CVSS (severity scoring)

A standard 0-to-10 scoring system that rates how severe a security vulnerability is so you can prioritize fixes.

CVSS (Common Vulnerability Scoring System) turns a vulnerability's traits, how easy it is to exploit, what access it needs, and what it impacts, into a single number from 0.0 to 10.0, grouped into Low, Medium, High, and Critical. It's the standard language for comparing one finding against another.

For a founder with a long list of issues and no security team, CVSS answers the only question that matters at first: what do I fix today versus next month. A Critical on a public endpoint outranks a Low in an admin-only corner. It keeps you from spending a weekend on a cosmetic warning while a real hole stays open.

It's a guide, not gospel: a Medium that exposes customer data in your specific app can deserve priority over its score. Kalit Pentest assigns a CVSS rating to each finding so you can triage in order.

Related terms

IDOR (Insecure Direct Object Reference)An access-control flaw where changing an ID in a request lets a user read or edit records that belong to someone else.SSRF (Server-Side Request Forgery)A flaw where an attacker tricks your server into making requests to internal systems or cloud metadata it should never reach.SQL injection (SQLi)A flaw where untrusted input is mixed into a database query, letting an attacker read, change, or destroy your data.XSS (Cross-Site Scripting)A flaw where attacker-controlled script runs in another user's browser, letting it steal sessions or act as that user.