CVSSv3 11/02/2021

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1859074.83.56.1
 
 
 
ElkarBackup Add Client cross site scripting0.05CVE-2020-35249
1859064.43.55.4
 
 
 
DynPG cross site scripting0.05CVE-2020-27406
1859055.05.0
 
 
 
 
Siren Investigate Cluster certificate validation0.06CVE-2021-36794
1859043.53.5
 
 
 
 
Couchbase Server information disclosure0.00CVE-2021-42763
1859035.55.5
 
 
 
 
Sonatype Nexus Repository Manager SSL Certificate access control0.05CVE-2021-42568
1859025.35.3
 
 
 
 
Realtek RtsUpx USB Utility Driver RtsUpx.sys access control0.05CVE-2021-36924
1859014.34.3
 
 
 
 
Couchbase Server metakv debug log file0.00CVE-2021-37842
1859005.53.57.5
 
 
 
Nsasoft Product Key Explorer denial of service0.05CVE-2021-27723
1858995.53.57.5
 
 
 
Nsasoft SpotAuditor denial of service0.05CVE-2021-27722
1858985.35.3
 
 
 
 
Realtek RtsUpx USB Utility Driver USB Device RtsUpx.sys access control0.05CVE-2021-36923
1858975.35.3
 
 
 
 
Realtek RtsUpx USB Utility Driver USB Device RtsUpx.sys access control0.00CVE-2021-36922
1858965.35.3
 
 
 
 
Realtek RtsUpx USB Utility Driver RtsUpx.sys denial of service0.00CVE-2021-36925
1858955.24.3
 
6.1
 
 
vaadin-menu-bar cross site scripting0.05CVE-2021-33611
1858944.43.5
 
5.4
 
 
IBM InfoSphere Information Server Web UI cross site scripting0.00CVE-2021-29771
1858935.96.3
 
5.4
 
 
IBM InfoSphere Information Server Data Flow Designer server-side request forgery0.05CVE-2021-29738
1858924.83.7
 
5.9
 
 
IBM InfoSphere Information Server information disclosure0.00CVE-2021-29875
1858915.75.6
 
5.9
 
 
IBM InfoSphere Information Server Data Flow Designer Engine certificate validation0.10CVE-2021-29737
1858906.76.3
 
7.1
 
 
IBM InfoSphere Information Server XML Data xml external entity reference0.05CVE-2021-38948
1858895.44.3
 
6.5
 
 
IBM InfoSphere Information Server cross-site request forgery0.00CVE-2021-29888
1858888.57.39.8
 
 
 
SourceCodester Phone Shop Sales Managements System improper authentication0.10CVE-2021-36560
1858874.34.3
 
 
 
 
Whale Browser Address Bar clickjacking0.00CVE-2021-33593
1858865.35.3
 
5.3
 
 
validator.js Regular Expression denial of service0.10CVE-2021-3765
1858856.97.3
 
6.5
 
 
Publify Self-Registration improper authorization0.00CVE-2021-25973
1858846.26.36.1
 
 
 
Replicated Classic redirect0.05CVE-2021-43058
1858834.83.56.1
 
 
 
Atlassian JIRA Server/Data Center Associated Project AssociatedProjectsForCustomField.jspa cross site scripting0.34CVE-2021-41310
1858827.76.38.88.1
 
 
DHIS 2 API Endpoint trackedEntityInstances sql injection0.19CVE-2021-41187
1858815.42.4
 
8.4
 
 
McAfee Data Loss Prevention ePO Extension cross site scripting0.00CVE-2021-31848
1858804.53.55.5
 
 
 
Kodi istream buffer overflow0.05CVE-2021-42917
1858796.54.7
 
8.4
 
 
McAfee Data Loss Prevention ePO Extension sql injection0.00CVE-2021-31849
1858788.57.39.8
 
 
 
Zoho ManageEngine ManageEngine Log360 Database Configuration access control0.19CVE-2021-20136
1858777.26.3
 
8.1
 
 
Hashthemes Demo Importer Plugin uploads access control0.05CVE-2021-39333
1858767.65.59.8
 
 
 
Millken DOYOCMS sysupload.php unrestricted upload0.05CVE-2021-26740
1858758.06.39.8
 
 
 
Millken DOYOCMS Parameter pay.php sql injection0.00CVE-2021-26739
1858745.24.3
 
6.1
 
 
Social Networks Auto-Poster nxs_class_snap.php cross site scripting0.00CVE-2021-38356
1858733.62.4
 
4.8
 
 
Notification Plugin Settings.php cross site scripting0.05CVE-2021-39340
1858726.24.3
 
8.2
 
 
OptinMonster Plugin RestApi.php logged_in_or_has_api_key cross site scripting0.29CVE-2021-39341
1858713.62.4
 
4.8
 
 
Google Maps Easy Plugin mgrEditMarkerGroup.php cross site scripting0.14CVE-2021-39346

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!