CVSSv3 03/01/2022

CVSSv3 Base

≤10
≤20
≤31
≤420
≤57
≤611
≤710
≤83
≤91
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤421
≤56
≤612
≤711
≤82
≤90
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤424
≤56
≤69
≤710
≤82
≤91
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤53
≤63
≤72
≤81
≤92
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1940286.73.7
 
9.8
 
 
Fortinet FortiMail Authentication Token information exposure3.61CVE-2021-36166
1940274.64.6
 
 
 
 
taocms sql injection0.87CVE-2022-23387
1940265.93.7
 
8.1
 
 
Fortinet FortiPortal Pseudo-Random Number Generator password recovery1.31CVE-2021-36171
1940254.13.1
 
5.1
 
 
IBM MQ Appliance Messaging unknown vulnerability0.75CVE-2022-22321
1940244.33.1
 
5.6
 
 
IBM MQ Appliance session expiration0.79CVE-2021-38986
1940235.24.3
 
6.2
 
 
IBM Spectrum Scale mmfsd resource consumption0.87CVE-2020-4925
1940225.56.5
 
4.4
 
 
IBM AIX/VIOS File Creation denial of service0.79CVE-2021-38955
1940213.53.5
 
 
 
 
ZyXEL ZyWALL 2 Plus Internet Security Appliance URI cross site scripting1.31CVE-2021-46387
1940206.36.3
 
 
 
 
AyaCMS ust_tab_e.inc.php Privilege Escalation0.64CVE-2021-44238
1940196.36.3
 
 
 
 
taocms sql injection0.64CVE-2022-23380
1940183.53.5
 
 
 
 
Archeevo file inclusion0.92CVE-2022-23377
1940174.03.5
 
4.6
 
 
F-Secure Anti-Virus Engine Fmlib denial of service0.91CVE-2021-44747
1940164.84.3
 
5.3
 
 
hakimel reveal.js cross site scripting0.44CVE-2022-0776
1940157.37.3
 
 
 
 
Microweber password recovery0.44CVE-2022-0777
1940149.89.8
 
 
 
 
Zyxel NWA-1100-NH Web Interface os command injection0.88CVE-2021-4039
1940139.89.8
 
 
 
 
Zyxel NWA-1100-NH Web Interface os command injection0.52CVE-2021-35036
1940128.18.1
 
 
 
 
Cisco Redundancy Configuration Manager Debug Remote Code Execution1.98CVE-2022-20649
1940115.35.3
 
 
 
 
Cisco Redundancy Configuration Manager Debug information disclosure0.96CVE-2022-20648
1940103.53.5
 
 
 
 
Neo4j Graph Database Apoc Plugin pathname traversal0.40CVE-2021-42767
1940093.53.5
 
 
 
 
Htmly Blog Post cross site scripting0.24CVE-2022-25022
1940083.53.5
 
 
 
 
Pluxml Thumbnail cross site scripting0.32CVE-2022-25020
1940074.03.5
 
4.6
 
 
grav cross site scripting0.38CVE-2022-0743
1940063.53.5
 
 
 
 
Ice Hrm cross site scripting0.28CVE-2022-25015
1940053.53.5
 
 
 
 
Cipi Add Server servers cross site scripting0.20CVE-2022-26332
1940046.55.3
 
7.7
 
 
ROG Live Service link following0.40CVE-2022-22262
1940033.53.5
 
 
 
 
Maxsite CMS 3 cross site scripting0.28CVE-2022-25413
1940023.53.5
 
 
 
 
Maxsite CMS files cross site scripting0.52CVE-2022-25410
1940013.53.5
 
 
 
 
CMS Made Simple cross site scripting0.52CVE-2022-23907
1940005.55.5
 
 
 
 
ARM Trusted Firmware-M Firmware Update stack-based overflow0.60CVE-2021-43619
1939993.53.5
 
 
 
 
Home Owners Collection Management System Collections Module cross site scripting0.64CVE-2022-25028
1939985.55.5
 
 
 
 
qrcp File Name path traversal0.64CVE-2022-26315
1939973.53.5
 
 
 
 
Ice Hrm Dashboard cross site scripting0.48CVE-2022-25014
1939964.34.3
 
 
 
 
MikroTik RouterOS FTP Request buffer overflow0.84CVE-2020-22845
1939954.34.3
 
 
 
 
MikroTik RouterOS SMB Request buffer overflow0.76CVE-2020-22844
1939945.55.5
 
 
 
 
David Brackeen ok-file-formats ok_png.c ok_png_transform_scanline buffer overflow0.60CVE-2021-44342
1939935.55.5
 
 
 
 
ARM astcenc encode_ise buffer overflow0.52CVE-2021-44331
1939927.37.3
 
 
 
 
Hicos Citizen Certificate Client-side Component Parameter command injection0.68CVE-2020-12775
1939916.36.3
 
 
 
 
Home Owners Collection Management System sql injection0.56CVE-2022-25029
1939905.55.5
 
 
 
 
Dropbox Lepton bitops.cc aligned_dealloc heap-based overflow0.36CVE-2022-26181
1939892.42.4
 
 
 
 
Zoho ManageEngine Key Manager Plus information disclosure0.48CVE-2022-24446
1939883.53.5
 
 
 
 
Slic3r libslic3r stl File extrude out-of-bounds read0.36CVE-2021-44962
1939873.53.5
 
 
 
 
Slic3r libslic3r stl File extrude out-of-bounds read0.36CVE-2021-44961
1939866.36.3
 
 
 
 
Algorithmia MSOL access control0.32CVE-2021-42951
1939855.55.5
 
 
 
 
Pluxml code injection0.57CVE-2022-25018
1939846.36.3
 
 
 
 
CMS Made Simple Image File unrestricted upload0.48CVE-2022-23906
1939833.53.5
 
 
 
 
Hospital Management System admin-panel1.php cross site scripting0.48CVE-2022-25409
1939823.53.5
 
 
 
 
Hospital Management System admin-panel1.php cross site scripting0.32CVE-2022-25408
1939813.53.5
 
 
 
 
Hospital Management System admin-panel1.php cross site scripting0.28CVE-2022-25407
1939804.64.6
 
 
 
 
MaxSite CMS all-files-update-ajax.php denial of service0.32CVE-2022-25412
1939796.36.3
 
 
 
 
MaxSite CMS PHP File options Privilege Escalation0.24CVE-2022-25411

5 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!