FlominatorWas searching for an explanation, why #NVD #CVE ratings are usually higher than others', landed on https://daniel.haxx.se/blog/2023/03/06/nvd-makes-up-vulnerability-severity-levels/ and saw a familiar face: Thanks for posting this, @bagder.
NVD makes up vulnerability severity levels
When a security vulnerability has been found and confirmed in curl, we request a CVE Id for the issue. This is a global unique identifier for this specific problem. We request the ID from our CVE Numbering Authority (CNA), Hackerone, which once we make the issue public will publish all details about it to MITRE, … Continue reading NVD makes up vulnerability severity levels →