CVSSv3 02/28/2022

CVSSv3 Base

≤10
≤20
≤310
≤413
≤516
≤610
≤76
≤82
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤310
≤413
≤516
≤614
≤73
≤81
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤311
≤412
≤517
≤69
≤76
≤83
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤60
≤71
≤80
≤91
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
1939735.55.5
 
 
 
 
David Brackeen ok-file-formats ok_jpg.c ok_jpg_generate_huffman_table heap-based overflow0.040.00885CVE-2021-44340
1939725.55.5
 
 
 
 
David Brackeen ok-file-formats ok_png.c ok_png_transform_scanline heap-based overflow0.020.00885CVE-2021-44339
1939715.55.5
 
 
 
 
David Brackeen ok-file-formats ok_jpg.c ok_jpg_convert_YCbCr_to_RGB heap-based overflow0.000.00885CVE-2021-44334
1939703.73.7
 
 
 
 
Cherwell Service Management missing secure attribute0.090.00885CVE-2022-26157
1939693.53.5
 
 
 
 
Cherwell Service Management HTTP Request cross site scripting0.040.00885CVE-2022-26155
1939685.55.5
 
 
 
 
Cherwell Service Management HTTP Request injection0.070.00885CVE-2022-26158
1939675.55.5
 
 
 
 
Cherwell Service Management Web Application injection0.070.00885CVE-2022-26156
1939665.55.5
 
 
 
 
ARM astcenc Compression astcenc_compress_symbolic.cpp encode_ise stack-based overflow0.060.00885CVE-2021-43086
1939653.53.5
 
 
 
 
Byteball Obyte Wallet Chat Message cross site scripting0.000.04836CVE-2022-25642
1939645.34.3
 
6.3
 
 
CodeIgniter cross-site request forgery0.040.01055CVE-2022-24712
1939638.37.3
 
9.4
 
 
CodeIgniter HTTP Request input validation0.000.00885CVE-2022-24711
1939622.42.4
 
 
 
 
Car Driving School Management System User Enrollment Form cross site scripting0.060.00885CVE-2022-24572
1939616.36.3
 
 
 
 
Car Driving School Management System Login Page sql injection0.030.00954CVE-2022-24571
1939604.34.3
 
 
 
 
HashiCorp Nomad/Nomad Enterprise resource consumption0.000.00954CVE-2022-24685
1939597.97.3
 
8.6
 
 
rudloff alltube server-side request forgery0.040.00885CVE-2022-0768
1939584.34.3
 
 
 
 
WP Visitor Statistics Plugin AJAX Action updateIpAddress cross-site request forgery0.000.00885CVE-2021-25042
1939574.34.3
 
 
 
 
Post Snippets Plugin Import cross-site request forgery0.030.00885CVE-2021-25010
1939562.42.4
 
 
 
 
WS Form Lite Plugin/WS Form Pro Plugin Form Name cross site scripting0.050.00885CVE-2022-23987
1939553.53.5
 
 
 
 
Testimonial Plugin Attribute cross site scripting0.030.00885CVE-2022-23912
1939542.42.4
 
 
 
 
WP Ultimate CSV Importer Plugin Comment cross site scripting0.060.00885CVE-2022-0360
1939534.34.3
 
 
 
 
Customize Emails and Alerts Plugin AJAX Action bnfw_search_users cross-site request forgery0.000.00885CVE-2022-0345
1939524.34.3
 
 
 
 
Simple Membership Plugin Member Delete cross-site request forgery0.000.00885CVE-2022-0328
1939513.53.5
 
 
 
 
WP RSS Aggregator Plugin AJAX Action wprss_fetch_items_row_action cross site scripting0.020.00885CVE-2022-0189
1939503.53.5
 
 
 
 
WP Accessibility Helper Plugin cross site scripting0.000.00885CVE-2022-0150
1939492.42.4
 
 
 
 
WP-Paginate Plugin cross site scripting0.050.00885CVE-2021-4222
1939483.53.5
 
 
 
 
WHMCS Bridge Plugin Admin Dashboard cross site scripting0.030.00885CVE-2021-25112
1939473.53.5
 
 
 
 
WP User Plugin wp_user Shortcode cross site scripting0.040.00885CVE-2021-25034
1939466.36.3
 
 
 
 
Custom Font Uploader Plugin CSS authorization0.080.00885CVE-2021-24977
1939453.53.5
 
 
 
 
Dynamic Widgets Plugin AJAX Action term_tree cross site scripting0.050.00885CVE-2021-24933
1939442.42.4
 
 
 
 
StatCounter Plugin Setting cross site scripting0.000.00885CVE-2021-24920
1939434.34.3
 
 
 
 
Logo Showcase with Slick Slider Plugin AJAX Action lswss_save_attachment_data cross-site request forgery0.000.00885CVE-2021-24913
1939422.42.4
 
 
 
 
GRAND FlaGallery Plugin Gallery Setting cross site scripting0.050.00885CVE-2021-24903
1939412.42.4
 
 
 
 
Security Audit Plugin Setting cross site scripting0.000.00885CVE-2021-24901
1939402.42.4
 
 
 
 
EditableTable Plugin cross site scripting0.050.00885CVE-2021-24898
1939394.34.3
 
 
 
 
Core Tweaks WP Setup Plugin cross-site request forgery0.000.00885CVE-2021-24803
1939385.55.5
 
 
 
 
Logo Showcase with Slick Slider Plugin AJAX Action lswss_save_attachment_data access control0.070.00885CVE-2021-24730
1939376.36.3
 
 
 
 
Orange Form Plugin or_delete_filed access control0.030.00885CVE-2021-24688
1939366.36.3
 
 
 
 
Testimonial Plugin SQL Statement sql injection0.040.00885CVE-2022-23911
1939356.36.3
 
 
 
 
Asgaros Forum Plugin REST sql injection0.040.00885CVE-2022-0411
1939344.64.6
 
 
 
 
LearnPress Plugin Image File file inclusion0.120.00890CVE-2022-0377
1939333.53.5
 
 
 
 
WP Responsive Menu Plugin AJAX Action wpr_live_update cross site scripting0.030.00885CVE-2021-24971
1939326.36.3
 
 
 
 
WP Cloudy Plugin Admin Dashboard sql injection0.030.00885CVE-2021-24864
1939312.42.4
 
 
 
 
Drag & Drop Contact Form Builder Plugin path traversal0.020.00885CVE-2021-24689
1939303.53.5
 
 
 
 
15Zine Theme AJAX Action cb_s_a cross site scripting0.070.00885CVE-2020-36510
1939294.34.3
 
 
 
 
WS Form Lite Plugin/WS Form Pro Plugin cross site scripting0.000.00885CVE-2022-23988
1939284.34.3
 
 
 
 
Crazy Bone Plugin Login Form cross site scripting0.030.00885CVE-2022-0385
1939274.34.3
 
 
 
 
Migration, Backup, Staging Plugin Admin Page cross site scripting0.030.00885CVE-2021-24994
1939267.37.3
 
 
 
 
TI WooCommerce Wishlist Plugin REST Endpoint remove_product sql injection0.030.00885CVE-2022-0412
1939254.74.7
 
 
 
 
WP Review Slider Plugin sql injection0.030.00885CVE-2022-0383
1939243.53.5
 
 
 
 
Yoast SEO Plugin REST Endpoint posts information disclosure0.160.00885CVE-2021-25118

8 more entries are not shown

Do you know our Splunk app?

Download it now for free!