What are CVE, CVSS, CWE scores?

CVE:

CVE stands for Common Vulnerabilities and Exposures. In simple words it is a database of all the publicly disclosed cybersecurity vulnerabilities in computer software. A unique identifier is assigned to every single vulnerability present in the CVE database. This identifier is in the format “CVE-YYYY-1234” Here the prefix is the word CVE followed by the year in which the vulnerability was disclosed and finally the number which is unique for every vulnerability. CVEs can help ethical hackers to check for a vulnerability in a website or app that they are testing. This is possible by identifying the software in use and checking if any CVE is associated with that version of the software.

CVSS:

CVSS stands for Common Vulnerability Scoring System. Basically it is a system which has been developed to assign a number(score) to a vulnerability based on its severity. The number(score) ranges from 0.0 to 10.0. Lower numbers denote a lower degree of severity while higher numbers denote a higher degree of severity. 

CWE:

CWE stands for Common Weakness Enumeration. It is a list of software and hardware weaknesses. These weaknesses can include Lack of input validation, Use of a vulnerable component in the application, Lack of file upload restrictions etc. The main objective of CWE is to understand common flaws in software and hardware and create automated tools which can easily detect these weaknesses and help in fixing them. Format for CWE is like “CWE-XXX” where XXX can be a number which denotes a specific weakness.