CVSSv3 02/11/2022

CVSSv3 Base

≤10
≤20
≤30
≤45
≤56
≤65
≤713
≤89
≤97
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤45
≤56
≤611
≤78
≤812
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤45
≤57
≤66
≤710
≤815
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤61
≤73
≤86
≤97
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1929074.34.3
 
 
 
 
Linux Kernel mov32 Insttruction verifier.c check_alu_op information disclosure0.00CVE-2021-45402
1929063.53.5
 
 
 
 
OCS Inventory Device Name cross site scripting0.00CVE-2021-46355
1929054.34.3
 
4.3
 
 
Microweber redirect0.00CVE-2022-0560
1929046.97.3
 
6.5
 
 
QNAP Kazoo Server improper authentication0.06CVE-2021-38679
1929035.55.5
 
 
 
 
Apache Cassandra code injection0.07CVE-2021-44521
1929027.37.3
 
 
 
 
Apache APISIX batch-requests Plugin authentication spoofing0.07CVE-2022-24112
1929016.36.3
 
 
 
 
Apache Cayenne Hessian deserialization0.00CVE-2022-24289
1929006.76.7
 
6.7
 
 
Qualcomm Snapdragon Auto DCI Packet out-of-bounds write0.00CVE-2021-30324
1928998.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto DSP use after free0.00CVE-2021-35077
1928988.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto WDOG null pointer dereference0.00CVE-2021-35075
1928978.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto Fragment Datatype integer overflow0.00CVE-2021-35074
1928967.87.8
 
7.8
 
 
Qualcomm Snapdragon Auto DMA memory corruption0.05CVE-2021-35069
1928956.95.5
 
8.4
 
 
Qualcomm Snapdragon Auto Bluetooth HFP null pointer dereference0.00CVE-2021-35068
1928947.57.5
 
7.5
 
 
Qualcomm Snapdragon Auto RRC assertion0.00CVE-2021-30326
1928937.87.8
 
7.8
 
 
Qualcomm Snapdragon Auto EFS File memory corruption0.00CVE-2021-30323
1928927.87.8
 
7.8
 
 
Qualcomm Snapdragon Auto GPIO out-of-bounds write0.00CVE-2021-30322
1928918.17.8
 
8.4
 
 
Qualcomm Snapdragon Auto HDCP Key memory corruption0.06CVE-2021-30318
1928908.57.8
 
9.3
 
 
Qualcomm Snapdragon Auto ELF Metadata Local Privilege Escalation0.00CVE-2021-30317
1928897.87.8
 
7.8
 
 
Qualcomm Snapdragon Compute QXDM Command memory corruption0.00CVE-2021-30309
1928887.07.2
 
6.7
 
 
Qualcomm Snapdragon Auto DCI out-of-bounds read0.00CVE-2021-30325
1928876.36.3
 
 
 
 
Apple Safari WebKit use after free0.00CVE-2022-22620
1928866.36.3
 
 
 
 
Apple macOS WebKit use after free0.07CVE-2022-22620
1928856.36.3
 
 
 
 
Apple iOS/iPadOS WebKit use after free0.58CVE-2022-22620
1928845.55.5
 
 
 
 
Portainer Agent API Server access control0.14CVE-2022-24961
1928836.24.3
 
8.1
 
 
Microweber os command injection0.05CVE-2022-0557
1928825.55.5
 
 
 
 
Linux Kernel inode.c release of reference0.07CVE-2022-24958
1928813.53.5
 
 
 
 
Linux Kernel yam.c yam_siocdevprivate memory leak0.06CVE-2022-24959
1928808.88.8
 
 
 
 
PHP Everywhere Plugin Gutenberg Block Privilege Escalation0.00CVE-2022-24665
1928798.88.8
 
 
 
 
PHP Everywhere Plugin Metabox Privilege Escalation0.00CVE-2022-24664
1928786.36.3
 
 
 
 
PHP Everywhere Plugin Shortcode Privilege Escalation0.00CVE-2022-24663
1928773.53.5
 
 
 
 
XMPie uStore Administrative Panel cross site scripting0.00CVE-2022-23321
1928763.53.5
 
 
 
 
Taocms Management Column cross site scripting0.00CVE-2021-44969
1928757.37.1
 
7.5
 
 
Gradle ResolutionStrategy.disableDependencyVerification unknown vulnerability0.07CVE-2022-23630
1928744.34.3
 
 
 
 
Xilinx Zynq-7000 SD Boot Image buffer overflow0.00CVE-2021-44850
1928736.36.3
 
 
 
 
Foxit PDF Reader/PDF Editor uncontrolled search path0.06CVE-2022-24955
1928726.36.3
 
 
 
 
Foxit PDF Reader/PDF Editor XFA stack-based overflow0.00CVE-2022-24954
1928717.37.3
 
 
 
 
Google Go crypto-elliptic Curve.IsOnCurve Remote Code Execution0.00CVE-2022-23806
1928705.55.5
 
 
 
 
Google Go cmd-go access control0.00CVE-2022-23773
1928694.34.3
 
 
 
 
Google Go math-big Rat.SetString memory allocation0.00CVE-2022-23772
1928684.74.2
 
5.3
 
 
Ping Identity PingFederate Password Change improper authorization0.05CVE-2021-42000
1928677.36.3
 
8.4
 
 
vim uninitialized pointer0.05CVE-2022-0554
1928665.55.5
 
 
 
 
Ethereum Optimism Self-Destruction access control0.07CVE-2022-24916
1928654.64.6
 
 
 
 
Cuppa CMS unlink denial of service0.00CVE-2022-24647
1928643.53.5
 
 
 
 
MiniCMS page-edit.php cross site scripting0.00CVE-2021-44970
1928636.36.3
 
 
 
 
Hospital Management System contact.php sql injection0.07CVE-2022-24646

Do you need the next level of professionalism?

Upgrade your account now!