CVSSv3 02/25/2022

CVSSv3 Base

≤10
≤20
≤32
≤417
≤518
≤624
≤715
≤82
≤94
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤417
≤518
≤630
≤79
≤82
≤94
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤33
≤420
≤522
≤617
≤714
≤86
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤53
≤65
≤75
≤84
≤92
≤104

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1938283.53.5
 
 
 
 
Hashicorp Terraform Enterprise log file0.06CVE-2022-25374
1938274.64.6
 
 
 
 
waline X-Forwarded-For unknown vulnerability0.00CVE-2022-24594
1938265.96.7
 
5.0
 
 
fscrypt Mountpoint bash_completion os command injection0.00CVE-2022-25328
1938254.43.3
 
5.5
 
 
fscrypt PAM Module credentials management0.00CVE-2022-25327
1938243.53.5
 
 
 
 
EyesOfNetwork ITSM Module cross site scripting0.07CVE-2022-24612
1938235.55.5
 
5.5
 
 
fscrypt Filesystem resource consumption0.00CVE-2022-25326
1938226.04.5
 
7.5
 
 
Google Fuchsia Snaptshot permission assignment0.08CVE-2022-0247
1938214.34.3
 
 
 
 
Imagemagick ImageMagick Pixel Array tiff.c ReadTIFFImage out-of-bounds read0.00CVE-2021-3610
1938205.45.3
 
5.6
 
 
WIN-911 default permission0.00CVE-2022-23104
1938195.75.7
 
 
 
 
QEMU Paravirtual RDMA Device uninitialized pointer0.00CVE-2021-3608
1938185.74.3
 
7.2
 
 
WP Statistics Plugin class-wp-statistics-visitor.php cross site scripting0.04CVE-2022-25306
1938175.74.3
 
7.2
 
 
WP Statistics Plugin class-wp-statistics-ip.php cross site scripting0.09CVE-2022-25305
1938165.24.3
 
6.1
 
 
Essential Addons for Elementor Lite Plugin Link Helper.php cross site scripting0.05CVE-2022-0683
1938157.37.3
 
 
 
 
EC-CUBE HTTP Header access control0.00CVE-2022-25355
1938143.53.5
 
 
 
 
Fuel CMS Assets Page cross site scripting0.00CVE-2021-44607
1938132.42.4
 
 
 
 
Intelliants Subrion CMS Create Page cross site scripting0.00CVE-2021-43724
1938123.53.5
 
 
 
 
Piwigo cross site scripting0.00CVE-2022-24620
1938113.53.5
 
 
 
 
Checkmk Predefined Condition cross site scripting0.00CVE-2022-24566
1938103.53.5
 
 
 
 
Checkmk Alias cross site scripting0.00CVE-2022-24565
1938092.72.7
 
 
 
 
Rockwell Automation FactoryTalk View SE RAM cleartext storage0.00CVE-2020-14480
1938085.55.5
 
 
 
 
Cuppa CMS File Manager copy access control0.05CVE-2022-25401
1938075.55.5
 
 
 
 
Cyrus SASL UPDATE Statement sql.c escape output0.49CVE-2022-24407
1938065.55.5
 
 
 
 
WeBankPartners wecube-platform PluginPackageController.java pathname traversal0.00CVE-2021-45746
1938054.34.3
 
4.3
 
 
Dolibarr behavioral workflow0.05CVE-2022-0746
1938043.73.7
 
 
 
 
Visual Voice Mail missing encryption0.04CVE-2022-23835
1938033.53.5
 
 
 
 
Trilium Notes setupPage denial of service0.06CVE-2021-43745
1938026.36.3
 
 
 
 
Honeywell HDZP252DI/HBW2PER1 ARP Cache access control0.04CVE-2021-39364
1938016.36.3
 
 
 
 
Honeywell HDZP252DI/HBW2PER1 ARP Cache authentication replay0.04CVE-2021-39363
1938006.54.3
 
8.8
 
 
awsui components-react cross site scripting0.04CVE-2022-24709
1937994.34.3
 
 
 
 
Blender DDS Loader integer underflow0.07CVE-2022-0544
1937985.65.6
 
 
 
 
Node.js certificate validation0.00CVE-2021-44533
1937975.65.6
 
 
 
 
Node.js SAN certificate validation0.16CVE-2021-44532
1937966.36.3
 
 
 
 
Node.js SAN certificate validation0.00CVE-2021-44531
1937955.55.5
 
 
 
 
usbredir usbredirparser.c usbredirparser_serialize use after free0.33CVE-2021-3700
1937944.23.1
 
5.3
 
 
QNAP QTS Proxy Server cross site scripting0.00CVE-2021-34361
1937934.62.4
 
6.9
 
 
QNAP QTS Proxy Server cross site scripting0.05CVE-2021-34359
1937924.34.3
 
 
 
 
Apache JSPWiki User Preference cross site scripting0.00CVE-2022-24948
1937914.34.3
 
 
 
 
Apache JSPWiki User Preferences cross-site request forgery0.00CVE-2022-24947
1937905.55.5
 
 
 
 
Apache Airflow Web UI os command injection0.16CVE-2022-24288
1937893.53.5
 
 
 
 
Apache Airflow Trigger DAG with Config Screen cross site scripting0.06CVE-2021-45229
1937886.36.3
 
 
 
 
htmldoc ps-pdf.cxx pspdf_prepare_page heap-based overflow0.00CVE-2021-26252
1937876.36.3
 
 
 
 
Rockwell Automation FactoryTalk Services Platform XML File Han xml external entity reference0.00CVE-2020-14478
1937864.93.3
 
6.5
 
 
Emerson OpenEnterprise inadequate encryption0.00CVE-2020-10636
1937857.05.3
 
8.8
 
 
Emerson OpenEnterprise Configuration permission0.05CVE-2020-10632
1937845.55.5
 
 
 
 
Laravel Fortify Privilege Escalation0.05CVE-2022-25838
1937835.05.0
 
 
 
 
wolfSSL certificate validation0.00CVE-2022-25638
1937824.64.6
 
 
 
 
ECTouch denial of service0.00CVE-2022-25098
1937813.53.5
 
 
 
 
FileCloud <username> information disclosure0.04CVE-2022-24633
1937803.53.5
 
 
 
 
zip4j ZIP File denial of service0.06CVE-2022-24615
1937793.53.5
 
 
 
 
metadata-extractor JPEG File resource consumption0.00CVE-2022-24614

32 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!