What is CVSS Score?

A standardized numerical score from 0 to 10 that rates the severity of a security vulnerability based on its exploitability and potential impact. CVSS considers factors including attack vector, complexity, required privileges, user interaction, and the degree of impact on confidentiality, integrity, and availability. Scores map to severity bands: None (0), Low (0.1–3.9), Medium (4.0–6.9), High (7.0–8.9), and Critical (9.0–10.0).

A public catalog of disclosed security vulnerabilities, each assigned a unique identifier in the format CVE-YEAR-NUMBER (e.g., CVE-2021-44228 for Log4Shell).

Vulnerability Assessment →

A systematic process of identifying, classifying, and prioritizing security weaknesses in a system without attempting to exploit them.

Penetration Testing →

A structured, authorized simulation of a real-world cyberattack against a system, network, or application with the goal of identifying exploitable vulnerabilities before malicious actors do.

Zero-Day Vulnerability →

A software vulnerability that has been discovered but not yet publicly disclosed or patched by the vendor, leaving affected systems with no available fix at the time it is known or exploited.

Put this into practice

Autonomous OWASP vulnerability scanning →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.

What is CVSS Score?

Related terms