CVSSv3 03/07/2022

CVSSv3 Base

≤10
≤20
≤34
≤416
≤513
≤67
≤711
≤82
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤416
≤513
≤614
≤75
≤81
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤34
≤418
≤514
≤63
≤713
≤81
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤50
≤63
≤75
≤84
≤90
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1943326.05.9
 
6.1
 
 
IBM AIX/VIOS nimsh Daemon denial of service0.00CVE-2022-22351
1943316.46.5
 
6.2
 
 
IBM AIX/VIOS Kernel denial of service0.00CVE-2021-38989
1943306.46.5
 
6.2
 
 
IBM AIX/VIOS Kernel denial of service0.00CVE-2021-38988
1943295.96.3
 
5.4
 
 
SalesAgility SuiteCRM improper authorization0.00CVE-2022-0756
1943286.76.3
 
7.1
 
 
SalesAgility SuiteCRM access control0.00CVE-2022-0755
1943276.76.3
 
7.1
 
 
SalesAgility SuiteCRM sql injection0.00CVE-2022-0754
1943265.24.3
 
6.1
 
 
BitDefender Total Security messaging_ipc.dll null pointer dereference0.00CVE-2021-4198
1943258.38.8
 
7.8
 
 
BitDefender Total Security Crash BDReinit.exe permission assignment0.06CVE-2021-4199
1943244.74.7
 
 
 
 
Catch Themes Demo Import Plugin code injection0.06CVE-2022-0440
1943237.76.3
 
9.1
 
 
Calibre-Web server-side request forgery0.04CVE-2022-0767
1943225.64.7
 
6.5
 
 
Calibre-Web server-side request forgery0.05CVE-2022-0766
1943213.53.5
 
 
 
 
Ditty Plugin cross site scripting0.00CVE-2022-0533
1943203.53.5
 
 
 
 
White Label CMS Plugin Preview cross site scripting0.00CVE-2022-0422
1943192.42.4
 
 
 
 
E2Pdf Plugin Setting cross site scripting0.00CVE-2022-0535
1943182.42.4
 
 
 
 
CP Blocks Plugin License ID Setting cross site scripting0.00CVE-2022-0448
1943174.34.3
 
 
 
 
GDPR & ePrivacy Cookie Consent Plugin cross-site request forgery0.04CVE-2022-0445
1943165.05.0
 
 
 
 
Email Subscribers & Newsletters Plugin ajax_fetch_report_list sql injection0.00CVE-2022-0439
1943154.34.3
 
 
 
 
WP Cerber Security, Anti-spam & Malware Scan Plugin Plugins Dashboard cross site scripting0.06CVE-2022-0429
1943142.42.4
 
 
 
 
WP Time Slots Booking Form Plugin Calendar Name cross site scripting0.00CVE-2022-0389
1943133.53.5
 
 
 
 
LoginPress Custom Login Page Customizer Plugin Attribute cross site scripting0.00CVE-2022-0347
1943123.53.5
 
 
 
 
YOP Poll Plugin Setting cross site scripting0.00CVE-2022-0205
1943114.34.3
 
 
 
 
Pricing Tables Plugin cross-site request forgery0.07CVE-2021-25098
1943103.53.5
 
 
 
 
CorreosExpress Plugin Log File log file0.00CVE-2021-25009
1943093.53.5
 
 
 
 
File Upload Plugin Shortcode Argument cross site scripting0.04CVE-2021-24961
1943083.53.5
 
 
 
 
File Upload Plugin SVG File unrestricted upload0.06CVE-2021-24960
1943073.53.5
 
 
 
 
Advanced iFrame Plugin Admin Page cross site scripting0.00CVE-2021-24953
1943063.53.5
 
 
 
 
Custom Content Shortcode Plugin cross site scripting0.04CVE-2021-24826
1943053.53.5
 
 
 
 
Cost Calculator Plugin Price Settings/Project Page cross site scripting0.00CVE-2021-24821
1943042.42.4
 
 
 
 
WP Event Manager Plugin Field Editor cross site scripting0.00CVE-2021-24810
1943035.55.5
 
 
 
 
UsersWP Plugin Avatar Update authorization0.00CVE-2022-0442
1943026.36.3
 
 
 
 
MasterStudy LMS Plugin New Account privileges management0.06CVE-2022-0441
1943017.37.3
 
 
 
 
Page View Count Plugin REST Endpoint sql injection0.00CVE-2022-0434
1943004.74.7
 
 
 
 
RegistrationMagic Plugin Automation Admin Dashboard sql injection0.06CVE-2022-0420
1942996.36.3
 
 
 
 
WP Visitor Statistics Plugin SQL Statement refUrlDetails sql injection0.00CVE-2022-0410
1942983.53.5
 
 
 
 
Video Conferencing with Zoom Plugin AJAX Action vczapi_get_wp_users information disclosure0.00CVE-2022-0384
1942975.65.6
 
 
 
 
NotificationX Plugin SQL Statement sql injection0.06CVE-2022-0349
1942964.74.7
 
 
 
 
AdRotate Plugin SQL Statement adrotate_action sql injection0.00CVE-2022-0267
1942953.53.5
 
 
 
 
Smart Forms Plugin AJAX Action rednao_smart_forms_entries_list authorization0.04CVE-2022-0163
1942946.36.3
 
 
 
 
Conversios.io Plugin SQL Statement tvcajax_product_sync_bantch_wise sql injection0.07CVE-2021-24952
1942936.36.3
 
 
 
 
Tradetracker-Store Plugin SQL Statement sql injection0.00CVE-2021-24778
1942926.36.3
 
 
 
 
Hotscot Contact Form Plugin SQL Statement sql injection0.00CVE-2021-24777
1942913.53.5
 
 
 
 
Product Feed PRO for WooCommerce Plugin AJAX Action woosea_categories_dropdown cross site scripting0.00CVE-2022-0426
1942903.53.5
 
 
 
 
Multisite Content Copier Plugin Attribute cross site scripting0.04CVE-2021-25039
1942893.53.5
 
 
 
 
Multisite User Sync Plugin Attribute cross site scripting0.06CVE-2021-25038
1942884.34.3
 
 
 
 
Download Manager Plugin REST API Endpoint access control0.00CVE-2021-25087
1942874.34.3
 
 
 
 
Custom Content Shortcode Plugin Field Shortcode access control0.00CVE-2021-24824
1942863.53.5
 
 
 
 
Custom Content Shortcode Plugin access control0.00CVE-2021-24825
1942854.34.3
 
 
 
 
All-in-One WP Migration Plugin File Extension unrestricted upload0.04CVE-2021-24216
1942846.36.3
 
 
 
 
Mozilla Firefox/Firefox ESR/Thunderbird WebGPU IPC Framework use after free0.31CVE-2022-26486
1942836.36.3
 
 
 
 
Mozilla Firefox/Firefox ESR/Thunderbird XSLT Parameter use after free0.24CVE-2022-26485

4 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!