Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
CVE.it appears, based on its page content, to be a web-based “CVSS calculator and vulnerability analysis” tool. It is used to simulate the Common Vulnerability Scoring System v3.1 and assess the theoretical severity of a vulnerability based on its base vector. It mainly calculates the BaseScore using factors such as Attack Vector, Attack Complexity, Privileges Required, User Interaction, and the impact on confidentiality, integrity, and availability, then outputs a severity indication such as low risk.
This tool is not a direct protection product such as a firewall, EDR, WAF, or vulnerability scanner. Instead, it is a rating aid within the vulnerability management process. Its value lies in helping security teams convert vulnerability conditions into standardized CVSS scores, making it easier to prioritize remediation, communicate risk, and prepare reports. The page shows support for CVSS v3.1 base metrics, including network, adjacent, local, and physical attack vectors, as well as privileges required, user interaction, and CIA impact assessment.
Based on the captured page text, CVE.it is a lightweight web tool. There is no visible evidence of local deployment, a SaaS account system, team workspaces, APIs, webhooks, SIEM/SOAR integrations, or alerting capabilities. In terms of management and alerting, there is also no indication that it supports asset inventories, vulnerability lifecycle management, notifications, or reporting. As such, it is better suited for one-off calculations rather than enterprise-grade continuous vulnerability management.
The page does not disclose any pricing, plans, payment methods, or commercial service information. It also does not show compliance certifications, data security statements, or privacy handling mechanisms. For enterprise use, it would still be necessary to confirm its access stability, whether data is uploaded, whether input content is retained, and whether it meets internal compliance requirements.
Its strengths are its clear purpose and intuitive parameters, making it suitable for security researchers, DevOps teams, and vulnerability management personnel who need to quickly understand CVSS base scoring. Its limitations are also obvious: only base vector calculation is visible, with no automatic scanning, CVE database linkage, asset context, batch processing, or remediation tracking. It is suitable for individuals or small teams performing temporary severity rating, but not as the core vulnerability management platform for a large organization.
Access from China cannot be determined from the page content and should be considered unknown; payment methods are also not disclosed. If access is unstable or a Chinese-language ecosystem is required, alternatives include the CVSS calculators from FIRST/NVD, or the CVSS scoring and vulnerability closed-loop modules built into domestic vulnerability management or security operations platforms.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on cve.it official site.
cve.it is an Italy Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach cve.it directly.