CVSSv3 01/25/2022

CVSSv3 Base

≤10
≤20
≤30
≤423
≤511
≤614
≤723
≤88
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤424
≤510
≤616
≤723
≤85
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤422
≤512
≤614
≤723
≤87
≤93
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤54
≤63
≤72
≤88
≤92
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1915986.36.3
 
6.3
 
 
Jupyter Server Proxy server-side request forgery0.00CVE-2022-21697
1915976.36.3
 
 
 
 
LibreCAD jwwlib buffer overflow0.00CVE-2021-45342
1915966.36.3
 
 
 
 
LibreCAD jwwlib buffer overflow0.09CVE-2021-45341
1915953.53.5
 
 
 
 
uscat Close Registration Information Input Box cross site scripting0.00CVE-2021-46084
1915943.53.5
 
 
 
 
uscat Statistics cross site scripting0.00CVE-2021-46083
1915934.02.4
 
5.7
 
 
getgrav cross site scripting0.00CVE-2022-0268
1915923.53.5
 
 
 
 
ForestBlog Nickname Input Box cross site scripting0.07CVE-2021-46034
1915916.45.3
 
7.5
 
 
Nextcloud App sql injection0.00CVE-2021-43863
1915907.67.5
 
7.8
 
 
Parallels Desktop memory allocation0.00CVE-2021-34869
1915897.67.5
 
7.8
 
 
Parallels Desktop Toolgate memory allocation0.18CVE-2021-34868
1915888.28.8
 
7.5
 
 
Parallels Desktop Toolgate memory allocation0.09CVE-2021-34867
1915873.53.5
 
 
 
 
jfinal_cms Background System cross site scripting0.00CVE-2021-46087
1915863.53.5
 
 
 
 
OneBlog permission0.00CVE-2021-46085
1915855.55.5
 
 
 
 
ForestBlog Verification unrestricted upload0.00CVE-2021-46033
1915847.25.3
 
9.1
 
 
adodb authentication bypass0.08CVE-2021-3850
1915834.34.3
 
 
 
 
Slic3r libslic3r 3MF Parser denial of service0.09CVE-2021-45847
1915824.34.3
 
 
 
 
Slic3r libslic3r AMF Document denial of service0.00CVE-2021-45846
1915816.36.3
 
 
 
 
FreeCAD Path Sanity Check Script os command injection0.00CVE-2021-45845
1915806.36.3
 
 
 
 
FreeCAD ODA File Converter os command injection0.09CVE-2021-45844
1915796.36.3
 
 
 
 
MartDevelopers iResturant Reservation sql injection0.09CVE-2021-45803
1915786.36.3
 
 
 
 
MartDevelopers iResturant Membership Registration sql injection0.00CVE-2021-45802
1915775.44.3
 
6.5
 
 
Netgear XR1000 SOAP Message missing authentication0.08CVE-2021-34870
1915768.88.8
 
8.8
 
 
Netgear R7450 mini_httpd improper authentication0.09CVE-2021-34865
1915758.88.8
 
 
 
 
JeecgBoot sql injection0.27CVE-2021-46089
1915745.45.4
 
 
 
 
xzs-mysql Font End permission0.09CVE-2021-46086
1915734.34.3
 
 
 
 
LibreCad DXF Document null pointer dereference0.00CVE-2021-45343
1915723.53.5
 
 
 
 
libsixel PICT File stb_image.h null pointer dereference0.00CVE-2021-45340
1915715.55.5
 
 
 
 
Xen IRQ Management use after free0.00CVE-2022-23035
1915706.36.3
 
 
 
 
Apache ShenYu API plugin authorization0.09CVE-2022-23944
1915693.53.5
 
 
 
 
Xen IOMMU integer underflow0.00CVE-2022-23034
1915686.36.3
 
 
 
 
Apache ShenYu Groovy/SpEL code injection0.00CVE-2021-45029
1915674.64.6
 
 
 
 
Xen p2m Mapping guest_physmap_remove_page memory corruption0.00CVE-2022-23033
1915664.34.3
 
 
 
 
Apache ShenYu authorization0.00CVE-2022-23945
1915653.53.5
 
 
 
 
Apache ShenYu HTTP Response insufficiently protected credentials0.07CVE-2022-23223
1915646.36.3
 
 
 
 
MartDevelopers KEA-Hotel-ERP unrestricted upload0.00CVE-2021-46113
1915635.55.5
 
 
 
 
ExifTool ExifTool.pm Privilege Escalation0.18CVE-2022-23935
1915625.36.3
 
4.3
 
 
loguru privileges management0.18CVE-2022-0338
1915613.13.1
 
 
 
 
CosaNostra Builder WebPanel hash without salt0.00
1915606.36.3
 
 
 
 
CosaNostra Builder permission0.00
1915597.37.3
 
 
 
 
Backdoor.Win32.FTP.Lana.01.d Service Port 6666 hard-coded password0.09
1915587.37.3
 
 
 
 
Backdoor.Win32.FTP99 Service Port 1492 hard-coded password0.00
1915576.36.3
 
 
 
 
Backdoor.Win32.Agent.uq permission0.04
1915564.34.3
 
 
 
 
Backdoor.Win32.FTP.Lana.01.d Service Port 6666 information disclosure0.00
1915555.35.3
 
 
 
 
Backdoor.Win32.FTP99 Service Port 1492 information disclosure0.00
1915546.36.3
 
 
 
 
Backdoor.Win32.DRA.c Service Port 3119 hard-coded password0.00
1915534.34.3
 
 
 
 
CosaNostra Builder WebPanel cross-site request forgery0.07
1915527.37.3
 
 
 
 
Backdoor.Win32.Hanuman.b Service Port 3333 backdoor0.05
1915514.54.3
 
4.7
 
 
ShortDescription cross site scripting0.00CVE-2022-21710
1915505.74.3
 
7.1
 
 
mrdoob three.js cross site scripting0.00CVE-2022-0177
1915493.53.5
 
 
 
 
Jerryscript jmem-heap.c allocation of resources0.00CVE-2021-44994

32 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!