CVSSv3 03/02/2022

CVSSv3 Base

≤10
≤20
≤34
≤46
≤52
≤613
≤75
≤84
≤94
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤46
≤52
≤613
≤75
≤84
≤94
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤33
≤46
≤54
≤611
≤76
≤85
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤33
≤40
≤52
≤61
≤71
≤84
≤94
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
1940663.53.5
 
 
 
 
jQuery Cookie Prototype cross site scripting0.040.00885CVE-2022-23395
1940658.08.0
 
 
 
 
Qt untrusted search path0.040.01018CVE-2022-25634
1940645.55.5
 
 
 
 
Zoho ManageEngine SharePoint Manager Plus improper authorization0.040.00885CVE-2022-24306
1940633.53.5
 
 
 
 
Zoho ManageEngine SharePoint Manager Plus information disclosure0.000.00885CVE-2022-24305
1940625.94.7
 
7.2
 
 
Dolibarr code injection0.040.00885CVE-2022-0819
1940615.96.3
 
5.4
 
 
Webmin improper authorization0.030.06511CVE-2022-0829
1940603.53.5
 
 
 
 
Zoho ManageEngine Desktop Central HTTP Redirect information disclosure0.040.08592CVE-2022-23779
1940595.55.5
 
 
 
 
Zoho ManageEngine Key Manager Plus Export access control0.030.00885CVE-2022-24447
1940587.36.3
 
8.3
 
 
Webmin access control0.050.66053CVE-2022-0824
1940572.62.5
 
2.8
 
 
Fortinet FortiManager Config File information disclosure0.030.00885CVE-2022-22303
1940567.87.8
 
7.8
 
 
Fortinet FortiAP-C CLI os command injection0.020.00885CVE-2022-22301
1940554.44.6
 
4.1
 
 
Fortinet FortiToken Mobile External Push Notification access control0.000.01055CVE-2021-44166
1940542.32.0
 
2.6
 
 
Fortinet FortiGate SNI Client Hello TLS information disclosure0.030.00885CVE-2020-15936
1940535.24.3
 
6.1
 
 
ssr-pages build cross site scripting0.030.01018CVE-2022-24717
1940523.53.5
 
 
 
 
BatFlat CMS database.sdb permission0.000.00885CVE-2021-41652
1940516.54.3
 
8.8
 
 
Scrapy information disclosure0.040.00890CVE-2022-0577
1940505.55.5
 
 
 
 
rtl_433 File cmr113_decode off-by-one0.060.00954CVE-2022-25051
1940492.62.6
 
 
 
 
Argus Surveillance DVR inadequate encryption0.210.00885CVE-2022-25012
1940485.55.5
 
 
 
 
tsMuxer bitStream.h INT_BIT assertion0.000.00885CVE-2021-45861
1940473.53.5
 
 
 
 
tsMuxer File findFrame denial of service0.050.00885CVE-2021-45860
1940462.62.6
 
2.6
 
 
Fluture-Node followRedirectsWith information disclosure0.050.01018CVE-2022-24719
1940456.96.3
 
7.6
 
 
ssr-pages build path traversal0.030.00890CVE-2022-24718
1940447.57.3
 
7.7
 
 
Fortinet FortiMail Web Server CGI access control0.030.00885CVE-2021-32586
1940433.53.5
 
 
 
 
rtl_433 File somfy_iohc_decode stack-based overflow0.050.00954CVE-2022-25050
1940425.55.5
 
 
 
 
Stepmania RageFile rootfs access control0.040.00885CVE-2022-25010
1940416.36.3
 
 
 
 
Extensis Portfolio hard-coded credentials0.000.00890CVE-2022-24255
1940406.36.3
 
 
 
 
Extensis Portfolio Backup/Restore unrestricted upload0.000.04571CVE-2022-24254
1940395.55.5
 
 
 
 
Extensis Portfolio AdminFileTransferServlet unrestricted upload0.030.00890CVE-2022-24253
1940386.36.3
 
 
 
 
Extensis Portfolio FileTransferServlet unrestricted upload0.030.04571CVE-2022-24252
1940375.55.5
 
 
 
 
Extensis Portfolio Catalog Asset Upload unrestricted upload0.030.00890CVE-2022-24251
1940365.55.5
 
 
 
 
tsMuxer dtsStreamReader.cpp findFrame memory corruption0.030.00885CVE-2021-45864
1940355.55.5
 
 
 
 
tsMuxer hevc.cpp updateBits heap-based overflow0.050.00885CVE-2021-45863
1940348.88.8
 
8.8
 
 
Fortinet FortiWLM AP Monitor sql injection0.040.00885CVE-2021-43077
1940338.88.8
 
8.8
 
 
Fortinet FortiWLM Alarm Dashboard os command injection0.060.02055CVE-2021-43075
1940324.95.4
 
4.3
 
 
Fortinet FortiAnalyzer permission0.040.00885CVE-2022-22300
1940318.57.3
 
9.8
 
 
wire-avs Aaudio Visual Signaling format string0.080.01885CVE-2021-41193
1940308.57.3
 
9.8
 
 
image_processing Active Storage apply os command injection0.040.00885CVE-2022-24720
1940295.55.5
 
 
 
 
pfSense sed diag_routes.php os command injection0.000.34403CVE-2021-41282

Do you need the next level of professionalism?

Upgrade your account now!