CVSSv3 02/24/2022

CVSSv3 Base

≤10
≤20
≤30
≤413
≤513
≤628
≤723
≤88
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤412
≤513
≤635
≤723
≤81
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤34
≤412
≤513
≤625
≤723
≤89
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤56
≤63
≤77
≤84
≤91
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1937463.53.5
 
 
 
 
Audio File Library printinfo.c printfileinfo information disclosure0.00CVE-2022-24599
1937453.53.5
 
 
 
 
A-Blog CMS cross site scripting0.04CVE-2022-24374
1937443.53.5
 
 
 
 
A-Blog CMS cross site scripting0.04CVE-2022-23916
1937435.55.5
 
 
 
 
Mobile Device Monitoring Service API access control0.04CVE-2022-0732
1937425.55.5
 
 
 
 
CoreNLP NERServlet.java access control0.06CVE-2021-44550
1937416.14.3
 
8.0
 
 
Zyxel ARMOR Z1/ARMOR Z2 HTTP Daemon cross-site request forgery0.06CVE-2021-4030
1937408.88.8
 
8.8
 
 
Zyxel ARMOR Z1/ARMOR Z2 CGI Program os command injection0.06CVE-2021-4029
1937393.13.1
 
 
 
 
LibreOffice ODF Document signature verification0.00CVE-2021-25636
1937385.55.5
 
 
 
 
Amazon Echo Dot Skill/Bluetooth AvA neutralization0.05CVE-2022-25809
1937373.53.5
 
 
 
 
HorizontCMS information disclosure0.00CVE-2022-25104
1937364.34.3
 
 
 
 
A-Blog CMS Template Engine injection0.06CVE-2022-23810
1937354.74.7
 
 
 
 
Tribal Systems Zenario CMS unrestricted upload0.09CVE-2022-23043
1937344.34.3
 
 
 
 
Mail Magazine Management Plugin cross-site request forgery0.08CVE-2022-21179
1937337.37.3
 
 
 
 
A-Blog CMS improper authentication0.05CVE-2022-21142
1937324.64.6
 
 
 
 
Bentley seatd seatd-launch access control0.00CVE-2022-25643
1937315.55.5
 
 
 
 
Tenda AC9 openSchedWifi stack-based overflow0.06CVE-2022-25418
1937305.55.5
 
 
 
 
Tenda AC9 saveparentcontrolinfo stack-based overflow0.06CVE-2022-25417
1937295.55.5
 
 
 
 
Tenda AC9 stack-based overflow0.04CVE-2022-25414
1937286.36.3
 
 
 
 
Watchguard Firebox/XTM access control0.00CVE-2022-25363
1937276.36.3
 
 
 
 
Watchguard Firebox/XTM unrestricted upload0.00CVE-2022-25360
1937265.75.3
 
6.1
 
 
Cybonet PineApp email.content.body.php file inclusion0.05CVE-2022-22793
1937255.36.3
 
4.3
 
 
IBM Sterling External Authentication Server REST API path traversal0.07CVE-2022-22349
1937247.17.3
 
6.8
 
 
Cybonet PineApp sql injection0.00CVE-2022-22794
1937236.46.5
 
6.2
 
 
IBM AIX/VIOS Kernel denial of service0.00CVE-2021-38995
1937226.46.5
 
6.2
 
 
IBM AIX/VIOS Kernel denial of service0.00CVE-2021-38994
1937214.34.3
 
4.4
 
 
IBM WebSphere Application Server cross-site request forgery0.00CVE-2021-39038
1937207.27.2
 
 
 
 
Watchguard Firebox/XTM Firmware Update stack-based overflow0.04CVE-2022-25293
1937197.27.2
 
 
 
 
Watchguard Firebox/XTM Firmware Update stack-based overflow0.06CVE-2022-25292
1937187.27.2
 
 
 
 
Watchguard Firebox/XTM Firmware Update heap-based overflow0.04CVE-2022-25291
1937175.35.3
 
 
 
 
Watchguard Firebox/XTM information disclosure0.04CVE-2022-25290
1937165.55.5
 
 
 
 
TOTOLink T6 Main command injection0.08CVE-2022-25084
1937155.55.5
 
 
 
 
TOTOLink A860R Main command injection0.00CVE-2022-25083
1937145.55.5
 
 
 
 
TOTOLink A950RG Main command injection0.08CVE-2022-25082
1937135.55.5
 
 
 
 
TOTOLINK T10 Main command injection0.00CVE-2022-25081
1937125.55.5
 
 
 
 
TOTOLink A830R Main command injection0.00CVE-2022-25080
1937115.55.5
 
 
 
 
TOTOLINK A810R Main command injection0.00CVE-2022-25079
1937105.55.5
 
 
 
 
TOTOLINK A3600R Main command injection0.00CVE-2022-25078
1937095.55.5
 
 
 
 
TOTOLINK A3100R Main command injection0.05CVE-2022-25077
1937085.55.5
 
 
 
 
TOTOLINK A800R Main command injection0.13CVE-2022-25076
1937075.55.5
 
 
 
 
TOTOLINK A3000RU Main command injection0.04CVE-2022-25075
1937066.36.3
 
 
 
 
TP-Link TL-WR902AC dm_fillObjByStr stack-based overflow0.00CVE-2022-25074
1937056.36.3
 
 
 
 
TP-LINK TL-WR841N dm_fillObjByStr stack-based overflow0.06CVE-2022-25073
1937046.36.3
 
 
 
 
TP-Link Archer A54 Fillobjbystr stack-based overflow0.06CVE-2022-25072
1937034.34.3
 
 
 
 
Hashicorp Consul/Consul Enterprise resource consumption0.05CVE-2022-24687
1937026.36.3
 
 
 
 
Watchguard Firebox/XTM Management access control0.07CVE-2022-23176
1937015.55.5
 
 
 
 
USBGuard usbguard-dbus Daemon access control0.04CVE-2019-25058
1937007.37.3
 
 
 
 
wolfSSL Mutual Authentication improper authentication0.04CVE-2022-25640
1936993.53.5
 
 
 
 
BloofoxCMS Edit Action index.php cross site scripting0.05CVE-2021-44608
1936986.36.3
 
 
 
 
Linux Kernel Netfilter nf_dup_netdev.c nf_tables_offload out-of-bounds write0.00CVE-2022-25636
1936975.55.5
 
 
 
 
WBCE CMS install.php Privilege Escalation0.07CVE-2022-25101

37 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!