CVSSv3 02/21/2022

CVSSv3 Base

≤10
≤20
≤31
≤415
≤515
≤612
≤77
≤81
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤416
≤514
≤616
≤73
≤81
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤415
≤520
≤68
≤75
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤51
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤54
≤62
≤74
≤83
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1936065.55.5
 
 
 
 
Okta Advanced Server Access Client URL command injection0.04CVE-2022-24295
1936054.03.74.3
 
 
 
Samba SMB1 with Unix Extensions information disclosure0.04CVE-2021-44141
1936046.36.3
 
 
 
 
Brocade Fabric OS hard-coded credentials0.03CVE-2021-27797
1936033.53.5
 
 
 
 
Brocade Fabric OS rbash information disclosure0.04CVE-2021-27796
1936025.55.5
 
 
 
 
HCL Sametime File Class path traversal0.05CVE-2021-27755
1936015.55.5
 
 
 
 
HCL Sametime path traversal0.06CVE-2021-27753
1936004.34.3
 
4.3
 
 
Mattermost API information disclosure0.06CVE-2022-0708
1935995.35.3
 
5.3
 
 
Qlik Sense Enterprise LDAP information exposure0.00CVE-2022-0564
1935984.34.3
 
 
 
 
openSUSE libsolv solver.c resolve_dependencies denial of service0.03CVE-2021-44568
1935974.84.3
 
5.4
 
 
Spiffy Calendar Plugin Event cross-site request forgery0.05CVE-2022-25599
1935964.34.3
 
4.3
 
 
WP Content Copy Protection & No Right Click Plugin Settings cross-site request forgery0.04CVE-2022-23983
1935954.54.3
 
4.7
 
 
Survey Maker Plugin cross site scripting0.00CVE-2021-26256
1935943.73.7
 
3.7
 
 
wpDiscuz Plugin information disclosure0.00CVE-2022-23984
1935936.05.0
 
7.1
 
 
IBM Planning Analytics Remote Code Execution0.04CVE-2022-22308
1935924.54.3
 
4.7
 
 
Rudloff alltube redirect0.03CVE-2022-0692
1935915.55.5
 
 
 
 
Plesk CMS permission0.03CVE-2021-45008
1935906.36.3
 
 
 
 
Zfaka Background File unrestricted upload0.05CVE-2022-24553
1935893.53.5
 
 
 
 
Duplicate Page or Post Plugin AJAX Action wpdevart_duplicate_post_parametrs_save_in_db authorization0.03CVE-2021-25075
1935883.53.5
 
 
 
 
Five Star Business Profile and Schema Plugin AJAX Action bpfwp_welcome_set_contact_information cross site scripting0.04CVE-2021-25060
1935873.53.5
 
 
 
 
Buffer Button Plugin Twitter Username cross site scripting0.03CVE-2021-25058
1935863.53.5
 
 
 
 
Translation Exchange Plugin Settings cross site scripting0.04CVE-2021-25057
1935853.53.5
 
 
 
 
FeedWordPress Plugin cross site scripting0.03CVE-2021-25055
1935844.34.3
 
 
 
 
Float Menu Plugin Menu Delete cross-site request forgery0.05CVE-2022-0313
1935833.53.5
 
 
 
 
Ad Inserter Plugin/Ad Inserter Pro Plugin cross site scripting0.03CVE-2022-0288
1935823.53.5
 
 
 
 
GiveWP Plugin Import Admin Dashboard cross site scripting0.00CVE-2022-0252
1935814.34.3
 
 
 
 
WOOCS Plugin AJAX Action woocs_get_products_price_html cross site scripting0.00CVE-2022-0234
1935802.42.4
 
 
 
 
Shield Security Plugin Admin Note cross site scripting0.05CVE-2022-0211
1935794.34.3
 
 
 
 
Coming Soon and Maintenance Mode Plugin AJAX Action coming_soon_send_mail cross-site request forgery0.05CVE-2022-0199
1935783.53.5
 
 
 
 
Image Photo Gallery Final Tiles Grid Plugin Gallery Dashboard cross site scripting0.03CVE-2022-0186
1935773.53.5
 
 
 
 
Coming Soon and Maintenance Mode Plugin AJAX Action coming_soon_send_mail authorization0.06CVE-2022-0164
1935764.34.3
 
 
 
 
AnyComment Plugin Import/Revert cross-site request forgery0.03CVE-2022-0134
1935753.53.5
 
 
 
 
GiveWP Plugin Donation Forms Dashboard cross site scripting0.06CVE-2021-25100
1935744.34.3
 
 
 
 
GiveWP Plugin AJAX Action cross site scripting0.03CVE-2021-25099
1935733.53.5
 
 
 
 
Advanced Database Cleaner Plugin Attribute cross site scripting0.04CVE-2021-24921
1935724.64.6
 
 
 
 
AnyComment Plugin Rating race condition0.08CVE-2022-0279
1935716.36.3
 
 
 
 
Database Backup Plugin Admin Dashboard sql injection0.00CVE-2022-0255
1935704.74.7
 
 
 
 
Popup Builder Plugin sql injection0.21CVE-2022-0228
1935694.74.7
 
 
 
 
ExportFeed Plugin POST Parameter sql injection0.00CVE-2021-4208
1935685.55.5
 
 
 
 
AccessPress Plugin/Theme backdoor0.06CVE-2021-24867
1935676.36.3
 
 
 
 
Popup Builder Plugin path traversal0.07CVE-2021-25082
1935665.55.5
 
 
 
 
Download Manager Plugin sql injection0.07CVE-2021-25069
1935653.53.5
 
 
 
 
Anti-Malware Security and Brute-Force Firewall Plugin Admin Page cross site scripting0.06CVE-2021-25101
1935646.25.0
 
7.5
 
 
Drogon save unrestricted upload0.00CVE-2022-25297
1935636.97.3
 
6.5
 
 
url-parse authorization0.04CVE-2022-0691
1935616.36.3
 
 
 
 
Pritunl Client ACL platform_windows.go access control0.04CVE-2022-25372
1935605.24.3
 
6.1
 
 
NASA Openmct Summary Widget cross site scripting0.05CVE-2022-23054
1935595.24.3
 
6.1
 
 
NASA Openmct Condition Widget cross site scripting0.03CVE-2022-23053
1935585.24.3
 
6.1
 
 
NASA Openmct cross site scripting0.03CVE-2022-22126
1935575.55.5
 
 
 
 
Alluxio Logserver injection0.00CVE-2022-23848
1935567.37.3
 
7.2
 
 
PreMiD Websocket Transport access control0.03CVE-2021-46701

1 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!