
cURL TLS Policy cryptographic issues0.79CVE-2021-22947
1835888.67.3
 
10.0
 
 
Emerson WirelessHART Gateway 1410 VLAN access control0.98CVE-2020-12030
1835874.94.3
 
5.5
 
 
Adobe Acrobat Reader null pointer dereference1.25CVE-2021-39854
1835864.94.3
 
5.5
 
 
Adobe Acrobat Reader null pointer dereference1.31CVE-2021-39853
1835854.94.3
 
5.5
 
 
Adobe Acrobat Reader null pointer dereference0.75CVE-2021-39852
1835844.94.3
 
5.5
 
 
Adobe Acrobat Reader null pointer dereference0.48CVE-2021-39851
1835834.94.3
 
5.5
 
 
Adobe Acrobat Reader null pointer dereference0.56CVE-2021-39850
1835824.94.3
 
5.5
 
 
Adobe Acrobat Reader null pointer dereference0.58CVE-2021-39849
1835816.36.3
 
6.3
 
 
Adobe Acrobat Reader PDF File stack-based overflow0.47CVE-2021-39846
1835806.36.3
 
6.3
 
 
Adobe Acrobat Reader PDF File stack-based overflow0.36CVE-2021-39845
1835797.06.3
 
7.8
 
 
Adobe Acrobat Reader type confusion0.49CVE-2021-39841
1835786.34.6
 
8.0
 
 
Shuup csv injection0.28CVE-2021-25962
1835776.55.0
 
8.0
 
 
SuiteCRM Password Reset Link password recovery0.36CVE-2021-25961
1835767.16.3
 
8.0
 
 
SuiteCRM Accounts Module csv injection0.71CVE-2021-25960
1835756.45.3
 
7.5
 
 
handsontable Handsontable.helper.isNumeric incorrect regex0.54CVE-2021-23446

Might our Artificial Intelligence support you?

Check our Alexa App!