CVSSv3 02/04/2022

CVSSv3 Base

≤10
≤20
≤30
≤439
≤51
≤652
≤79
≤83
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤440
≤50
≤654
≤77
≤83
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤439
≤52
≤654
≤76
≤83
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤82
≤91
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤101

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1923095.55.5
 
 
 
 
Shibboleth OIDC OP Plugin server-side request forgery0.00CVE-2022-24129
1923083.53.5
 
 
 
 
Codex JSON File cross site scripting0.00CVE-2021-43635
1923076.45.3
 
7.5
 
 
object-path-set before setPath code injection0.00CVE-2021-23507
1923067.77.3
 
8.2
 
 
putil-merge Remote Code Execution0.04CVE-2021-23470
1923055.55.5
 
 
 
 
Voipmonitor GUI access control0.04CVE-2022-24260
1923043.53.5
 
 
 
 
GPAC box_code_base.c xtra_box_write null pointer dereference0.07CVE-2022-24249
1923033.53.5
 
 
 
 
VirusTotal YARA libyara.c yr_set_configuration buffer overflow0.04CVE-2021-45429
1923025.35.3
 
 
 
 
Northstar Club Management fileManagerObjects.jsp path traversal0.08CVE-2021-29398
1923017.37.3
 
 
 
 
Northstar Club Management improper authentication0.03CVE-2021-29396
1923006.36.3
 
 
 
 
Northstar Club Management HTTP POST Request changePassword.jsp improper authorization0.09CVE-2021-29394
1922995.35.3
 
 
 
 
Northstar Club Management download.jsp path traversal0.00CVE-2021-29395
1922987.37.3
 
 
 
 
Northstar Club Management cominput.jsp injection0.09CVE-2021-29393
1922976.45.3
 
7.5
 
 
strikeentco set type confusion0.04CVE-2021-23497
1922968.88.8
 
 
 
 
Voipmonitor GUI Config Restore Privilege Escalation0.04CVE-2022-24262
1922953.73.7
 
 
 
 
Northstar Club Management login.jsp cleartext transmission0.04CVE-2021-29397
1922946.36.3
 
 
 
 
Voipmonitor GUI cdr.php access control0.00CVE-2022-24259
1922936.36.3
 
 
 
 
Linux Kernel dir.c nfs_atomic_open memory corruption0.00CVE-2022-24448
1922925.55.5
 
 
 
 
SeedDMS out.Login.php redirect0.00CVE-2021-45408
1922916.94.3
 
 
 
9.6Filebrowser cross-site request forgery0.00CVE-2021-46398
1922903.53.5
 
 
 
 
iCMS pathname traversal0.00CVE-2021-44977
1922895.55.5
 
 
 
 
Zammad Ticket Notification permission0.00CVE-2021-44886
1922885.55.5
 
 
 
 
Zammad LDAP Configuration improper authorization0.00CVE-2021-43145
1922876.36.3
 
 
 
 
iCMS Custom Template Privilege Escalation0.00CVE-2021-44978
1922863.53.5
 
 
 
 
taocms File Management information disclosure0.05CVE-2021-44983
1922855.55.5
 
 
 
 
MSI App Player IOCTL Request NTIOLib_X64.sys access control0.08CVE-2021-44900
1922845.55.5
 
 
 
 
OpenZeppelin Contract Creation initialization0.00CVE-2021-46320
1922835.55.5
 
 
 
 
MSI Center Pro IOCTL Request atidgllk.sys access control0.00CVE-2021-44903
1922825.55.5
 
 
 
 
MSI Dragon Center IOCTL Request atidgllk.sys access control0.07CVE-2021-44901
1922815.55.5
 
 
 
 
MSI Center IOCTL Request atidgllk.sys access control0.03CVE-2021-44899
1922803.53.5
 
 
 
 
taocms path traversal0.08CVE-2022-23316
1922795.55.5
 
 
 
 
D-Link DIR-823-Pro ChgSambaUserSettings command injection0.00CVE-2021-46457
1922785.55.5
 
 
 
 
Mastodon JSON-LD access control0.00CVE-2022-24307
1922775.55.5
 
 
 
 
D-Link DIR-882 HNAP1 POST Request command injection0.05CVE-2021-45998
1922765.55.5
 
 
 
 
Tenda G1 formSetPppoeServer command injection0.00CVE-2022-24171
1922755.55.5
 
 
 
 
Tenda G1/G3 formSetIpGroup command injection0.04CVE-2022-24168
1922745.55.5
 
 
 
 
Tenda G1/G3 formSetDMZ command injection0.00CVE-2022-24167
1922733.53.5
 
 
 
 
Tenda G1/G3 formSetSysTime stack-based overflow0.00CVE-2022-24166
1922725.55.5
 
 
 
 
Tenda G1/G3 formSetQvlanList command injection0.00CVE-2022-24165
1922713.53.5
 
 
 
 
G1/G3 formSetVirtualSer stack-based overflow0.00CVE-2022-24164
1922703.53.5
 
 
 
 
Tenda AX3 fromSetSysTime stack-based overflow0.04CVE-2022-24163
1922695.55.5
 
 
 
 
Tenda AX3 saveParentControlInfo stack-based overflow0.00CVE-2022-24162
1922683.53.5
 
 
 
 
Tenda AX3 GetParentControlInfo denial of service0.00CVE-2022-24161
1922673.53.5
 
 
 
 
Tenda AX3 formSetDeviceName stack-based overflow0.04CVE-2022-24160
1922663.53.5
 
 
 
 
Tenda AX3 formSetPPTPServer stack-based overflow0.00CVE-2022-24159
1922653.53.5
 
 
 
 
Tenda AX3 formSetMacFilterCfg stack-based overflow0.03CVE-2022-24157
1922643.53.5
 
 
 
 
Tenda AX3 formSetVirtualSer stack-based overflow0.00CVE-2022-24156
1922633.53.5
 
 
 
 
Tenda AX3 setSchedWifi heap-based overflow0.03CVE-2022-24155
1922623.53.5
 
 
 
 
Tenda AX3 formSetRebootTimer stack-based overflow0.00CVE-2022-24154
1922615.55.5
 
 
 
 
Tenda AX3 formAddMacfilterRule stack-based overflow0.00CVE-2022-24153
1922605.55.5
 
 
 
 
Tenda AX3 fromSetRouteStatic stack-based overflow0.05CVE-2022-24152

55 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!