fix(nvd): handle 'unknown' score value and prevent ValueError

[JigyasuRajput]

Fixes #4675

Description:

• The issue arises when the score field in a CVE entry is set to "unknown", which causes an error while trying to convert it to a float.

Changes made:

• Introduced a check to handle the "unknown" score value before attempting to convert it to a float.
• If the score is "unknown", it is set to "invalid", preventing the ValueError and allowing the CVE processing to continue.
• This ensures the CVE is processed even if no CVSS score is allocated.

[JigyasuRajput]

Hey! @terriko,

Is there anything I need to change or improve? Let me know if any further modifications are required. Thanks!

[terriko]

I suspect we want to be able to tell the difference between a score being listed as unknown (which typically means it hasn't been set and may not have been reviewed) vs invalid (which means it was set incorrectly).

Can you swap this so the unknowns don't get overwritten to be invalid?

[JigyasuRajput]

Thanks for the feedback! I've updated the logic to ensure that 'unknown' scores remain unchanged. Now, the conversion attempt only happens for scores that are not 'unknown', and any truly invalid values are still handled properly.

[terriko]

Merge time! Thank you for working on this!