CVSSv3 01/18/2022

CVSSv3 Base

≤10
≤20
≤30
≤44
≤53
≤67
≤712
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤44
≤53
≤612
≤77
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤44
≤54
≤67
≤79
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤52
≤63
≤73
≤83
≤92
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1906626.36.3
 
 
 
 
Apache Log4j JMSSink deserialization0.83CVE-2022-23302
1906617.87.8
 
 
 
 
FreeBSD buffer overflow0.09CVE-2021-29632
1906607.57.5
 
 
 
 
Linux Kernel Unix Domain Socket File close use after free0.07CVE-2021-4083
1906595.96.3
 
5.4
 
 
IBM Cloud Pak for Automation Business Automation Studio access control0.00CVE-2021-29872
1906586.55.3
 
7.8
 
 
NVIDIA Shield TV nvmap access control0.00CVE-2021-34401
1906576.36.3
 
 
 
 
SourceCodester Free School Management Software unrestricted upload0.00CVE-2021-46013
1906564.93.5
 
6.4
 
 
ProfileGrid Plugin class-profile-magic-admin.php cross site scripting0.00CVE-2022-0233
1906553.62.4
 
4.8
 
 
User Registration, Login & Landing Pages Plugin landing-page.php cross site scripting0.00CVE-2022-0232
1906543.62.4
 
4.8
 
 
Random Banner Plugin model.php cross site scripting0.00CVE-2022-0210
1906536.54.3
 
8.8
 
 
Crisp Live Chat Plugin crisp.php crisp_plugin_settings_page cross-site request forgery0.00CVE-2021-43353
1906524.93.5
 
6.4
 
 
WHMCS Bridge Plugin bridge_cp.php cc_whmcs_bridge_add_admin cross site scripting0.05CVE-2021-4074
1906516.45.3
 
7.5
 
 
WP Import Export Plugin class-wpie-general.php wpie_process_file_download authorization0.00CVE-2022-0236
1906506.54.3
 
8.8
 
 
Login Signup Popup Plugin class-xoo-admin-settings.php save_settings cross-site request forgery0.05CVE-2022-0215
1906495.75.7
 
 
 
 
Allwinner R818 SoC Android Q SDK Camera Driver cedar_dev null pointer dereference0.04CVE-2021-38785
1906485.75.7
 
 
 
 
Allwinner R818 SoC Android Q SDK open_exec null pointer dereference0.08CVE-2021-38784
1906475.55.5
 
 
 
 
Allwinner R818 SoC Android Q SDK Camera Driver cedar_dev out-of-bounds read0.04CVE-2021-38783
1906466.36.3
 
 
 
 
SoftVibe SARABAN for INFOMA sql injection0.00CVE-2021-38694
1906456.36.3
 
 
 
 
China Mobile An Lianbao WF-1 Web Interface set_ZRMesh command injection0.04CVE-2021-33965
1906445.55.3
 
5.7
 
 
Google Fuchsia Kernel mmu_flags_to_s1_pte_attr permission0.14CVE-2021-22566
1906436.36.3
 
 
 
 
Spipu HTML2PDF Link Tag deserialization0.00CVE-2021-45394
1906426.36.3
 
 
 
 
China Mobile An Lianbao WF-1 Web Interface set_firewall_level command injection0.00CVE-2021-33964
1906415.04.3
 
5.7
 
 
livehelperchat cross-site request forgery0.00CVE-2022-0245
1906406.36.3
 
 
 
 
Zoho ManageEngine Desktop Central ZIP Archive improper authentication0.00CVE-2021-44757
1906395.94.7
 
7.2
 
 
crater-invoice crater unrestricted upload0.08CVE-2022-0242
1906383.53.5
 
 
 
 
FuturePress EPub.js iframe.js cross site scripting0.00CVE-2021-33040
1906373.53.5
 
 
 
 
Stormshield SSO Agent Installer log file0.00CVE-2022-22703
1906365.55.5
 
 
 
 
Apache Knox SSO Request Parameter redirect0.00CVE-2021-42357
1906356.36.3
 
6.3
 
 
IBM FileNet Content Manager Privilege Escalation0.00CVE-2021-38965

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!