CVSSv3 February 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤345
≤4347
≤5308
≤6524
≤7421
≤8155
≤9119
≤1026

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤351
≤4353
≤5307
≤6662
≤7322
≤8129
≤994
≤1026

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤22
≤365
≤4340
≤5414
≤6467
≤7399
≤8133
≤9102
≤1023

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤56
≤68
≤73
≤824
≤94
≤1011

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤37
≤452
≤556
≤686
≤7128
≤8216
≤994
≤1046

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤52
≤610
≤74
≤829
≤96
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤101

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDCNAVendResVulnerabilityCTICVE
02/28/20225.55.5
 
 
 
 
David Brackeen ok-file-formats ok_jpg.c ok_jpg_generate_huffman_table heap-based overflow0.04CVE-2021-44340
02/28/20225.55.5
 
 
 
 
David Brackeen ok-file-formats ok_png.c ok_png_transform_scanline heap-based overflow0.02CVE-2021-44339
02/28/20225.55.5
 
 
 
 
David Brackeen ok-file-formats ok_jpg.c ok_jpg_convert_YCbCr_to_RGB heap-based overflow0.10CVE-2021-44334
02/28/20223.73.7
 
 
 
 
Cherwell Service Management missing secure attribute0.09CVE-2022-26157
02/28/20223.53.5
 
 
 
 
Cherwell Service Management HTTP Request cross site scripting0.04CVE-2022-26155
02/28/20225.55.5
 
 
 
 
Cherwell Service Management HTTP Request injection0.07CVE-2022-26158
02/28/20225.55.5
 
 
 
 
Cherwell Service Management Web Application injection0.07CVE-2022-26156
02/28/20225.55.5
 
 
 
 
ARM astcenc Compression astcenc_compress_symbolic.cpp encode_ise stack-based overflow0.06CVE-2021-43086
02/28/20223.53.5
 
 
 
 
Byteball Obyte Wallet Chat Message cross site scripting0.00CVE-2022-25642
02/28/20225.34.3
 
6.3
 
 
CodeIgniter cross-site request forgery0.04CVE-2022-24712
02/28/20228.37.3
 
9.4
 
 
CodeIgniter HTTP Request input validation0.00CVE-2022-24711
02/28/20222.42.4
 
 
 
 
Car Driving School Management System User Enrollment Form cross site scripting0.06CVE-2022-24572
02/28/20226.36.3
 
 
 
 
Car Driving School Management System Login Page sql injection0.03CVE-2022-24571
02/28/20224.34.3
 
 
 
 
HashiCorp Nomad/Nomad Enterprise resource consumption0.00CVE-2022-24685
02/28/20227.97.3
 
8.6
 
 
rudloff alltube server-side request forgery0.04CVE-2022-0768
02/28/20224.34.3
 
 
 
 
WP Visitor Statistics Plugin AJAX Action updateIpAddress cross-site request forgery0.00CVE-2021-25042
02/28/20224.34.3
 
 
 
 
Post Snippets Plugin Import cross-site request forgery0.03CVE-2021-25010
02/28/20222.42.4
 
 
 
 
WS Form Lite Plugin/WS Form Pro Plugin Form Name cross site scripting0.05CVE-2022-23987
02/28/20223.53.5
 
 
 
 
Testimonial Plugin Attribute cross site scripting0.03CVE-2022-23912
02/28/20222.42.4
 
 
 
 
WP Ultimate CSV Importer Plugin Comment cross site scripting0.06CVE-2022-0360
02/28/20224.34.3
 
 
 
 
Customize Emails and Alerts Plugin AJAX Action bnfw_search_users cross-site request forgery0.15CVE-2022-0345
02/28/20224.34.3
 
 
 
 
Simple Membership Plugin Member Delete cross-site request forgery0.11CVE-2022-0328
02/28/20223.53.5
 
 
 
 
WP RSS Aggregator Plugin AJAX Action wprss_fetch_items_row_action cross site scripting0.02CVE-2022-0189
02/28/20223.53.5
 
 
 
 
WP Accessibility Helper Plugin cross site scripting0.00CVE-2022-0150
02/28/20222.42.4
 
 
 
 
WP-Paginate Plugin cross site scripting0.05CVE-2021-4222
02/28/20223.53.5
 
 
 
 
WHMCS Bridge Plugin Admin Dashboard cross site scripting0.03CVE-2021-25112
02/28/20223.53.5
 
 
 
 
WP User Plugin wp_user Shortcode cross site scripting0.04CVE-2021-25034
02/28/20226.36.3
 
 
 
 
Custom Font Uploader Plugin CSS authorization0.08CVE-2021-24977
02/28/20223.53.5
 
 
 
 
Dynamic Widgets Plugin AJAX Action term_tree cross site scripting0.05CVE-2021-24933
02/28/20222.42.4
 
 
 
 
StatCounter Plugin Setting cross site scripting0.00CVE-2021-24920
02/28/20224.34.3
 
 
 
 
Logo Showcase with Slick Slider Plugin AJAX Action lswss_save_attachment_data cross-site request forgery0.16CVE-2021-24913
02/28/20222.42.4
 
 
 
 
GRAND FlaGallery Plugin Gallery Setting cross site scripting0.05CVE-2021-24903
02/28/20222.42.4
 
 
 
 
Security Audit Plugin Setting cross site scripting0.00CVE-2021-24901
02/28/20222.42.4
 
 
 
 
EditableTable Plugin cross site scripting0.05CVE-2021-24898
02/28/20224.34.3
 
 
 
 
Core Tweaks WP Setup Plugin cross-site request forgery0.17CVE-2021-24803
02/28/20225.55.5
 
 
 
 
Logo Showcase with Slick Slider Plugin AJAX Action lswss_save_attachment_data access control0.07CVE-2021-24730
02/28/20226.36.3
 
 
 
 
Orange Form Plugin or_delete_filed access control0.03CVE-2021-24688
02/28/20226.36.3
 
 
 
 
Testimonial Plugin SQL Statement sql injection0.04CVE-2022-23911
02/28/20226.36.3
 
 
 
 
Asgaros Forum Plugin REST sql injection0.04CVE-2022-0411
02/28/20224.64.6
 
 
 
 
LearnPress Plugin Image File file inclusion0.10CVE-2022-0377
02/28/20223.53.5
 
 
 
 
WP Responsive Menu Plugin AJAX Action wpr_live_update cross site scripting0.03CVE-2021-24971
02/28/20226.36.3
 
 
 
 
WP Cloudy Plugin Admin Dashboard sql injection0.03CVE-2021-24864
02/28/20222.42.4
 
 
 
 
Drag & Drop Contact Form Builder Plugin path traversal0.02CVE-2021-24689
02/28/20223.53.5
 
 
 
 
15Zine Theme AJAX Action cb_s_a cross site scripting0.07CVE-2020-36510
02/28/20224.34.3
 
 
 
 
WS Form Lite Plugin/WS Form Pro Plugin cross site scripting0.00CVE-2022-23988
02/28/20224.34.3
 
 
 
 
Crazy Bone Plugin Login Form cross site scripting0.03CVE-2022-0385
02/28/20224.34.3
 
 
 
 
Migration, Backup, Staging Plugin Admin Page cross site scripting0.03CVE-2021-24994
02/28/20227.37.3
 
 
 
 
TI WooCommerce Wishlist Plugin REST Endpoint remove_product sql injection0.03CVE-2022-0412
02/28/20224.74.7
 
 
 
 
WP Review Slider Plugin sql injection0.03CVE-2022-0383
02/28/20223.53.5
 
 
 
 
Yoast SEO Plugin REST Endpoint posts information disclosure0.08CVE-2021-25118

1895 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!