diff --git a/docs/content/en/open_source/contributing/how-to-write-a-parser.md b/docs/content/en/open_source/contributing/how-to-write-a-parser.md
index 61dd7cdf179..6dee4602c29 100644
--- a/docs/content/en/open_source/contributing/how-to-write-a-parser.md
+++ b/docs/content/en/open_source/contributing/how-to-write-a-parser.md
@@ -166,43 +166,52 @@ Good example:
        finding.cwe = data["mykey"]
 ```
 
-### Do not parse CVSS by hand (vector, score or severity)
+### Parsing of CVSS vectors
 
-Data can have `CVSS` vectors or scores. Don't write your own CVSS score algorithm.
-For parser, we rely on module `cvss`. But we also have a helper method to validate the vector and extract the base score and severity from it.
+Data can have `CVSS` vectors or scores. Defect Dojo use the `cvss` module provided by RedHat Security.
+There's also a helper method to validate the vector and extract the base score and severity from it.
 
 ```python
-from dojo.utils import parse_cvss_data
-cvss_data = parse_cvss_data("CVSS:3.0/S:C/C:H/I:H/A:N/AV:P/AC:H/PR:H/UI:R/E:H/RL:O/RC:R/CR:H/IR:X/AR:X/MAC:H/MPR:X/MUI:X/MC:L/MA:X")
-if cvss_data:
-    finding.cvssv3 = cvss_data.get("vector")
-    finding.cvssv3_score = cvss_data.get("score")
-    finding.severity = cvss_data.get("severity")  # if your tool does generate severity
+    from dojo.utils import parse_cvss_data
+
+    cvss_vector = <get CVSS3 or CVSS4 vector from the report>
+    cvss_data = parse_cvss_data(cvss_vector)
+    if cvss_data:
+        finding.severity = cvss_data["severity"]
+        finding.cvssv3 = cvss_data["cvssv3"]
+        finding.cvssv4 = cvss_data["cvssv4"]
+        # we don't set any score fields as those will be overwritten by Defect Dojo
 ```
+Not all values have to be used as scan reports usually provide their own value for `severity`.
+And sometimes also for `cvss_score`. Defect Dojo will not overwrite any `cvss3_score` or `cvss4_score`.
+If no score is set, Defect Dojo will use the `cvss` library to calculate the score.
+The response also has the detected major version of the CVSS vector in `cvss_data["major_version"]`.
 
-If you need more manual processing, you can parse the `CVSS3` vector directly.
+
+If you need more manual processing, you can parse the `CVSS` vector directly.
 
 Example of use:
 
 ```python
-import cvss.parser
-from cvss import CVSS2, CVSS3
-
-vectors = cvss.parser.parse_cvss_from_text("CVSS:3.0/S:C/C:H/I:H/A:N/AV:P/AC:H/PR:H/UI:R/E:H/RL:O/RC:R/CR:H/IR:X/AR:X/MAC:H/MPR:X/MUI:X/MC:L/MA:X")
-if len(vectors) > 0 and type(vectors[0]) is CVSS3:
-    print(vectors[0].severities())  # this is the 3 severities
-
-    cvssv3 = vectors[0].clean_vector()
-    severity = vectors[0].severities()[0]
-    vectors[0].compute_base_score()
-    cvssv3_score = vectors[0].scores()[0]
-    finding.severity = severity
-    finding.cvssv3_score = cvssv3_score
+    import cvss.parser
+    from cvss import CVSS2, CVSS3, CVSS4
+
+    # TEMPORARY: Use Defect Dojo implementation of `parse_cvss_from_text` white waiting for https://github.com/RedHatProductSecurity/cvss/pull/75 to be released
+    vectors = dojo.utils.parse_cvss_from_text("CVSS:3.0/S:C/C:H/I:H/A:N/AV:P/AC:H/PR:H/UI:R/E:H/RL:O/RC:R/CR:H/IR:X/AR:X/MAC:H/MPR:X/MUI:X/MC:L/MA:X")
+        if len(vectors) > 0 and type(vectors[0]) is CVSS3:
+            print(vectors[0].severities())  # this is the 3 severities
+
+            cvssv3 = vectors[0].clean_vector()
+            severity = vectors[0].severities()[0]
+            vectors[0].compute_base_score()
+            cvssv3_score = vectors[0].scores()[0]
+            finding.severity = severity
+            finding.cvssv3_score = cvssv3_score
 ```
 
-Bad example (DIY):
+Do not do something like this:
 
-```python
+```
     def get_severity(self, cvss, cvss_version="2.0"):
         cvss = float(cvss)
         cvss_version = float(cvss_version[:1])
diff --git a/dojo/db_migrations/0234_finding_cvssv4_finding_cvssv4_score.py b/dojo/db_migrations/0234_finding_cvssv4_finding_cvssv4_score.py
new file mode 100644
index 00000000000..54285902cfb
--- /dev/null
+++ b/dojo/db_migrations/0234_finding_cvssv4_finding_cvssv4_score.py
@@ -0,0 +1,45 @@
+# Generated by Django 5.1.8 on 2025-07-08 17:21
+
+import django.core.validators
+import dojo.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0233_remove_test_actual_time_remove_test_estimated_time'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='finding',
+            name='cvssv3',
+            field=models.TextField(help_text='Common Vulnerability Scoring System version 3 (CVSS3) score associated with this finding.', max_length=117, null=True, validators=[dojo.validators.cvss3_validator], verbose_name='CVSS3 Vector'),
+        ),
+        migrations.AlterField(
+            model_name='finding',
+            name='cvssv3_score',
+            field=models.FloatField(blank=True, help_text='Numerical CVSSv3 score for the vulnerability. If the vector is given, the score is updated while saving the finding. The value must be between 0-10.', null=True, validators=[django.core.validators.MinValueValidator(0.0), django.core.validators.MaxValueValidator(10.0)], verbose_name='CVSS3 Score'),
+        ),
+        migrations.AddField(
+            model_name='finding',
+            name='cvssv4',
+            field=models.TextField(help_text='Common Vulnerability Scoring System version 4 (CVSS4) score associated with this finding.', max_length=255, null=True, validators=[dojo.validators.cvss4_validator], verbose_name='CVSS4 vector'),
+        ),
+        migrations.AddField(
+            model_name='finding',
+            name='cvssv4_score',
+            field=models.FloatField(blank=True, help_text='Numerical CVSSv4 score for the vulnerability. If the vector is given, the score is updated while saving the finding. The value must be between 0-10.', null=True, validators=[django.core.validators.MinValueValidator(0.0), django.core.validators.MaxValueValidator(10.0)], verbose_name='CVSSv4 Score'),
+        ),
+        migrations.AddField(
+            model_name='system_settings',
+            name='enable_cvss3_display',
+            field=models.BooleanField(blank=False, default=True, help_text='With this setting turned off, CVSS3 fields will be hidden in the user interface.', verbose_name='Enable CVSS3 Display'),
+        ),
+        migrations.AddField(
+            model_name='system_settings',
+            name='enable_cvss4_display',
+            field=models.BooleanField(blank=False, default=True, help_text='With this setting turned off, CVSS4 fields will be hidden in the user interface.', verbose_name='Enable CVSS4 Display'),
+        ),        
+    ]
diff --git a/dojo/forms.py b/dojo/forms.py
index 19f1fe6962d..59825989f0e 100644
--- a/dojo/forms.py
+++ b/dojo/forms.py
@@ -123,6 +123,13 @@
                   ("duplicate", "Duplicate"),
                   ("out_of_scope", "Out of Scope"))
 
+CVSS_CALCULATOR_URLS = {
+        "https://www.first.org/cvss/calculator/3-0": "CVSS3 Calculator by FIRST",
+        "https://www.first.org/cvss/calculator/4-0": "CVSS4 Calculator by FIRST",
+        "https://www.metaeffekt.com/security/cvss/calculator/": "CVSS2/3/4 Calculator by Metaeffekt",
+    }
+
+
 vulnerability_ids_field = forms.CharField(max_length=5000,
     required=False,
     label="Vulnerability Ids",
@@ -133,6 +140,22 @@
 EFFORT_FOR_FIXING_INVALID_CHOICE = _("Select valid choice: Low,Medium,High")
 
 
+class BulletListDisplayWidget(forms.Widget):
+    def __init__(self, urls_dict=None, *args, **kwargs):
+        self.urls_dict = urls_dict or {}
+        super().__init__(*args, **kwargs)
+
+    def render(self, name, value, attrs=None, renderer=None):
+        if not self.urls_dict:
+            return ""
+
+        html = '<ul style="margin: 0; padding-left: 20px;">'
+        for url, text in self.urls_dict.items():
+            html += f'<li style="list-style-type: disc;"><a href="{url}" target="_blank"><i class="fa fa-arrow-up-right-from-square" style="margin-right: 5px;"></i>{text}</a></li>'
+        html += "</ul>"
+        return mark_safe(html)
+
+
 class MultipleSelectWithPop(forms.SelectMultiple):
     def render(self, name, *args, **kwargs):
         html = super().render(name, *args, **kwargs)
@@ -1125,7 +1148,10 @@ class AddFindingForm(forms.ModelForm):
                            widget=forms.TextInput(attrs={"class": "datepicker", "autocomplete": "off"}))
     cwe = forms.IntegerField(required=False)
     vulnerability_ids = vulnerability_ids_field
-    cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={"class": "cvsscalculator", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
+    cvssv3 = forms.CharField(label="CVSS3 Vector", max_length=117, required=False, widget=forms.TextInput(attrs={"class": "cvsscalculator", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
+    cvssv3_score = forms.FloatField(label="CVSS3 Score", required=False, max_value=10.0, min_value=0.0)
+    cvssv4 = forms.CharField(label="CVSS4 Vector", max_length=255, required=False)
+    cvssv4_score = forms.FloatField(label="CVSS4 Score", required=False, max_value=10.0, min_value=0.0)
     description = forms.CharField(widget=forms.Textarea)
     severity = forms.ChoiceField(
         choices=SEVERITY_CHOICES,
@@ -1152,7 +1178,7 @@ class AddFindingForm(forms.ModelForm):
             "invalid_choice": EFFORT_FOR_FIXING_INVALID_CHOICE})
 
     # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit
-    field_order = ("title", "date", "cwe", "vulnerability_ids", "severity", "cvssv3", "description", "mitigation", "impact", "request", "response", "steps_to_reproduce",
+    field_order = ("title", "date", "cwe", "vulnerability_ids", "severity", "cvssv3", "cvssv3_Score", "cvssv4", "cvssv4_score", "description", "mitigation", "impact", "request", "response", "steps_to_reproduce",
                    "severity_justification", "endpoints", "endpoints_to_add", "references", "active", "verified", "false_p", "duplicate", "out_of_scope",
                    "risk_accepted", "under_defect_review")
 
@@ -1174,6 +1200,9 @@ def __init__(self, *args, **kwargs):
 
         self.endpoints_to_add_list = []
 
+        # Hide CVSS fields based on system settings
+        hide_cvss_fields_if_disabled(self)
+
     def clean(self):
         cleaned_data = super().clean()
         if ((cleaned_data["active"] or cleaned_data["verified"]) and cleaned_data["duplicate"]):
@@ -1209,7 +1238,17 @@ class AdHocFindingForm(forms.ModelForm):
                            widget=forms.TextInput(attrs={"class": "datepicker", "autocomplete": "off"}))
     cwe = forms.IntegerField(required=False)
     vulnerability_ids = vulnerability_ids_field
-    cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={"class": "cvsscalculator", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
+
+    cvss_info = forms.CharField(
+        label="CVSS",
+        widget=BulletListDisplayWidget(CVSS_CALCULATOR_URLS),
+        required=False,
+        disabled=True)
+
+    cvssv3 = forms.CharField(label="CVSS3 Vector", max_length=117, required=False, widget=forms.TextInput(attrs={"class": "cvsscalculator", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
+    cvssv3_score = forms.FloatField(label="CVSS3 Score", required=False, max_value=10.0, min_value=0.0)
+    cvssv4 = forms.CharField(label="CVSS4 Vector", max_length=255, required=False)
+    cvssv4_score = forms.FloatField(label="CVSS4 Score", required=False, max_value=10.0, min_value=0.0)
     description = forms.CharField(widget=forms.Textarea)
     severity = forms.ChoiceField(
         choices=SEVERITY_CHOICES,
@@ -1236,9 +1275,9 @@ class AdHocFindingForm(forms.ModelForm):
             "invalid_choice": EFFORT_FOR_FIXING_INVALID_CHOICE})
 
     # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit
-    field_order = ("title", "date", "cwe", "vulnerability_ids", "severity", "cvssv3", "description", "mitigation", "impact", "request", "response", "steps_to_reproduce",
-                   "severity_justification", "endpoints", "endpoints_to_add", "references", "active", "verified", "false_p", "duplicate", "out_of_scope",
-                   "risk_accepted", "under_defect_review", "sla_start_date", "sla_expiration_date")
+    field_order = ("title", "date", "cwe", "vulnerability_ids", "severity", "cvss_info", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "description", "mitigation",
+                   "impact", "request", "response", "steps_to_reproduce", "severity_justification", "endpoints", "endpoints_to_add", "references",
+                   "active", "verified", "false_p", "duplicate", "out_of_scope", "risk_accepted", "under_defect_review", "sla_start_date", "sla_expiration_date")
 
     def __init__(self, *args, **kwargs):
         req_resp = kwargs.pop("req_resp")
@@ -1258,6 +1297,9 @@ def __init__(self, *args, **kwargs):
 
         self.endpoints_to_add_list = []
 
+        # Hide CVSS fields based on system settings
+        hide_cvss_fields_if_disabled(self)
+
     def clean(self):
         cleaned_data = super().clean()
         if ((cleaned_data["active"] or cleaned_data["verified"]) and cleaned_data["duplicate"]):
@@ -1291,7 +1333,17 @@ class PromoteFindingForm(forms.ModelForm):
                            widget=forms.TextInput(attrs={"class": "datepicker", "autocomplete": "off"}))
     cwe = forms.IntegerField(required=False)
     vulnerability_ids = vulnerability_ids_field
-    cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={"class": "cvsscalculator", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
+
+    cvss_info = forms.CharField(
+        label="CVSS",
+        widget=BulletListDisplayWidget(CVSS_CALCULATOR_URLS),
+        required=False,
+        disabled=True)
+
+    cvssv3 = forms.CharField(label="CVSS3 Vector", max_length=117, required=False, widget=forms.TextInput(attrs={"class": "cvsscalculator", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
+    cvssv3_score = forms.FloatField(label="CVSS3 Score", required=False, max_value=10.0, min_value=0.0)
+    cvssv4 = forms.CharField(label="CVSS4 Vector", max_length=255, required=False)
+    cvssv4_score = forms.FloatField(label="CVSS4 Score", required=False, max_value=10.0, min_value=0.0)
     description = forms.CharField(widget=forms.Textarea)
     severity = forms.ChoiceField(
         choices=SEVERITY_CHOICES,
@@ -1308,10 +1360,10 @@ class PromoteFindingForm(forms.ModelForm):
     references = forms.CharField(widget=forms.Textarea, required=False)
 
     # the onyl reliable way without hacking internal fields to get predicatble ordering is to make it explicit
-    field_order = ("title", "group", "date", "sla_start_date", "sla_expiration_date", "cwe", "vulnerability_ids", "severity", "cvssv3",
-                   "cvssv3_score", "description", "mitigation", "impact", "request", "response", "steps_to_reproduce", "severity_justification",
-                   "endpoints", "endpoints_to_add", "references", "active", "mitigated", "mitigated_by", "verified", "false_p", "duplicate",
-                   "out_of_scope", "risk_accept", "under_defect_review")
+    field_order = ("title", "group", "date", "sla_start_date", "sla_expiration_date", "cwe", "vulnerability_ids", "severity", "cvss_info", "cvssv3",
+                   "cvssv3_score", "cvssv4", "cvssv4_score", "description", "mitigation", "impact", "request", "response", "steps_to_reproduce",
+                    "severity_justification", "endpoints", "endpoints_to_add", "references", "active", "mitigated", "mitigated_by", "verified",
+                    "false_p", "duplicate", "out_of_scope", "risk_accept", "under_defect_review")
 
     def __init__(self, *args, **kwargs):
         product = None
@@ -1325,6 +1377,9 @@ def __init__(self, *args, **kwargs):
 
         self.endpoints_to_add_list = []
 
+        # Hide CVSS fields based on system settings
+        hide_cvss_fields_if_disabled(self)
+
     def clean(self):
         cleaned_data = super().clean()
 
@@ -1352,8 +1407,18 @@ class FindingForm(forms.ModelForm):
                            widget=forms.TextInput(attrs={"class": "datepicker", "autocomplete": "off"}))
     cwe = forms.IntegerField(required=False)
     vulnerability_ids = vulnerability_ids_field
-    cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={"class": "cvsscalculator", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
-    cvssv3_score = forms.FloatField(required=False, max_value=10.0, min_value=0.0)
+
+    cvss_info = forms.CharField(
+        label="CVSS",
+        widget=BulletListDisplayWidget(CVSS_CALCULATOR_URLS),
+        required=False,
+        disabled=True)
+
+    cvssv3 = forms.CharField(label="CVSS3 Vector", max_length=117, required=False, widget=forms.TextInput(attrs={"class": "cvsscalculator", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
+    cvssv3_score = forms.FloatField(label="CVSS3 Score", required=False, max_value=10.0, min_value=0.0)
+    cvssv4 = forms.CharField(label="CVSS4 Vector", max_length=255, required=False)
+    cvssv4_score = forms.FloatField(label="CVSS4 Score", required=False, max_value=10.0, min_value=0.0)
+
     description = forms.CharField(widget=forms.Textarea)
     severity = forms.ChoiceField(
         choices=SEVERITY_CHOICES,
@@ -1384,8 +1449,8 @@ class FindingForm(forms.ModelForm):
             "invalid_choice": EFFORT_FOR_FIXING_INVALID_CHOICE})
 
     # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit
-    field_order = ("title", "group", "date", "sla_start_date", "sla_expiration_date", "cwe", "vulnerability_ids", "severity", "cvssv3",
-                   "cvssv3_score", "description", "mitigation", "impact", "request", "response", "steps_to_reproduce", "severity_justification",
+    field_order = ("title", "group", "date", "sla_start_date", "sla_expiration_date", "cwe", "vulnerability_ids", "severity", "cvss_info", "cvssv3",
+                   "cvssv3_score", "cvssv4", "cvssv4_score", "description", "mitigation", "impact", "request", "response", "steps_to_reproduce", "severity_justification",
                    "endpoints", "endpoints_to_add", "references", "active", "mitigated", "mitigated_by", "verified", "false_p", "duplicate",
                    "out_of_scope", "risk_accept", "under_defect_review")
 
@@ -1441,6 +1506,9 @@ def __init__(self, *args, **kwargs):
 
         self.endpoints_to_add_list = []
 
+        # Hide CVSS fields based on system settings
+        hide_cvss_fields_if_disabled(self)
+
     def clean(self):
         cleaned_data = super().clean()
 
@@ -1511,6 +1579,7 @@ class ApplyFindingTemplateForm(forms.Form):
     cwe = forms.IntegerField(label="CWE", required=False)
     vulnerability_ids = vulnerability_ids_field
     cvssv3 = forms.CharField(label="CVSSv3", max_length=117, required=False, widget=forms.TextInput(attrs={"class": "btn btn-secondary dropdown-toggle", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
+    cvssv4 = forms.CharField(label="CVSSv3", max_length=117, required=False)
 
     severity = forms.ChoiceField(required=False, choices=SEVERITY_CHOICES, error_messages={"required": "Select valid choice: In Progress, On Hold, Completed", "invalid_choice": "Select valid choice: Critical,High,Medium,Low"})
 
@@ -1528,6 +1597,9 @@ def __init__(self, template=None, *args, **kwargs):
         if template:
             self.template.vulnerability_ids = "\n".join(template.vulnerability_ids)
 
+        # Hide CVSS fields based on system settings
+        hide_cvss_fields_if_disabled(self)
+
     def clean(self):
         cleaned_data = super().clean()
 
@@ -1546,8 +1618,8 @@ def clean_tags(self):
         return self.cleaned_data.get("tags")
 
     class Meta:
-        fields = ["title", "cwe", "vulnerability_ids", "cvssv3", "severity", "description", "mitigation", "impact", "references", "tags"]
-        order = ("title", "cwe", "vulnerability_ids", "cvssv3", "severity", "description", "impact", "is_mitigated")
+        fields = ["title", "cwe", "vulnerability_ids", "cvssv3", "cvssv4", "severity", "description", "mitigation", "impact", "references", "tags"]
+        order = ("title", "cwe", "vulnerability_ids", "cvssv3", "cvssv4", "severity", "description", "impact", "is_mitigated")
 
 
 class FindingTemplateForm(forms.ModelForm):
@@ -1556,7 +1628,7 @@ class FindingTemplateForm(forms.ModelForm):
 
     cwe = forms.IntegerField(label="CWE", required=False)
     vulnerability_ids = vulnerability_ids_field
-    cvssv3 = forms.CharField(max_length=117, required=False, widget=forms.TextInput(attrs={"class": "btn btn-secondary dropdown-toggle", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
+    cvssv3 = forms.CharField(label="CVSS3 Vector", max_length=117, required=False, widget=forms.TextInput(attrs={"class": "btn btn-secondary dropdown-toggle", "data-toggle": "dropdown", "aria-haspopup": "true", "aria-expanded": "false"}))
     severity = forms.ChoiceField(
         required=False,
         choices=SEVERITY_CHOICES,
@@ -1570,6 +1642,9 @@ def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.fields["tags"].autocomplete_tags = Finding.tags.tag_model.objects.all().order_by("name")
 
+        # Hide CVSS fields based on system settings
+        hide_cvss_fields_if_disabled(self)
+
     class Meta:
         model = Finding_Template
         order = ("title", "cwe", "vulnerability_ids", "cvssv3", "severity", "description", "impact")
@@ -3740,3 +3815,30 @@ def set_permission(self, codename):
         else:
             msg = "Neither user or group are set"
             raise Exception(msg)
+
+
+def hide_cvss_fields_if_disabled(form_instance):
+    """Hide CVSS fields based on system settings."""
+    enable_cvss3 = get_system_setting("enable_cvss3_display", True)
+    enable_cvss4 = get_system_setting("enable_cvss4_display", True)
+
+    # Hide CVSS3 fields if disabled
+    if not enable_cvss3:
+        if "cvssv3" in form_instance.fields:
+            del form_instance.fields["cvssv3"]
+        if "cvssv3_score" in form_instance.fields:
+            del form_instance.fields["cvssv3_score"]
+        if "cvss_info" in form_instance.fields:
+            del form_instance.fields["cvss_info"]
+
+    # Hide CVSS4 fields if disabled
+    if not enable_cvss4:
+        if "cvssv4" in form_instance.fields:
+            del form_instance.fields["cvssv4"]
+        if "cvssv4_score" in form_instance.fields:
+            del form_instance.fields["cvssv4_score"]
+
+    # If both are disabled, hide all CVSS related fields
+    if not enable_cvss3 and not enable_cvss4:
+        if "cvss_info" in form_instance.fields:
+            del form_instance.fields["cvss_info"]
diff --git a/dojo/models.py b/dojo/models.py
index 68ab2092c3d..ae8dc38a5e4 100644
--- a/dojo/models.py
+++ b/dojo/models.py
@@ -43,7 +43,7 @@
 from tagulous.models import TagField
 from tagulous.models.managers import FakeTagRelatedManager
 
-from dojo.validators import cvss3_validator
+from dojo.validators import cvss3_validator, cvss4_validator
 
 logger = logging.getLogger(__name__)
 deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication")
@@ -598,6 +598,16 @@ class System_Settings(models.Model):
         blank=False,
         verbose_name=_("Enable Calendar"),
         help_text=_("With this setting turned off, the Calendar will be disabled in the user interface."))
+    enable_cvss3_display = models.BooleanField(
+        default=True,
+        blank=False,
+        verbose_name=_("Enable CVSS3 Display"),
+        help_text=_("With this setting turned off, CVSS3 fields will be hidden in the user interface."))
+    enable_cvss4_display = models.BooleanField(
+        default=True,
+        blank=False,
+        verbose_name=_("Enable CVSS4 Display"),
+        help_text=_("With this setting turned off, CVSS4 fields will be hidden in the user interface."))
     default_group = models.ForeignKey(
         Dojo_Group,
         null=True,
@@ -816,7 +826,7 @@ def clean(self):
 class Product_Type(models.Model):
 
     """
-    Product types represent the top level model, these can be business unit divisions, different offices or locations, development teams, or any other logical way of distinguishing “types” of products.
+    Product types represent the top level model, these can be business unit divisions, different offices or locations, development teams, or any other logical way of distinguishing "types" of products.
     `
        Examples:
          * IAM Team
@@ -2348,14 +2358,25 @@ class Finding(models.Model):
     cvssv3 = models.TextField(validators=[cvss3_validator],
                               max_length=117,
                               null=True,
-                              verbose_name=_("CVSS v3 vector"),
-                              help_text=_("Common Vulnerability Scoring System version 3 (CVSSv3) score associated with this finding."))
+                              verbose_name=_("CVSS3 Vector"),
+                              help_text=_("Common Vulnerability Scoring System version 3 (CVSS3) score associated with this finding."))
     cvssv3_score = models.FloatField(null=True,
                                         blank=True,
-                                        verbose_name=_("CVSSv3 score"),
+                                        verbose_name=_("CVSS3 Score"),
                                         help_text=_("Numerical CVSSv3 score for the vulnerability. If the vector is given, the score is updated while saving the finding. The value must be between 0-10."),
                                         validators=[MinValueValidator(0.0), MaxValueValidator(10.0)])
 
+    cvssv4 = models.TextField(validators=[cvss4_validator],
+                              max_length=255,
+                              null=True,
+                              verbose_name=_("CVSS4 vector"),
+                              help_text=_("Common Vulnerability Scoring System version 4 (CVSS4) score associated with this finding."))
+    cvssv4_score = models.FloatField(null=True,
+                                        blank=True,
+                                        verbose_name=_("CVSSv4 Score"),
+                                        help_text=_("Numerical CVSSv4 score for the vulnerability. If the vector is given, the score is updated while saving the finding. The value must be between 0-10."),
+                                        validators=[MinValueValidator(0.0), MaxValueValidator(10.0)])
+
     url = models.TextField(null=True,
                            blank=True,
                            editable=False,
@@ -2712,13 +2733,13 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru
         self.numerical_severity = Finding.get_numerical_severity(self.severity)
 
         # Synchronize cvssv3 score using cvssv3 vector
+
         if self.cvssv3:
             try:
-
                 cvss_data = parse_cvss_data(self.cvssv3)
                 if cvss_data:
-                    self.cvssv3 = cvss_data.get("vector")
-                    self.cvssv3_score = cvss_data.get("score")
+                    self.cvssv3 = cvss_data.get("cvssv3")
+                    self.cvssv3_score = cvss_data.get("cvssv3_score")
 
             except Exception as ex:
                 logger.warning("Can't compute cvssv3 score for finding id %i. Invalid cvssv3 vector found: '%s'. Exception: %s.", self.id, self.cvssv3, ex)
@@ -2726,6 +2747,18 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru
                 if self.pk is None:
                     self.cvssv3 = None
 
+        # behaviour for CVVS4 is slightly different. Extracting thsi into a method would lead to probabl hard to read code
+        if self.cvssv4:
+            try:
+                cvss_data = parse_cvss_data(self.cvssv4)
+                if cvss_data:
+                    self.cvssv4 = cvss_data.get("cvssv4")
+                    self.cvssv4_score = cvss_data.get("cvssv4_score")
+
+            except Exception as ex:
+                logger.warning("Can't compute cvssv4 score for finding id %i. Invalid cvssv4 vector found: '%s'. Exception: %s.", self.id, self.cvssv4, ex)
+                self.cvssv4 = None
+
         self.set_hash_code(dedupe_option)
 
         if self.pk is None:
diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html
index ba973b1ba34..fd4ffe9c8e1 100755
--- a/dojo/templates/dojo/view_finding.html
+++ b/dojo/templates/dojo/view_finding.html
@@ -8,9 +8,6 @@
 {% load get_endpoint_status %}
 {% block add_styles %}
     {{ block.super }}
-  .tooltip-inner {
-    max-width: 650px;
-  }
 {% endblock %}
 {% block add_css_before %}
     {{ block.super }}
@@ -292,16 +289,11 @@ <h3 class="pull-left finding-title">
                         <td>
                             <span class="label severity severity-{{ finding.severity }}">
                                 {% if finding.severity %}
-                                    {% if finding.cvssv3 %}
-                                        <i class="no-italics has-popover" font-style="normal" data-toggle="tooltip" data-placement="bottom" data-container="body" title="" href="#"
-                                            data-content="{{ finding.cvssv3 }}">
-                                    {% endif %}
                                     {{ finding.severity_display }}
-                                    {% if finding.cvssv3_score %}
-                                        ({{ finding.cvssv3_score }})
-                                    {% endif %}
-                                    {% if finding.cvssv3 %}
-                                        </i>
+                                    {% if system_settings.enable_cvss4_display and finding.cvssv4_score or system_settings.enable_cvss3_display and finding.cvssv3_score %}
+                                        <i class="no-italics has-popover" font-style="normal" data-toggle="tooltip" data-placement="bottom" data-container="body" data-html="true" title="" href="#"
+                                            data-content="{% if system_settings.enable_cvss4_display and finding.cvssv4 %}{{ finding.cvssv4 }} ({{ finding.cvssv4_score }}){% endif %}{% if system_settings.enable_cvss4_display and finding.cvssv4 and system_settings.enable_cvss3_display and finding.cvssv3 %}<br/>{% endif %}{% if system_settings.enable_cvss3_display and finding.cvssv3 %}{{ finding.cvssv3 }} ({{ finding.cvssv3_score }}){% endif %}">
+                                        ({% if system_settings.enable_cvss4_display and finding.cvssv4_score %}{{ finding.cvssv4_score }}{% if system_settings.enable_cvss3_display and finding.cvssv3_score %}, {% endif %}{% endif %}{% if system_settings.enable_cvss3_display and finding.cvssv3_score %}{{ finding.cvssv3_score }}{% endif %})</i>
                                     {% endif %}
                                 {% else %}
                                     Unknown
@@ -760,7 +752,7 @@ <h4 class="has-filters">Similar Findings ({{ similar_findings.paginator.count }}
                     </div>
                 {% endif %}
             </span>
-        </div>  
+        </div>
     {% endif %}
     {% comment %} Add a form to (ab)use to submit any actions related to similar/duplicates as POST requests {% endcomment %}
     <form method="post" style="display: none" id="related_action">
@@ -1177,9 +1169,9 @@ <h4>Credential
     <script type="application/javascript" src="{% static "jquery.hotkeys/jquery.hotkeys.js" %}"></script>
     <script type="text/javascript" src="{% static "jquery-highlight/jquery.highlight.js" %}"></script>
     <script type="text/javascript">
-        var firstID = {{findings_list.0}};
-        var currentID = {{finding.id}};
-        var lastID = {{findings_list_lastElement}};
+        var firstID = {% if findings_list.0 %}{{findings_list.0}}{% else %}null{% endif %};
+        var currentID = {% if finding.id %}{{finding.id}}{% else %}null{% endif %};
+        var lastID = {% if findings_list_lastElement %}{{findings_list_lastElement}}{% else %}null{% endif %};
         if(currentID != firstID)
         {
             $('.PrevAndNext_Buttons').append('<a href="{% url 'view_finding' prev_finding_id %}" class="btn btn-primary">Previous Finding</a> ');
@@ -1218,6 +1210,32 @@ <h4>Credential
                 var i = $($(this).find('i').get(0));
                 i.toggleClass('glyphicon-chevron-up').toggleClass('glyphicon-chevron-down');
             })
+            
+            // Configure tooltips for CVSS vectors - try multiple approaches
+            $(document).on('shown.bs.tooltip shown.bs.popover', function() {
+                $('.tooltip-inner, .popover-content').css({
+                    'max-width': '1200px !important',
+                    'white-space': 'nowrap !important',
+                    'word-wrap': 'normal !important'
+                });
+                $('.tooltip, .popover').css({
+                    'max-width': '1200px !important'
+                });
+            });
+            
+            // Force tooltip configuration
+            $('.has-popover').each(function() {
+                $(this).on('mouseenter', function() {
+                    setTimeout(function() {
+                        $('.tooltip-inner, .popover-content').css({
+                            'max-width': '1200px',
+                            'white-space': 'nowrap',
+                            'word-wrap': 'normal',
+                            'overflow': 'visible'
+                        });
+                    }, 10);
+                });
+            });
         });
 
         // keyboard shortcuts
diff --git a/dojo/tools/appcheck_web_application_scanner/engines/base.py b/dojo/tools/appcheck_web_application_scanner/engines/base.py
index 1efefeb9c17..9700af69bf4 100644
--- a/dojo/tools/appcheck_web_application_scanner/engines/base.py
+++ b/dojo/tools/appcheck_web_application_scanner/engines/base.py
@@ -307,6 +307,7 @@ def set_endpoints(self, finding: Finding, item: Any) -> None:
     #####
     def parse_cvss_vector(self, value: str) -> str | None:
         # CVSS4 vectors don't parse with the handy-danty parse method :(
+        # TODO: This needs a rewrite to use dojo.utils.parse_cvss_data
         try:
             if (severity := cvss.CVSS4(value).severity) in Finding.SEVERITIES:
                 return severity
diff --git a/dojo/tools/aqua/parser.py b/dojo/tools/aqua/parser.py
index bf6b104ab68..01e697f9224 100644
--- a/dojo/tools/aqua/parser.py
+++ b/dojo/tools/aqua/parser.py
@@ -226,8 +226,8 @@ def get_item(self, resource, vuln, test):
 
         cvss_data = parse_cvss_data(cvssv3)
         if cvss_data:
-            finding.cvssv3 = cvss_data.get("vector")
-            finding.cvssv3_score = cvss_data.get("score")
+            finding.cvssv3 = cvss_data.get("cvssv3")
+            finding.cvssv3_score = cvss_data.get("cvssv3_score")
 
         if vulnerability_id != "No CVE":
             finding.unsaved_vulnerability_ids = [vulnerability_id]
diff --git a/dojo/tools/auditjs/parser.py b/dojo/tools/auditjs/parser.py
index f9aec0c9a26..cf285613ceb 100644
--- a/dojo/tools/auditjs/parser.py
+++ b/dojo/tools/auditjs/parser.py
@@ -1,49 +1,13 @@
 import json
+import logging
 import re
 from json.decoder import JSONDecodeError
 
 # import cvss.parser
-from cvss import CVSS2, CVSS3, CVSS4, CVSSError
-
 from dojo.models import Finding
+from dojo.utils import parse_cvss_data
 
-
-# TEMPORARY: Local implementation until the upstream PR is merged & released: https://github.com/RedHatProductSecurity/cvss/pull/75
-def parse_cvss_from_text(text):
-    """
-    Parses CVSS2, CVSS3, and CVSS4 vectors from arbitrary text and returns a list of CVSS objects.
-
-    Parses text for substrings that look similar to CVSS vector
-    and feeds these matches to CVSS constructor.
-
-    Args:
-        text (str): arbitrary text
-
-    Returns:
-        A list of CVSS objects.
-
-    """
-    # Looks for substrings that resemble CVSS2, CVSS3, or CVSS4 vectors.
-    # CVSS3 and CVSS4 vectors start with a 'CVSS:x.x/' prefix and are matched by the optional non-capturing group.
-    # CVSS2 vectors do not include a prefix and are matched by raw vector pattern only.
-    # Minimum total match length is 26 characters to reduce false positives.
-    matches = re.compile(r"(?:CVSS:[3-4]\.\d/)?[A-Za-z:/]{26,}").findall(text)
-
-    cvsss = set()
-    for match in matches:
-        try:
-            if match.startswith("CVSS:4."):
-                cvss = CVSS4(match)
-            elif match.startswith("CVSS:3."):
-                cvss = CVSS3(match)
-            else:
-                cvss = CVSS2(match)
-
-            cvsss.add(cvss)
-        except (CVSSError, KeyError):
-            pass
-
-    return list(cvsss)
+logger = logging.getLogger(__name__)
 
 
 class AuditJSParser:
@@ -107,7 +71,13 @@ def get_findings(self, filename, test):
                     ) = (
                         cvss_score
                     ) = (
-                        cvss_vector
+                        cvssv3
+                    ) = (
+                        cvssv4
+                    ) = (
+                        cvssv3_score
+                    ) = (
+                        cvssv4_score
                     ) = vulnerability_id = cwe = references = severity = None
                     # Check mandatory
                     if (
@@ -127,38 +97,16 @@ def get_findings(self, filename, test):
                         raise ValueError(msg)
                     if "cvssScore" in vulnerability:
                         cvss_score = vulnerability["cvssScore"]
-                    if "cvssVector" in vulnerability:
-                        cvss_vectors = parse_cvss_from_text(
-                            vulnerability["cvssVector"],
-                        )
-
-                        if len(cvss_vectors) > 0:
-                            vector_obj = cvss_vectors[0]
-
-                            if isinstance(vector_obj, CVSS4):
-                                description += "\nCVSS V4 Vector:" + vector_obj.clean_vector()
-                                severity = vector_obj.severities()[0]
-
-                            elif isinstance(vector_obj, CVSS3):
-                                cvss_vector = vector_obj.clean_vector()
-                                severity = vector_obj.severities()[0]
-
-                            elif isinstance(vector_obj, CVSS2):
-                                description += "\nCVSS V2 Vector:" + vector_obj.clean_vector()
-                                severity = vector_obj.severities()[0]
-
-                            else:
-                                msg = "Unsupported CVSS version detected in parser."
-                                raise ValueError(msg)
-                        else:
-                            # Explicitly raise an error if no CVSS vectors are found,
-                            # to avoid 'NoneType' errors during severity processing later.
-                            msg = "No CVSS vectors found. Please check that parse_cvss_from_text() correctly parses the provided cvssVector."
-                            raise ValueError(msg)
+                    cvss_data = parse_cvss_data(vulnerability.get("cvssVector"))
+                    if cvss_data:
+                        severity = cvss_data["severity"]
+                        cvssv3 = cvss_data["cvssv3"]
+                        cvssv4 = cvss_data["cvssv4"]
+                        # The score in the report can be different from what the cvss library calulates
+                        if cvss_data["major_version"] == 2:
+                            description += "\nCVSS V2 Vector:" + cvss_data["cvssv2"] + " (Score: " + str(cvss_score) + ")"
                     else:
-                        # If there is no vector, calculate severity based on
-                        # score and CVSS V3 (AuditJS does not always include
-                        # it)
+                        # If there is no vector, calculate severity based on CVSS score
                         severity = self.get_severity(cvss_score)
                     if "cve" in vulnerability:
                         vulnerability_id = vulnerability["cve"]
@@ -169,10 +117,12 @@ def get_findings(self, filename, test):
                         title=title,
                         test=test,
                         cwe=cwe,
-                        cvssv3=cvss_vector,
-                        cvssv3_score=cvss_score,
                         description=description,
                         severity=severity,
+                        cvssv3=cvssv3,
+                        cvssv3_score=cvssv3_score,
+                        cvssv4=cvssv4,
+                        cvssv4_score=cvssv4_score,
                         references=references,
                         file_path=file_path,
                         component_name=component_name,
@@ -181,6 +131,9 @@ def get_findings(self, filename, test):
                         dynamic_finding=False,
                         unique_id_from_tool=unique_id_from_tool,
                     )
+                    logger.debug("Finding fields:")
+                    for field, value in finding.__dict__.items():
+                        logger.debug("  %s: %r", field, value)
                     if vulnerability_id:
                         finding.unsaved_vulnerability_ids = [vulnerability_id]
 
diff --git a/dojo/tools/jfrog_xray_unified/parser.py b/dojo/tools/jfrog_xray_unified/parser.py
index 9690cbe4ab5..9d2f0421ba0 100644
--- a/dojo/tools/jfrog_xray_unified/parser.py
+++ b/dojo/tools/jfrog_xray_unified/parser.py
@@ -142,8 +142,8 @@ def get_item(vulnerability, test):
 
     cvss_data = parse_cvss_data(cvssv3)
     if cvss_data:
-        finding.cvssv3 = cvss_data.get("vector")
-        finding.cvssv3_score = cvss_data.get("score")
+        finding.cvssv3 = cvss_data.get("cvssv3")
+        finding.cvssv3_score = cvss_data.get("cvssv3_score")
 
     if vulnerability_id:
         finding.unsaved_vulnerability_ids = [vulnerability_id]
diff --git a/dojo/tools/npm_audit_7_plus/parser.py b/dojo/tools/npm_audit_7_plus/parser.py
index 93f04111689..653266a12bc 100644
--- a/dojo/tools/npm_audit_7_plus/parser.py
+++ b/dojo/tools/npm_audit_7_plus/parser.py
@@ -169,8 +169,8 @@ def get_item(item_node, tree, test):
     if (cvssv3 is not None) and (len(cvssv3) > 0):
         cvss_data = parse_cvss_data(cvssv3)
         if cvss_data:
-            dojo_finding.cvssv3 = cvss_data.get("vector")
-            dojo_finding.cvssv3_score = cvss_data.get("score")
+            dojo_finding.cvssv3 = cvss_data.get("cvssv3")
+            dojo_finding.cvssv3_score = cvss_data.get("cvssv3_score")
 
     return dojo_finding
 
diff --git a/dojo/tools/ptart/assessment_parser.py b/dojo/tools/ptart/assessment_parser.py
index ffeb09535d3..b4a24b67ccd 100644
--- a/dojo/tools/ptart/assessment_parser.py
+++ b/dojo/tools/ptart/assessment_parser.py
@@ -1,5 +1,6 @@
 import dojo.tools.ptart.ptart_parser_tools as ptart_tools
 from dojo.models import Finding
+from dojo.utils import parse_cvss_data
 
 
 class PTARTAssessmentParser:
@@ -43,10 +44,12 @@ def get_finding(self, assessment, hit):
             finding.vuln_id_from_tool = hit.get("id")
             finding.cve = hit.get("id")
 
-        # Clean up and parse the CVSS vector
-        cvss_vector = ptart_tools.parse_cvss_vector(hit, self.cvss_type)
+        cvss_vector = hit.get("cvss_vector", None)
         if cvss_vector:
-            finding.cvssv3 = cvss_vector
+            cvss_data = parse_cvss_data(cvss_vector)
+            if cvss_data:
+                finding.cvssv3 = cvss_data["cvssv3"]
+                finding.cvssv4 = cvss_data["cvssv4"]
 
         if "labels" in hit:
             finding.unsaved_tags = hit["labels"]
diff --git a/dojo/tools/ptart/ptart_parser_tools.py b/dojo/tools/ptart/ptart_parser_tools.py
index 06732310cab..b10f34caab4 100644
--- a/dojo/tools/ptart/ptart_parser_tools.py
+++ b/dojo/tools/ptart/ptart_parser_tools.py
@@ -62,6 +62,7 @@ def parse_cvss_vector(hit, cvss_type):
                 return c.clean_vector()
             except cvss.CVSS3Error:
                 return None
+
     return None
 
 
diff --git a/dojo/tools/ptart/retest_parser.py b/dojo/tools/ptart/retest_parser.py
index 6a029b4ddc2..6732513b54d 100644
--- a/dojo/tools/ptart/retest_parser.py
+++ b/dojo/tools/ptart/retest_parser.py
@@ -1,5 +1,6 @@
 import dojo.tools.ptart.ptart_parser_tools as ptart_tools
 from dojo.models import Finding
+from dojo.utils import parse_cvss_data
 
 
 def generate_retest_hit_title(hit, original_hit):
@@ -16,13 +17,8 @@ def generate_retest_hit_title(hit, original_hit):
 
 
 class PTARTRetestParser:
-    def __init__(self):
-        self.cvss_type = None
-
     def get_test_data(self, tree):
-        self.cvss_type = None
         if "retests" in tree:
-            self.cvss_type = tree.get("cvss_type", None)
             retests = tree["retests"]
         else:
             return []
@@ -82,12 +78,12 @@ def get_finding(self, retest, hit):
             finding.vuln_id_from_tool = original_hit.get("id")
             finding.cve = original_hit.get("id")
 
-        cvss_vector = ptart_tools.parse_cvss_vector(
-            original_hit,
-            self.cvss_type,
-        )
+        cvss_vector = original_hit.get("cvss_vector", None)
         if cvss_vector:
-            finding.cvssv3 = cvss_vector
+            cvss_data = parse_cvss_data(cvss_vector)
+            if cvss_data:
+                finding.cvssv3 = cvss_data["cvssv3"]
+                finding.cvssv4 = cvss_data["cvssv4"]
 
         if "labels" in original_hit:
             finding.unsaved_tags = original_hit["labels"]
diff --git a/dojo/tools/qualys/csv_parser.py b/dojo/tools/qualys/csv_parser.py
index f0672df9c87..49d31b1783d 100644
--- a/dojo/tools/qualys/csv_parser.py
+++ b/dojo/tools/qualys/csv_parser.py
@@ -232,8 +232,8 @@ def build_findings_from_dict(report_findings: [dict]) -> [Finding]:
             # Make sure vector is valid
             cvss_data = parse_cvss_data(cvssv3)
             if cvss_data:
-                finding.cvssv3 = cvss_data.get("vector")
-                finding.cvssv3_score = cvss_data.get("score")
+                finding.cvssv3 = cvss_data.get("cvssv3")
+                finding.cvssv3_score = cvss_data.get("cvssv3_score")
 
             # Qualys reports regression findings as active, but with a Date Last
             # Fixed.
diff --git a/dojo/tools/qualys/parser.py b/dojo/tools/qualys/parser.py
index dded935b7ad..83e9004e53b 100644
--- a/dojo/tools/qualys/parser.py
+++ b/dojo/tools/qualys/parser.py
@@ -355,8 +355,8 @@ def parse_finding(host, tree):
         if temp.get("CVSS_vector") is not None:
             cvss_data = parse_cvss_data(temp.get("CVSS_vector"))
             if cvss_data:
-                finding.cvssv3 = cvss_data.get("vector")
-                finding.cvssv3_score = cvss_data.get("score")
+                finding.cvssv3 = cvss_data.get("cvssv3")
+                finding.cvssv3_score = cvss_data.get("cvssv3_score")
 
         if temp.get("CVSS_value") is not None:
             finding.cvssv3_score = temp.get("CVSS_value")
diff --git a/dojo/tools/sonatype/parser.py b/dojo/tools/sonatype/parser.py
index aeb5a0e3e77..78fd00c4261 100644
--- a/dojo/tools/sonatype/parser.py
+++ b/dojo/tools/sonatype/parser.py
@@ -66,8 +66,8 @@ def get_finding(security_issue, component, test):
     if "cvssVector" in security_issue:
         cvss_data = parse_cvss_data(security_issue["cvssVector"])
         if cvss_data:
-            finding.cvssv3 = cvss_data.get("vector")
-            finding.cvssv3_score = cvss_data.get("score")
+            finding.cvssv3 = cvss_data.get("cvssv3")
+            finding.cvssv3_score = cvss_data.get("cvssv3_score")
 
     if "pathnames" in component:
         finding.file_path = " ".join(component["pathnames"])[:1000]
diff --git a/dojo/tools/trivy/parser.py b/dojo/tools/trivy/parser.py
index 27ddafb02aa..6c4d523741a 100644
--- a/dojo/tools/trivy/parser.py
+++ b/dojo/tools/trivy/parser.py
@@ -255,8 +255,8 @@ def get_result_items(self, test, results, service_name=None, artifact_name=""):
                                 cvssv3_string = dict(cvssclass).get("V3Vector")
                                 cvss_data = parse_cvss_data(cvssv3_string)
                                 if cvss_data:
-                                    cvssv3 = cvss_data.get("vector")
-                                    cvssv3_score = cvss_data.get("score")
+                                    cvssv3 = cvss_data.get("cvssv3")
+                                    cvssv3_score = cvss_data.get("cvssv3_score")
                             elif cvssclass.get("V3Score") is not None:
                                 cvssv3_score = cvssclass.get("V3Score")
                             elif cvssclass.get("V2Score") is not None:
diff --git a/dojo/utils.py b/dojo/utils.py
index b6fba9a5eb9..1346196f196 100644
--- a/dojo/utils.py
+++ b/dojo/utils.py
@@ -15,14 +15,13 @@
 
 import bleach
 import crum
-import cvss.parser
 import hyperlink
 import vobject
 from asteval import Interpreter
 from auditlog.models import LogEntry
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
-from cvss.cvss3 import CVSS3
+from cvss import CVSS2, CVSS3, CVSS4, CVSSError
 from dateutil.parser import parse
 from dateutil.relativedelta import MO, SU, relativedelta
 from django.conf import settings
@@ -2669,18 +2668,85 @@ def generate_file_response_from_file_path(
     return response
 
 
+# TEMPORARY: Local implementation until the upstream PR is merged & released: https://github.com/RedHatProductSecurity/cvss/pull/75
+def parse_cvss_from_text(text):
+    """
+    Parses CVSS2, CVSS3, and CVSS4 vectors from arbitrary text and returns a list of CVSS objects.
+
+    Parses text for substrings that look similar to CVSS vector
+    and feeds these matches to CVSS constructor.
+
+    Args:
+        text (str): arbitrary text
+
+    Returns:
+        A list of CVSS objects.
+
+    """
+    # Looks for substrings that resemble CVSS2, CVSS3, or CVSS4 vectors.
+    # CVSS3 and CVSS4 vectors start with a 'CVSS:x.x/' prefix and are matched by the optional non-capturing group.
+    # CVSS2 vectors do not include a prefix and are matched by raw vector pattern only.
+    # Minimum total match length is 26 characters to reduce false positives.
+    matches = re.compile(r"(?:CVSS:[3-4]\.\d/)?[A-Za-z:/]{26,}").findall(text)
+
+    cvsss = set()
+    for match in matches:
+        try:
+            if match.startswith("CVSS:4."):
+                cvss = CVSS4(match)
+            elif match.startswith("CVSS:3."):
+                cvss = CVSS3(match)
+            else:
+                cvss = CVSS2(match)
+
+            cvsss.add(cvss)
+        except (CVSSError, KeyError):
+            pass
+
+    return list(cvsss)
+
+
 def parse_cvss_data(cvss_vector_string: str) -> dict:
     if not cvss_vector_string:
         return {}
 
-    vectors = cvss.parser.parse_cvss_from_text(cvss_vector_string)
-    if len(vectors) > 0 and type(vectors[0]) is CVSS3:
+    vectors = parse_cvss_from_text(cvss_vector_string)
+    if len(vectors) > 0:
+        vector = vectors[0]
+        # For CVSS2, environmental score is at index 2
+        # For CVSS3, environmental score is at index 2
+        # For CVSS4, only base score is available (at index 0)
+        # These CVSS2/3/4 objects do not have a version field (only a minor_version field)
+        major_version = cvssv2 = cvssv2_score = cvssv3 = cvssv3_score = cvssv4 = cvssv4_score = severity = None
+        if type(vector) is CVSS4:
+            major_version = 4
+            cvssv4 = vector.clean_vector()
+            cvssv4_score = vector.scores()[0]
+            logger.debug("CVSS4 vector: %s, score: %s", cvssv4, cvssv4_score)
+            severity = vector.severities()[0]
+        elif type(vector) is CVSS3:
+            major_version = 3
+            cvssv3 = vector.clean_vector()
+            cvssv3_score = vector.scores()[2]
+            severity = vector.severities()[0]
+        elif type(vector) is CVSS2:
+            # CVSS2 is not supported, but we return it anyway to allow parser to use the severity or score for other purposes
+            cvssv2 = vector.clean_vector()
+            cvssv2_score = vector.scores()[2]
+            severity = vector.severities()[0]
+            major_version = 2
+
         return {
-            "vector": vectors[0].clean_vector(),
-            "score": vectors[0].scores()[2],  # environmental score is the most detailed one
-            "severity":  vectors[0].severities()[0],
+            "major_version": major_version,
+            "cvssv2": cvssv2,
+            "cvssv2_score": cvssv2_score,
+            "cvssv3": cvssv3,
+            "cvssv3_score": cvssv3_score,
+            "cvssv4": cvssv4,
+            "cvssv4_score": cvssv4_score,
+            "severity": severity,
         }
-    logger.debug("No valid CVSS3 vector found in %s", cvss_vector_string)
+    logger.debug("No valid CVSS3 or CVSS4 vector found in %s", cvss_vector_string)
     return {}
 
 
diff --git a/dojo/validators.py b/dojo/validators.py
index e6e3a784b2b..79a93aad78e 100644
--- a/dojo/validators.py
+++ b/dojo/validators.py
@@ -2,7 +2,6 @@
 import re
 from collections.abc import Callable
 
-import cvss.parser
 from cvss import CVSS2, CVSS3, CVSS4
 from django.core.exceptions import ValidationError
 
@@ -27,8 +26,9 @@ def tag_validator(value: str | list[str], exception_class: Callable = Validation
 
 
 def cvss3_validator(value: str | list[str], exception_class: Callable = ValidationError) -> None:
-    logger.error("cvss3_validator called with value: %s", value)
-    cvss_vectors = cvss.parser.parse_cvss_from_text(value)
+    logger.debug("cvss3_validator called with value: %s", value)
+    from dojo.utils import parse_cvss_from_text
+    cvss_vectors = parse_cvss_from_text(value)
     if len(cvss_vectors) > 0:
         vector_obj = cvss_vectors[0]
 
@@ -37,11 +37,10 @@ def cvss3_validator(value: str | list[str], exception_class: Callable = Validati
             return
 
         if isinstance(vector_obj, CVSS4):
-            # CVSS4 is not supported yet by the parse_cvss_from_text function, but let's prepare for it anyway: https://github.com/RedHatProductSecurity/cvss/issues/53
-            msg = "Unsupported CVSS(4) version detected."
+            msg = "CVSS4 vector cannot be stored in the cvssv3 field. Use the cvssv4 field."
             raise exception_class(msg)
         if isinstance(vector_obj, CVSS2):
-            msg = "Unsupported CVSS(2) version detected."
+            msg = "Unsupported CVSS2 version detected."
             raise exception_class(msg)
 
         msg = "Unsupported CVSS version detected."
@@ -49,5 +48,32 @@ def cvss3_validator(value: str | list[str], exception_class: Callable = Validati
 
     # Explicitly raise an error if no CVSS vectors are found,
     # to avoid 'NoneType' errors during severity processing later.
-    msg = "No valid CVSS vectors found by cvss.parse_cvss_from_text()"
+    msg = "No valid CVSS3 vectors found by cvss.parse_cvss_from_text()"
+    raise exception_class(msg)
+
+
+def cvss4_validator(value: str | list[str], exception_class: Callable = ValidationError) -> None:
+    logger.debug("cvss4_validator called with value: %s", value)
+    from dojo.utils import parse_cvss_from_text
+    cvss_vectors = parse_cvss_from_text(value)
+    if len(cvss_vectors) > 0:
+        vector_obj = cvss_vectors[0]
+
+        if isinstance(vector_obj, CVSS4):
+            # all is good
+            return
+
+        if isinstance(vector_obj, CVSS3):
+            msg = "CVSS3 vector cannot be stored in the cvssv4 field. Use the cvssv3 field."
+            raise exception_class(msg)
+        if isinstance(vector_obj, CVSS2):
+            msg = "Unsupported CVSS2 version detected."
+            raise exception_class(msg)
+
+        msg = "Unsupported CVSS version detected."
+        raise exception_class(msg)
+
+    # Explicitly raise an error if no CVSS vectors are found,
+    # to avoid 'NoneType' errors during severity processing later.
+    msg = "No valid CVSS4 vectors found by cvss.parse_cvss_from_text()"
     raise exception_class(msg)
diff --git a/run-unittest.sh b/run-unittest.sh
index 062ef1c9e0a..c6129b614c4 100755
--- a/run-unittest.sh
+++ b/run-unittest.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 unset TEST_CASE
+unset FAIL_FAST
 
 bash ./docker/docker-compose-check.sh
 if [[ $? -eq 1 ]]; then exit 1; fi
@@ -10,6 +11,7 @@ usage() {
   echo
   echo "Options:"
   echo "  --test-case -t {YOUR_FULLY_QUALIFIED_TEST_CASE}"
+  echo "  --fail-fast -f - stop on first test failure"
   echo "  --help -h - prints this dialogue."
   echo
   echo "You must specify a test case (arg)!"
@@ -25,6 +27,10 @@ while [[ $# -gt 0 ]]; do
       shift # past argument
       shift # past value
       ;;
+    -f|--fail-fast)
+      FAIL_FAST="--failfast"
+      shift # past argument
+      ;;
     -h|--help)
       usage
       exit 0
@@ -49,8 +55,11 @@ then
   exit 1
 fi
 
+# docker compose exec uwsgi bash -c "python manage.py migrate dojo 0233"
+# docker compose exec uwsgi bash -c "python manage.py migrate dojo 0234"
+
 echo "Running docker compose unit tests with test case $TEST_CASE ..."
 # Compose V2 integrates compose functions into the Docker platform, continuing to support
 # most of the  previous docker-compose features and flags. You can run Compose V2 by
 # replacing the hyphen (-) with a space, using docker compose, instead of docker-compose.
-docker compose exec uwsgi bash -c "python manage.py test $TEST_CASE -v2 --keepdb"
+docker compose exec uwsgi bash -c "python manage.py test $TEST_CASE -v2 --keepdb $FAIL_FAST"
diff --git a/tests/false_positive_history_test.py b/tests/false_positive_history_test.py
index 726a172064c..c6eddb4691e 100644
--- a/tests/false_positive_history_test.py
+++ b/tests/false_positive_history_test.py
@@ -39,7 +39,9 @@ def create_finding(self, product_name, engagement_name, test_name, finding_name)
         # cvssv3 field
         driver.find_element(By.ID, "id_cvssv3").send_keys("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H")
         # finding Description
-        driver.find_element(By.ID, "id_cvssv3").send_keys(Keys.TAB, "This is just a Test Case Finding")
+        # Note item [0] is a meta tag on the top of the page with name "description", so we use [1]
+        driver.execute_script("document.getElementsByName('description')[1].style.display = 'inline'")
+        driver.find_elements(By.NAME, "description")[1].send_keys(Keys.TAB, "This is just a test finding")
         # finding Vulnerability Ids
         driver.find_element(By.ID, "id_vulnerability_ids").send_keys("REF-1\nREF-2")
         # Click the Done button
diff --git a/tests/finding_test.py b/tests/finding_test.py
index d55c269333e..45e915b134f 100644
--- a/tests/finding_test.py
+++ b/tests/finding_test.py
@@ -128,12 +128,16 @@ def test_edit_finding(self):
         self.assertTrue(self.is_text_present_on_page(text="REF-4"))
         self.assertTrue(self.is_text_present_on_page(text="Additional Vulnerability Ids"))
 
-    def _edit_finding_cvssv3_and_assert(
+    def _edit_finding_cvss_and_assert(
         self,
-        cvssv3_value,
-        cvssv3_score,
-        expected_cvssv3_value,
-        expected_cvssv3_score,
+        cvssv3_value=None,
+        cvssv3_score=None,
+        cvssv4_value=None,
+        cvssv4_score=None,
+        expected_cvssv3_value=None,
+        expected_cvssv3_score=None,
+        expected_cvssv4_value=None,
+        expected_cvssv4_score=None,
         expect_success=True,  # noqa: FBT002
         success_message="Finding saved successfully",
         error_message=None,
@@ -147,11 +151,21 @@ def _edit_finding_cvssv3_and_assert(
         driver.find_element(By.ID, "dropdownMenu1").click()
         # Click on `Edit Finding`
         driver.find_element(By.LINK_TEXT, "Edit Finding").click()
-        # Set cvssv3 value and score
         driver.find_element(By.ID, "id_cvssv3").clear()
-        driver.find_element(By.ID, "id_cvssv3").send_keys(cvssv3_value)
         driver.find_element(By.ID, "id_cvssv3_score").clear()
-        driver.find_element(By.ID, "id_cvssv3_score").send_keys(str(cvssv3_score))
+        driver.find_element(By.ID, "id_cvssv4").clear()
+        driver.find_element(By.ID, "id_cvssv4_score").clear()
+        if cvssv3_value:
+            # Set cvssv3 value and score
+            driver.find_element(By.ID, "id_cvssv3").send_keys(cvssv3_value)
+        if cvssv3_score:
+            driver.find_element(By.ID, "id_cvssv3_score").send_keys(str(cvssv3_score))
+        if cvssv4_value:
+            # Set cvssv3 value and score
+            driver.find_element(By.ID, "id_cvssv4").send_keys(cvssv4_value)
+        if cvssv4_score:
+            driver.find_element(By.ID, "id_cvssv4_score").send_keys(str(cvssv4_score))
+
         # Submit the form
         driver.find_element(By.XPATH, "//input[@name='_Finished']").click()
 
@@ -160,18 +174,21 @@ def _edit_finding_cvssv3_and_assert(
             # Go into edit mode again to check stored values
             driver.find_element(By.ID, "dropdownMenu1").click()
             driver.find_element(By.LINK_TEXT, "Edit Finding").click()
-            self.assertEqual(expected_cvssv3_value, driver.find_element(By.ID, "id_cvssv3").get_attribute("value"))
-            self.assertEqual(str(expected_cvssv3_score), driver.find_element(By.ID, "id_cvssv3_score").get_attribute("value"))
         else:
             self.assertTrue(self.is_error_message_present(text=error_message))
+
+        if expected_cvssv3_value:
             self.assertEqual(expected_cvssv3_value, driver.find_element(By.ID, "id_cvssv3").get_attribute("value"))
+        if expected_cvssv3_score:
             self.assertEqual(str(expected_cvssv3_score), driver.find_element(By.ID, "id_cvssv3_score").get_attribute("value"))
+        if expected_cvssv4_value:
+            self.assertEqual(expected_cvssv4_value, driver.find_element(By.ID, "id_cvssv4").get_attribute("value"))
+        if expected_cvssv4_score:
+            self.assertEqual(str(expected_cvssv4_score), driver.find_element(By.ID, "id_cvssv4_score").get_attribute("value"))
 
-    # See https://github.com/DefectDojo/django-DefectDojo/issues/8264
-    # Capturing current behavior which might not be the desired one yet
     @on_exception_html_source_logger
     def test_edit_finding_cvssv3_valid_vector(self):
-        self._edit_finding_cvssv3_and_assert(
+        self._edit_finding_cvss_and_assert(
             cvssv3_value="CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
             cvssv3_score="1",
             expected_cvssv3_value="CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@@ -179,70 +196,167 @@ def test_edit_finding_cvssv3_valid_vector(self):
             expect_success=True,
         )
 
+    @on_exception_html_source_logger
+    def test_edit_finding_cvssv3_valid_vector_no_score(self):
+        self._edit_finding_cvss_and_assert(
+            cvssv3_value="CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            cvssv3_score=None,
+            expected_cvssv3_value="CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            expected_cvssv3_score="8.8",
+            expect_success=True,
+        )
+
     @on_exception_html_source_logger
     def test_edit_finding_cvssv3_valid_vector_no_prefix(self):
-        self._edit_finding_cvssv3_and_assert(
+        self._edit_finding_cvss_and_assert(
             cvssv3_value="AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
             cvssv3_score="2",
             expected_cvssv3_value="AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
             expected_cvssv3_score="2",
             expect_success=False,
-            error_message="No valid CVSS vectors found by cvss.parse_cvss_from_text()",
+            error_message="No valid CVSS3 vectors found by cvss.parse_cvss_from_text()",
         )
 
     @on_exception_html_source_logger
     def test_edit_finding_cvssv3_valid_vector_with_trailing_slash(self):
-        self._edit_finding_cvssv3_and_assert(
+        self._edit_finding_cvss_and_assert(
             cvssv3_value="CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/",
             cvssv3_score="3",
             expected_cvssv3_value="CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/",
             expected_cvssv3_score="3",
             expect_success=False,
-            error_message="No valid CVSS vectors found by cvss.parse_cvss_from_text()",
+            error_message="No valid CVSS3 vectors found by cvss.parse_cvss_from_text()",
         )
 
     @on_exception_html_source_logger
     def test_edit_finding_cvssv3_with_v2_vector_invalid_due_to_prefix(self):
-        self._edit_finding_cvssv3_and_assert(
+        self._edit_finding_cvss_and_assert(
             cvssv3_value="CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P",
             cvssv3_score="4",
             expected_cvssv3_value="CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P",
             expected_cvssv3_score="4",
             expect_success=False,
-            error_message="No valid CVSS vectors found by cvss.parse_cvss_from_text()",
+            error_message="No valid CVSS3 vectors found by cvss.parse_cvss_from_text()",
         )
 
     @on_exception_html_source_logger
     def test_edit_finding_cvssv3_with_v2_vector(self):
-        self._edit_finding_cvssv3_and_assert(
+        self._edit_finding_cvss_and_assert(
             cvssv3_value="AV:N/AC:L/Au:N/C:P/I:P/A:P",
             cvssv3_score="4",
             expected_cvssv3_value="AV:N/AC:L/Au:N/C:P/I:P/A:P",
             expected_cvssv3_score="4",
             expect_success=False,
-            error_message="Unsupported CVSS(2) version detected.",
+            error_message="Unsupported CVSS2 version detected.",
         )
 
     @on_exception_html_source_logger
     def test_edit_finding_cvssv3_with_v4_vector(self):
-        self._edit_finding_cvssv3_and_assert(
-            cvssv3_value="CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/S:U/C:H/I:H/A:H",
+        self._edit_finding_cvss_and_assert(
+            cvssv3_value="CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
             cvssv3_score="5",
-            expected_cvssv3_value="CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            expected_cvssv3_value="CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
             expected_cvssv3_score="5",
             expect_success=False,
-            error_message="No valid CVSS vectors found by cvss.parse_cvss_from_text()",
+            error_message="CVSS4 vector cannot be stored in the cvssv3 field. Use the cvssv4 field.",
         )
 
     @on_exception_html_source_logger
     def test_edit_finding_cvssv3_with_rubbish(self):
-        self._edit_finding_cvssv3_and_assert(
+        self._edit_finding_cvss_and_assert(
             cvssv3_value="happy little vector",
             cvssv3_score="5",
             expected_cvssv3_value="happy little vector",
             expected_cvssv3_score="5",
             expect_success=False,
-            error_message="No valid CVSS vectors found by cvss.parse_cvss_from_text()",
+            error_message="No valid CVSS3 vectors found by cvss.parse_cvss_from_text()",
+        )
+
+    """"CVSS4 Test"""
+    @on_exception_html_source_logger
+    def test_edit_finding_cvssv4_valid_vector(self):
+        self._edit_finding_cvss_and_assert(
+            cvssv4_value="CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+            cvssv4_score="1",
+            expected_cvssv4_value="CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+            expected_cvssv4_score="7.3",
+            expect_success=True,
+        )
+
+    @on_exception_html_source_logger
+    def test_edit_finding_cvssv4_valid_vector_no_score(self):
+        self._edit_finding_cvss_and_assert(
+            cvssv4_value="CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+            cvssv4_score=None,
+            expected_cvssv4_value="CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+            expected_cvssv4_score="7.3",
+            expect_success=True,
+        )
+
+    @on_exception_html_source_logger
+    def test_edit_finding_cvssv4_valid_vector_no_prefix(self):
+        self._edit_finding_cvss_and_assert(
+            cvssv4_value="AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+            cvssv4_score="2",
+            expected_cvssv4_value="AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+            expected_cvssv4_score="2",
+            expect_success=False,
+            error_message="No valid CVSS4 vectors found by cvss.parse_cvss_from_text()",
+        )
+
+    @on_exception_html_source_logger
+    def test_edit_finding_cvssv4_valid_vector_with_trailing_slash(self):
+        self._edit_finding_cvss_and_assert(
+            cvssv4_value="CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/",
+            cvssv4_score="3",
+            expected_cvssv4_value="CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/",
+            expected_cvssv4_score="3",
+            expect_success=False,
+            error_message="No valid CVSS4 vectors found by cvss.parse_cvss_from_text()",
+        )
+
+    @on_exception_html_source_logger
+    def test_edit_finding_cvssv4_with_v2_vector_invalid_due_to_prefix(self):
+        self._edit_finding_cvss_and_assert(
+            cvssv4_value="CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            cvssv4_score="4",
+            expected_cvssv4_value="CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            expected_cvssv4_score="4",
+            expect_success=False,
+            error_message="No valid CVSS4 vectors found by cvss.parse_cvss_from_text()",
+        )
+
+    @on_exception_html_source_logger
+    def test_edit_finding_cvssv4_with_v2_vector(self):
+        self._edit_finding_cvss_and_assert(
+            cvssv4_value="AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            cvssv4_score="4",
+            expected_cvssv4_value="AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            expected_cvssv4_score="4",
+            expect_success=False,
+            error_message="Unsupported CVSS2 version detected.",
+        )
+
+    @on_exception_html_source_logger
+    def test_edit_finding_cvssv4_with_v3_vector(self):
+        self._edit_finding_cvss_and_assert(
+            cvssv4_value="CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            cvssv4_score="5",
+            expected_cvssv4_value="CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            expected_cvssv4_score="5",
+            expect_success=False,
+            error_message="CVSS3 vector cannot be stored in the cvssv4 field. Use the cvssv3 field.",
+        )
+
+    @on_exception_html_source_logger
+    def test_edit_finding_cvssv4_with_rubbish(self):
+        self._edit_finding_cvss_and_assert(
+            cvssv4_value="happy little vector",
+            cvssv4_score="5",
+            expected_cvssv4_value="happy little vector",
+            expected_cvssv4_score="5",
+            expect_success=False,
+            error_message="No valid CVSS4 vectors found by cvss.parse_cvss_from_text()",
         )
 
     def test_add_image(self):
@@ -677,12 +791,21 @@ def add_finding_tests_to_suite(suite, *, jira=False, github=False, block_executi
     suite.addTest(FindingTest("test_list_components"))
     suite.addTest(FindingTest("test_edit_finding"))
     suite.addTest(FindingTest("test_edit_finding_cvssv3_valid_vector"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv3_valid_vector_no_score"))
     suite.addTest(FindingTest("test_edit_finding_cvssv3_valid_vector_no_prefix"))
     suite.addTest(FindingTest("test_edit_finding_cvssv3_valid_vector_with_trailing_slash"))
-    suite.addTest(FindingTest("test_edit_finding_cvssv3_with_v2_vector"))
     suite.addTest(FindingTest("test_edit_finding_cvssv3_with_v2_vector_invalid_due_to_prefix"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv3_with_v2_vector"))
     suite.addTest(FindingTest("test_edit_finding_cvssv3_with_v4_vector"))
     suite.addTest(FindingTest("test_edit_finding_cvssv3_with_rubbish"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv4_valid_vector"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv4_valid_vector_no_score"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv4_valid_vector_no_prefix"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv4_valid_vector_with_trailing_slash"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv4_with_v2_vector_invalid_due_to_prefix"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv4_with_v2_vector"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv4_with_v3_vector"))
+    suite.addTest(FindingTest("test_edit_finding_cvssv4_with_rubbish"))
     suite.addTest(FindingTest("test_add_note_to_finding"))
     suite.addTest(FindingTest("test_add_image"))
     suite.addTest(FindingTest("test_delete_image"))
diff --git a/tests/product_test.py b/tests/product_test.py
index e5839b61cbe..b8b5a878b23 100644
--- a/tests/product_test.py
+++ b/tests/product_test.py
@@ -271,7 +271,9 @@ def test_add_product_finding(self):
         # cvssv3 field
         driver.find_element(By.ID, "id_cvssv3").send_keys("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H")
         # finding Description
-        driver.find_element(By.ID, "id_cvssv3").send_keys(Keys.TAB, "This is just a Test Case Finding")
+        # Note item [0] is a meta tag on the top of the page with name "description", so we use [1]
+        driver.execute_script("document.getElementsByName('description')[1].style.display = 'inline'")
+        driver.find_elements(By.NAME, "description")[1].send_keys(Keys.TAB, "This is just a test finding")
         # finding Vulnerability Ids
         driver.find_element(By.ID, "id_vulnerability_ids").send_keys("REF-1\nREF-2")
         # Finding Mitigation
diff --git a/tests/test_test.py b/tests/test_test.py
index 94ae50e5f0b..7ee311b91cd 100644
--- a/tests/test_test.py
+++ b/tests/test_test.py
@@ -162,7 +162,9 @@ def test_add_test_finding(self):
         # cvss
         driver.find_element(By.ID, "id_cvssv3").send_keys("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H")
         # finding Description
-        driver.find_element(By.ID, "id_cvssv3").send_keys(Keys.TAB, "This is just a Test Case Finding2")
+        # Note item [0] is a meta tag on the top of the page with name "description", so we use [1]
+        driver.execute_script("document.getElementsByName('description')[1].style.display = 'inline'")
+        driver.find_elements(By.NAME, "description")[1].send_keys(Keys.TAB, "This is just a test finding")
         # Finding Mitigation
         # Use Javascript to bypass the editor by making Setting textArea style from none to inline
         # Any Text written to textarea automatically reflects in Editor field.
@@ -217,8 +219,11 @@ def test_add_and_promote_stub_finding(self):
         driver.find_element(By.PARTIAL_LINK_TEXT, "App Vulnerable to XSS3").click()
         self.assertTrue(self.is_info_message_present(text="In order to promote a Potential Finding to a Verified Finding you must provide the following information."))
         self.assertEqual(driver.find_element(By.ID, "id_title").get_attribute("value"), "App Vulnerable to XSS3")
-        # Edit finding Description
-        driver.find_element(By.ID, "id_cvssv3_score").send_keys(Keys.TAB, Keys.TAB, "This is a promoted stub finding")
+        # finding Description
+        # Note item [0] is a meta tag on the top of the page with name "description", so we use [1]
+        driver.execute_script("document.getElementsByName('description')[1].style.display = 'inline'")
+        driver.find_elements(By.NAME, "description")[1].send_keys(Keys.TAB, "This is just a test finding")
+
         # "Click" the Done button to Edit the finding
         driver.find_element(By.ID, "submit").click()
 
diff --git a/unittests/test_metrics_queries.py b/unittests/test_metrics_queries.py
index 72bfe8ae1be..4602c9b5b1d 100644
--- a/unittests/test_metrics_queries.py
+++ b/unittests/test_metrics_queries.py
@@ -21,23 +21,23 @@ def add(*args, **kwargs):
 ####
 # Test Findings data
 ####
-FINDING_1 = {"id": 4, "title": "High Impact Test Finding", "date": date(2018, 1, 1), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "High", "description": "test finding", "mitigation": "test mitigation", "impact": "High", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 3, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", "line": None, "file_path": "", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_2 = {"id": 5, "title": "High Impact Test Finding", "date": date(2018, 1, 1), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "High", "description": "test finding", "mitigation": "test mitigation", "impact": "High", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 3, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", "line": None, "file_path": "", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_3 = {"id": 6, "title": "High Impact Test Finding", "date": date(2018, 1, 1), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "High", "description": "test finding", "mitigation": "test mitigation", "impact": "High", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 3, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", "line": None, "file_path": "", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_4 = {"id": 7, "title": "DUMMY FINDING", "date": date(2017, 12, 31), "sla_start_date": None, "sla_expiration_date": None, "cwe": 1, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": "http://www.example.com", "severity": "High", "description": "TEST finding", "mitigation": "MITIGATION", "impact": "High", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 3, "active": False, "verified": False, "false_p": False, "duplicate": False, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 2, "under_defect_review": False, "defect_review_requested_by_id": 2, "is_mitigated": False, "thread_id": 1, "mitigated": None, "mitigated_by_id": None, "reporter_id": 2, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0", "line": 100, "file_path": "", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_5 = {"id": 24, "title": "Low Impact Test Finding", "date": date(2018, 1, 1), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "Low", "description": "test finding", "mitigation": "test mitigation", "impact": "Low", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 33, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 22, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", "line": 123, "file_path": "/dev/urandom", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_6 = {"id": 125, "title": "Low Impact Test Finding", "date": date(2018, 1, 1), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "Low", "description": "test finding", "mitigation": "test mitigation", "impact": "Low", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 55, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", "line": 123, "file_path": "/dev/urandom", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": "12345", "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_7 = {"id": 225, "title": "UID Impact Test Finding", "date": date(2018, 1, 1), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "Low", "description": "test finding", "mitigation": "test mitigation", "impact": "Low", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 77, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 224, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1", "line": 123, "file_path": "/dev/urandom", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": "6789", "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_8 = {"id": 240, "title": "High Impact Test Finding", "date": date(2018, 1, 1), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "High", "description": "test finding", "mitigation": "test mitigation", "impact": "High", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 3, "active": True, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", "line": None, "file_path": "", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_9 = {"id": 241, "title": "High Impact Test Finding", "date": date(2018, 1, 1), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "High", "description": "test finding", "mitigation": "test mitigation", "impact": "High", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 3, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": True, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", "line": None, "file_path": "", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_10 = {"id": 242, "title": "High Impact Test Finding", "date": date(2018, 1, 1), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "High", "description": "test finding", "mitigation": "test mitigation", "impact": "High", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 3, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": True, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", "line": None, "file_path": "", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_11 = {"id": 243, "title": "DUMMY FINDING", "date": date(2017, 12, 31), "sla_start_date": None, "sla_expiration_date": None, "cwe": 1, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": "http://www.example.com", "severity": "High", "description": "TEST finding", "mitigation": "MITIGATION", "impact": "High", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 3, "active": False, "verified": False, "false_p": False, "duplicate": False, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": True, "under_review": False, "last_status_update": None, "review_requested_by_id": 2, "under_defect_review": False, "defect_review_requested_by_id": 2, "is_mitigated": True, "thread_id": 1, "mitigated": None, "mitigated_by_id": None, "reporter_id": 2, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0", "line": 100, "file_path": "", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_12 = {"id": 244, "title": "Low Impact Test Finding", "date": date(2017, 12, 29), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "Low", "description": "test finding", "mitigation": "test mitigation", "impact": "Low", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 33, "active": True, "verified": True, "false_p": False, "duplicate": False, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", "line": 123, "file_path": "/dev/urandom", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_13 = {"id": 245, "title": "Low Impact Test Finding", "date": date(2017, 12, 27), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "Low", "description": "test finding", "mitigation": "test mitigation", "impact": "Low", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 33, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 22, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", "line": 123, "file_path": "/dev/urandom", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_14 = {"id": 246, "title": "Low Impact Test Finding", "date": date(2018, 1, 2), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "Low", "description": "test finding", "mitigation": "test mitigation", "impact": "Low", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 33, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 22, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", "line": 123, "file_path": "/dev/urandom", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": None, "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_15 = {"id": 247, "title": "Low Impact Test Finding", "date": date(2018, 1, 3), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "Low", "description": "test finding", "mitigation": "test mitigation", "impact": "Low", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 55, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", "line": 123, "file_path": "/dev/urandom", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": "12345", "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_16 = {"id": 248, "title": "UID Impact Test Finding", "date": date(2017, 12, 27), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "Low", "description": "test finding", "mitigation": "test mitigation", "impact": "Low", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 77, "active": True, "verified": True, "false_p": False, "duplicate": False, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": True, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1", "line": 123, "file_path": "/dev/urandom", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": "6789", "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
-FINDING_17 = {"id": 249, "title": "UID Impact Test Finding", "date": date(2018, 1, 4), "sla_start_date": None, "sla_expiration_date": None, "cwe": None, "cve": None, "epss_score": None, "epss_percentile": None, "cvssv3": None, "cvssv3_score": None, "url": None, "severity": "Low", "description": "test finding", "mitigation": "test mitigation", "impact": "Low", "steps_to_reproduce": None, "severity_justification": None, "references": "", "test_id": 77, "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 224, "out_of_scope": False, "risk_accepted": False, "under_review": False, "last_status_update": None, "review_requested_by_id": 1, "under_defect_review": False, "defect_review_requested_by_id": 1, "is_mitigated": False, "thread_id": 11, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0", "last_reviewed": None, "last_reviewed_by_id": None, "param": None, "payload": None, "hash_code": "6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1", "line": 123, "file_path": "/dev/urandom", "component_name": None, "component_version": None, "static_finding": False, "dynamic_finding": False, "created": datetime(2017, 12, 1, 0, 0, tzinfo=UTC), "scanner_confidence": None, "sonarqube_issue_id": None, "unique_id_from_tool": "6789", "vuln_id_from_tool": None, "sast_source_object": None, "sast_sink_object": None, "sast_source_line": None, "sast_source_file_path": None, "nb_occurences": None, "publish_date": None, "service": None, "planned_remediation_date": None, "planned_remediation_version": None, "effort_for_fixing": None, "test__engagement__product__prod_type__member": False, "test__engagement__product__member": True, "test__engagement__product__prod_type__authorized_group": False, "test__engagement__product__authorized_group": False, "known_exploited": False, "ransomware_used": False, "kev_date": None}
+FINDING_1 = {"id": 4, "date": date(2018, 1, 1), "severity": "High", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_2 = {"id": 5, "date": date(2018, 1, 1), "severity": "High", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_3 = {"id": 6, "date": date(2018, 1, 1), "severity": "High", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_4 = {"id": 7, "date": date(2017, 12, 31), "severity": "High", "active": False, "verified": False, "false_p": False, "duplicate": False, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 2, "numerical_severity": "S0"}
+FINDING_5 = {"id": 24, "date": date(2018, 1, 1), "severity": "Low", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 22, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_6 = {"id": 125, "date": date(2018, 1, 1), "severity": "Low", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_7 = {"id": 225, "date": date(2018, 1, 1), "severity": "Low", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 224, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_8 = {"id": 240, "date": date(2018, 1, 1), "severity": "High", "active": True, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_9 = {"id": 241, "date": date(2018, 1, 1), "severity": "High", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": True, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_10 = {"id": 242, "date": date(2018, 1, 1), "severity": "High", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 2, "out_of_scope": False, "risk_accepted": True, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_11 = {"id": 243, "date": date(2017, 12, 31), "severity": "High", "active": False, "verified": False, "false_p": False, "duplicate": False, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": True, "under_review": False, "is_mitigated": True, "mitigated": None, "mitigated_by_id": None, "reporter_id": 2, "numerical_severity": "S0"}
+FINDING_12 = {"id": 244, "date": date(2017, 12, 29), "severity": "Low", "active": True, "verified": True, "false_p": False, "duplicate": False, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_13 = {"id": 245, "date": date(2017, 12, 27), "severity": "Low", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 22, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_14 = {"id": 246, "date": date(2018, 1, 2), "severity": "Low", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 22, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_15 = {"id": 247, "date": date(2018, 1, 3), "severity": "Low", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_16 = {"id": 248, "date": date(2017, 12, 27), "severity": "Low", "active": True, "verified": True, "false_p": False, "duplicate": False, "duplicate_finding_id": None, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": True, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
+FINDING_17 = {"id": 249, "date": date(2018, 1, 4), "severity": "Low", "active": False, "verified": False, "false_p": False, "duplicate": True, "duplicate_finding_id": 224, "out_of_scope": False, "risk_accepted": False, "under_review": False, "is_mitigated": False, "mitigated": None, "mitigated_by_id": None, "reporter_id": 1, "numerical_severity": "S0"}
 
 
 ALL_FINDINGS = [FINDING_1, FINDING_2, FINDING_3, FINDING_4, FINDING_5, FINDING_6, FINDING_7, FINDING_8, FINDING_9,
@@ -75,6 +75,7 @@ def test_finding_queries_no_data(self):
 
     @patch("django.utils.timezone.now")
     def test_finding_queries(self, mock_timezone):
+        self.maxDiff = None
         mock_datetime = datetime(2020, 12, 9, tzinfo=UTC)
         mock_timezone.return_value = mock_datetime
 
@@ -103,9 +104,10 @@ def test_finding_queries(self, mock_timezone):
             )
             # Assert that we get expected querysets back. This is to be used to
             # support refactoring, in attempt of lowering the query count.
-            self.assertSequenceEqual(finding_queries["all"].values(), ALL_FINDINGS)
-            self.assertSequenceEqual(finding_queries["closed"].values(), CLOSED_FINDINGS)
-            self.assertSequenceEqual(finding_queries["accepted"].values(), ACCEPTED_FINDINGS)
+            # we limit ourselves to the most interesting subset of fields otherwise this tests become unmaintainable
+            self.assertSequenceEqual(finding_queries["all"].values(*FINDING_1.keys()), ALL_FINDINGS)
+            self.assertSequenceEqual(finding_queries["closed"].values(*FINDING_1.keys()), CLOSED_FINDINGS)
+            self.assertSequenceEqual(finding_queries["accepted"].values(*FINDING_1.keys()), ACCEPTED_FINDINGS)
 
             self.assertSequenceEqual(
                 finding_queries["accepted_count"],
diff --git a/unittests/test_rest_framework.py b/unittests/test_rest_framework.py
index e709e4e7c0d..1e3a51a3f30 100644
--- a/unittests/test_rest_framework.py
+++ b/unittests/test_rest_framework.py
@@ -1287,80 +1287,167 @@ def test_cvss3_validation(self):
             result = self.client.patch(self.url + "2/", data={"cvssv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvssv3_score": 3})
             self.assertEqual(result.status_code, status.HTTP_200_OK)
             finding = Finding.objects.get(id=2)
-            # valid so vector must be set and score calculated
+            # valid so vector must be set and score calculated overrides the provided score
             self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3)
             self.assertEqual(8.8, finding.cvssv3_score)
 
         with self.subTest(i=1):
+            result = self.client.patch(self.url + "5/", data={"cvssv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"})
+            self.assertEqual(result.status_code, status.HTTP_200_OK)
+            finding = Finding.objects.get(id=5)
+            # valid so vector must be set and score calculated
+            self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", finding.cvssv3)
+            self.assertEqual(8.8, finding.cvssv3_score)
+
+        with self.subTest(i=2):
             # extra slash makes it invalid
             result = self.client.patch(self.url + "3/", data={"cvssv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/", "cvssv3_score": 3})
             self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
             finding = Finding.objects.get(id=3)
-            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS vectors found by cvss.parse_cvss_from_text()"])
+            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS3 vectors found by cvss.parse_cvss_from_text()"])
             # invalid vector, so no calculated score and no score stored
             self.assertEqual(None, finding.cvssv3)
             self.assertEqual(None, finding.cvssv3_score)
 
-        with self.subTest(i=2):
+        with self.subTest(i=3):
             # no CVSS version prefix makes it invalid
             result = self.client.patch(self.url + "3/", data={"cvssv3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvssv3_score": 4})
             self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
             finding = Finding.objects.get(id=3)
-            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS vectors found by cvss.parse_cvss_from_text()"])
+            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS3 vectors found by cvss.parse_cvss_from_text()"])
             # invalid vector, so no calculated score and no score stored
             self.assertEqual(None, finding.cvssv3)
             self.assertEqual(None, finding.cvssv3_score)
 
-        with self.subTest(i=3):
+        with self.subTest(i=4):
             # CVSS4 version makes it invalid
             result = self.client.patch(self.url + "3/", data={"cvssv3": "CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvssv3_score": 5})
             self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
-            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS vectors found by cvss.parse_cvss_from_text()"])
+            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS3 vectors found by cvss.parse_cvss_from_text()"])
             finding = Finding.objects.get(id=3)
             # invalid vector, so no calculated score and no score stored
             self.assertEqual(None, finding.cvssv3)
             self.assertEqual(None, finding.cvssv3_score)
 
-        with self.subTest(i=4):
+        with self.subTest(i=5):
             # CVSS2 style vector makes not supported
             result = self.client.patch(self.url + "3/", data={"cvssv3": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvssv3_score": 6})
             self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
-            self.assertEqual(result.json()["cvssv3"], ["Unsupported CVSS(2) version detected."])
+            self.assertEqual(result.json()["cvssv3"], ["Unsupported CVSS2 version detected."])
             finding = Finding.objects.get(id=3)
             # invalid vector, so no calculated score and no score stored
             self.assertEqual(None, finding.cvssv3)
             self.assertEqual(None, finding.cvssv3_score)
 
-        with self.subTest(i=5):
+        with self.subTest(i=6):
             # CVSS2 prefix makes it invalid
             result = self.client.patch(self.url + "3/", data={"cvssv3": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvssv3_score": 7})
             self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
-            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS vectors found by cvss.parse_cvss_from_text()"])
+            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS3 vectors found by cvss.parse_cvss_from_text()"])
             finding = Finding.objects.get(id=3)
             # invalid vector, so no calculated score and no score stored
             self.assertEqual(None, finding.cvssv3)
             self.assertEqual(None, finding.cvssv3_score)
 
-        with self.subTest(i=6):
+        with self.subTest(i=7):
             # try to put rubbish in there
             result = self.client.patch(self.url + "4/", data={"cvssv3": "happy little vector", "cvssv3_score": 3})
             self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
-            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS vectors found by cvss.parse_cvss_from_text()"])
+            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS3 vectors found by cvss.parse_cvss_from_text()"])
             finding = Finding.objects.get(id=4)
             # invalid vector, so no calculated score and no score stored
             self.assertEqual(None, finding.cvssv3)
             self.assertEqual(None, finding.cvssv3_score)
 
-        with self.subTest(i=7):
-            # CVSS4 prefix makes it invalid
-            result = self.client.patch(self.url + "3/", data={"cvssv3": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvssv3_score": 7})
+        with self.subTest(i=8):
+            # CVSS4 in cvssv3 field
+            result = self.client.patch(self.url + "3/", data={"cvssv3": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N", "cvssv3_score": 7})
             self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
-            self.assertEqual(result.json()["cvssv3"], ["No valid CVSS vectors found by cvss.parse_cvss_from_text()"])
+            self.assertEqual(result.json()["cvssv3"], ["CVSS4 vector cannot be stored in the cvssv3 field. Use the cvssv4 field."])
             finding = Finding.objects.get(id=3)
             # invalid vector, so no calculated score and no score stored
             self.assertEqual(None, finding.cvssv3)
             self.assertEqual(None, finding.cvssv3_score)
 
+    def test_cvss4_validation(self):
+        self.maxDiff = None
+        with self.subTest(i=0):
+            self.assertEqual(None, Finding.objects.get(id=2).cvssv3)
+            result = self.client.patch(self.url + "2/", data={"cvssv4": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green/MAV:A/MAC:H/MAT:P/MPR:L/MUI:P/MVC:L/MVI:L/MVA:L/MSC:L/MSI:H/MSA:H/CR:M/IR:M/AR:M/E:A", "cvssv4_score": 3})
+            self.assertEqual(result.status_code, status.HTTP_200_OK)
+            finding = Finding.objects.get(id=2)
+            # valid so vector must be set and score calculated overrides the provided score
+            self.assertEqual("CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green/MAV:A/MAC:H/MAT:P/MPR:L/MUI:P/MVC:L/MVI:L/MVA:L/MSC:L/MSI:H/MSA:H/CR:M/IR:M/AR:M/E:A", finding.cvssv4)
+            self.assertEqual(2.3, finding.cvssv4_score)
+
+        with self.subTest(i=1):
+            result = self.client.patch(self.url + "5/", data={"cvssv4": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green/MAV:A/MAC:H/MAT:P/MPR:L/MUI:P/MVC:L/MVI:L/MVA:L/MSC:L/MSI:H/MSA:H/CR:M/IR:M/AR:M/E:A"})
+            self.assertEqual(result.status_code, status.HTTP_200_OK)
+            finding = Finding.objects.get(id=5)
+            # valid so vector must be set and score calculated
+            self.assertEqual("CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green/MAV:A/MAC:H/MAT:P/MPR:L/MUI:P/MVC:L/MVI:L/MVA:L/MSC:L/MSI:H/MSA:H/CR:M/IR:M/AR:M/E:A", finding.cvssv4)
+            self.assertEqual(2.3, finding.cvssv4_score)
+
+        with self.subTest(i=2):
+            # extra slash makes it invalid
+            result = self.client.patch(self.url + "3/", data={"cvssv4": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green/MAV:A/MAC:H/MAT:P/MPR:L/MUI:P/MVC:L/MVI:L/MVA:L/MSC:L/MSI:H/MSA:H/CR:M/IR:M/AR:M/E:A/", "cvssv4_score": 3})
+            self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
+            finding = Finding.objects.get(id=3)
+            self.assertEqual(result.json()["cvssv4"], ["No valid CVSS4 vectors found by cvss.parse_cvss_from_text()"])
+            # invalid vector, so no calculated score and no score stored
+            self.assertEqual(None, finding.cvssv3)
+            self.assertEqual(None, finding.cvssv3_score)
+
+        with self.subTest(i=3):
+            # no CVSS version prefix makes it invalid
+            result = self.client.patch(self.url + "3/", data={"cvssv4": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N", "cvssv4_score": 4})
+            self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
+            finding = Finding.objects.get(id=3)
+            self.assertEqual(result.json()["cvssv4"], ["No valid CVSS4 vectors found by cvss.parse_cvss_from_text()"])
+            # invalid vector, so no calculated score and no score stored
+            self.assertEqual(None, finding.cvssv3)
+            self.assertEqual(None, finding.cvssv3_score)
+
+        with self.subTest(i=5):
+            # CVSS2 style vector makes not supported
+            result = self.client.patch(self.url + "3/", data={"cvssv4": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvssv4_score": 6})
+            self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
+            self.assertEqual(result.json()["cvssv4"], ["Unsupported CVSS2 version detected."])
+            finding = Finding.objects.get(id=3)
+            # invalid vector, so no calculated score and no score stored
+            self.assertEqual(None, finding.cvssv4)
+            self.assertEqual(None, finding.cvssv4_score)
+
+        with self.subTest(i=6):
+            # CVSS2 prefix makes it invalid
+            result = self.client.patch(self.url + "3/", data={"cvssv4": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvssv4_score": 7})
+            self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
+            self.assertEqual(result.json()["cvssv4"], ["No valid CVSS4 vectors found by cvss.parse_cvss_from_text()"])
+            finding = Finding.objects.get(id=3)
+            # invalid vector, so no calculated score and no score stored
+            self.assertEqual(None, finding.cvssv4)
+            self.assertEqual(None, finding.cvssv4_score)
+
+        with self.subTest(i=7):
+            # try to put rubbish in there
+            result = self.client.patch(self.url + "4/", data={"cvssv4": "happy little vector", "cvssv4_score": 3})
+            self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
+            self.assertEqual(result.json()["cvssv4"], ["No valid CVSS4 vectors found by cvss.parse_cvss_from_text()"])
+            finding = Finding.objects.get(id=4)
+            # invalid vector, so no calculated score and no score stored
+            self.assertEqual(None, finding.cvssv4)
+            self.assertEqual(None, finding.cvssv4_score)
+
+        with self.subTest(i=8):
+            # CVSS3 in CVSS4 field
+            result = self.client.patch(self.url + "3/", data={"cvssv4": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvssv4_score": 7})
+            self.assertEqual(result.status_code, status.HTTP_400_BAD_REQUEST)
+            self.assertEqual(result.json()["cvssv4"], ["CVSS3 vector cannot be stored in the cvssv4 field. Use the cvssv3 field."])
+            finding = Finding.objects.get(id=3)
+            # invalid vector, so no calculated score and no score stored
+            self.assertEqual(None, finding.cvssv4)
+            self.assertEqual(None, finding.cvssv4_score)
+
 
 class FindingMetadataTest(BaseClass.BaseClassTest):
     fixtures = ["dojo_testdata.json"]
diff --git a/unittests/tools/test_auditjs_parser.py b/unittests/tools/test_auditjs_parser.py
index 90b7fed3f29..840e577fb30 100644
--- a/unittests/tools/test_auditjs_parser.py
+++ b/unittests/tools/test_auditjs_parser.py
@@ -21,7 +21,7 @@ def test_auditjs_parser_with_one_criticle_vuln_has_one_findings(self):
             self.assertEqual(1, len(findings))
             self.assertEqual("mysql", findings[0].component_name)
             self.assertEqual("2.0.0", findings[0].component_version)
-            self.assertEqual(9.6, findings[0].cvssv3_score)
+            # self.assertEqual(9.6, findings[0].cvssv3_score) # score is only set after saving
             self.assertEqual("Critical", findings[0].severity)
             self.assertEqual("CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", findings[0].cvssv3)
             self.assertEqual("da5a3b11-c75b-48e7-9c28-1123f0a492bf", findings[0].unique_id_from_tool)
@@ -45,14 +45,17 @@ def test_auditjs_parser_with_many_vuln_has_many_findings(self):
             # Tests for vulnerabilities with CVSS V4 vector
             self.assertEqual("dompurify", findings[0].component_name)
             self.assertEqual("2.5.7", findings[0].component_version)
-            self.assertEqual(6.4, findings[0].cvssv3_score)
+            # self.assertEqual(None, findings[0].cvssv3_score)
+            # self.assertEqual(6.4, findings[0].cvssv4_score)
             self.assertEqual("Medium", findings[0].severity)
-            self.assertEqual(2.1, findings[1].cvssv3_score)
+            # self.assertEqual(None, findings[1].cvssv3_score)
+            # self.assertEqual(2.1, findings[1].cvssv4_score)
             self.assertEqual("Low", findings[1].severity)
             self.assertEqual("CVE-2024-47875", findings[0].unique_id_from_tool)
             self.assertIn("DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was...",
                 findings[0].description)
-            self.assertIn("\nCVSS V4 Vector:", findings[0].description)
+            self.assertEqual("CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:H/SA:L", findings[0].cvssv4)
+            self.assertEqual("CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", findings[1].cvssv4)
             self.assertEqual("[CVE-2024-47875] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                 findings[0].title)
             self.assertEqual(1, len(findings[0].unsaved_vulnerability_ids))
@@ -63,7 +66,8 @@ def test_auditjs_parser_with_many_vuln_has_many_findings(self):
             # Tests for vulnerabilities with CVSS V3 vector
             self.assertEqual("connect", findings[2].component_name)
             self.assertEqual("2.6.0", findings[2].component_version)
-            self.assertEqual(5.4, findings[2].cvssv3_score)
+            # self.assertEqual(5.4, findings[2].cvssv3_score)
+            # self.assertEqual(None, findings[2].cvssv4_score)
             self.assertEqual("Medium", findings[2].severity)
             self.assertEqual("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", findings[2].cvssv3)
             self.assertEqual("7df31426-09a2-4b5f-a0ab-acc699023c57", findings[2].unique_id_from_tool)
@@ -80,7 +84,8 @@ def test_auditjs_parser_with_many_vuln_has_many_findings(self):
             # Tests for vulnerabilities with CVSS V2 vector
             self.assertEqual("qs", findings[7].component_name)
             self.assertEqual("0.5.1", findings[7].component_version)
-            self.assertEqual(5, findings[7].cvssv3_score)
+            # self.assertEqual(None, findings[7].cvssv3_score)
+            # self.assertEqual(None, findings[7].cvssv4_score)
             self.assertEqual("Medium", findings[7].severity)
             self.assertEqual("3a3bf289-21dc-4c84-a46e-39280f80bb01", findings[7].unique_id_from_tool)
             self.assertIn("The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows...", findings[7].description)
diff --git a/unittests/tools/test_ptart_parser.py b/unittests/tools/test_ptart_parser.py
index 1a82dbd6bad..bc22e7dda90 100644
--- a/unittests/tools/test_ptart_parser.py
+++ b/unittests/tools/test_ptart_parser.py
@@ -59,42 +59,6 @@ def test_ptart_parser_tools_parse_title_from_hit(self):
         with self.subTest("Non-blank Title and Blank id"):
             self.assertEqual("Test Title", parse_title_from_hit({"title": "Test Title", "id": ""}))
 
-    def test_ptart_parser_tools_cvss_vector_acquisition(self):
-        from dojo.tools.ptart.ptart_parser_tools import parse_cvss_vector
-        with self.subTest("Test CVSSv3 Vector"):
-            hit = {
-                "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
-            }
-            self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", parse_cvss_vector(hit, 3))
-        with self.subTest("Test CVSSv4 Vector"):
-            hit = {
-                "cvss_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N",
-            }
-            self.assertEqual(None, parse_cvss_vector(hit, 4))
-        with self.subTest("Test CVSSv3 Vector with CVSSv4 Request"):
-            hit = {
-                "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
-            }
-            self.assertEqual(None, parse_cvss_vector(hit, 4))
-        with self.subTest("Test CVSSv4 Vector with CVSSv3 Request"):
-            hit = {
-                "cvss_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N",
-            }
-            self.assertEqual(None, parse_cvss_vector(hit, 3))
-        with self.subTest("Test No CVSS Vector"):
-            hit = {}
-            self.assertEqual(None, parse_cvss_vector(hit, 3))
-        with self.subTest("Test CVSSv2 Vector"):
-            hit = {
-                "cvss_vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C",
-            }
-            self.assertEqual(None, parse_cvss_vector(hit, 2))
-        with self.subTest("Test Blank CVSS Vector"):
-            hit = {
-                "cvss_vector": "",
-            }
-            self.assertEqual(None, parse_cvss_vector(hit, 3))
-
     def test_ptart_parser_tools_retest_fix_status_parse(self):
         from dojo.tools.ptart.ptart_parser_tools import parse_retest_status
         with self.subTest("Fixed"):