CVSSv3 01/05/2022

CVSSv3 Base

≤10
≤20
≤31
≤43
≤52
≤64
≤74
≤85
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤43
≤52
≤64
≤76
≤83
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤47
≤53
≤62
≤71
≤87
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤21
≤30
≤40
≤50
≤61
≤73
≤83
≤93
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1897085.55.5
 
 
 
 
Django Filename Storage.save pathname traversal0.00+CVE-2021-45452
1897073.53.5
 
 
 
 
Django Template Language information disclosure0.00+CVE-2021-45116
1897063.53.5
 
 
 
 
Django User Registration UserAttributeSimilarityValidator denial of service0.00+CVE-2021-45115
1897053.53.5
 
 
 
 
Fluxbb cross site scripting0.00+CVE-2021-43677
1897047.37.3
 
 
 
 
Facebook WhatsApp/WhatsApp Business/WhatsApp Desktop Call heap-based overflow0.06+CVE-2021-24042
1897037.77.3
 
8.2
 
 
uppy server-side request forgery0.06+CVE-2022-0086
1897023.04.7
 
1.3
 
 
ws-scrcpy file inclusion0.00+CVE-2021-3845
1897015.53.5
 
7.6
 
 
Convos SVG Extension cross site scripting0.06+CVE-2022-21650
1897005.53.5
 
7.6
 
 
Convos Link cross site scripting0.06+CVE-2022-21649
1896997.87.8
 
 
 
 
Netskope XPC access control0.06+CVE-2021-41388
1896985.13.5
 
6.8
 
 
Discourse _diagnostics denial of service0.16+CVE-2021-43850
1896974.83.7
 
5.9
 
 
PJSIP Lock locking0.16+CVE-2021-41141
1896968.67.3
 
10.0
 
 
Spinnaker Gate Endpoint missing authentication0.16+CVE-2021-43832
1896956.46.3
 
6.6
 
 
Spinnaker Google AppEngine path traversal0.16+CVE-2021-39143
1896944.62.4
 
6.9
 
 
OroPlatform Email Template Preview cross site scripting0.33+CVE-2021-41236
1896936.24.3
 
8.2
 
 
Latte Template Sandbox cross site scripting0.33+CVE-2022-21648
1896928.67.3
 
10.0
 
 
USOC register.php sql injection0.38+CVE-2022-21643
1896916.94.7
 
9.1
 
 
USOC Search usersearch.php sql injection0.49+CVE-2022-21644
1896906.65.6
 
7.7
 
 
CodeIgniter old deserialization0.38+CVE-2022-21647
1896898.07.3
 
8.8
 
 
OroPlatform Prototype injection0.44+CVE-2021-43852
1896887.17.1
 
 
 
 
VMware ESXi/Fusion/Workstation CD-ROM Device Emulation heap-based overflow0.44+CVE-2021-22045

Interested in the pricing of exploits?

See the underground prices here!