CVSSv3 03/10/2022

CVSSv3 Base

≤10
≤20
≤31
≤413
≤59
≤69
≤723
≤81
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤411
≤59
≤616
≤717
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤36
≤411
≤512
≤66
≤719
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤44
≤54
≤66
≤76
≤83
≤91
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1945233.53.5
 
 
 
 
SAP Netweaver Enterprise Portal cross site scripting0.00CVE-2022-24397
1945223.53.5
 
 
 
 
SAP Netweaver Enterprise Portal cross site scripting0.00CVE-2022-24395
1945213.13.1
 
 
 
 
Phicomm K2/K3/K3C/K2 A7/K2G A1 UDP Packet information disclosure0.00CVE-2022-25219
1945205.05.0
 
 
 
 
Phicomm K2/K3/K3C/K2 A7/K2G A1 UDP access control0.06CVE-2022-25218
1945193.53.5
 
 
 
 
Luocms sort_add.php cross site scripting0.00CVE-2022-24608
1945183.53.5
 
 
 
 
SAP NetWeaver Real Time Messaging Framework authorization0.03CVE-2022-26103
1945176.26.3
 
6.1
 
 
LibTIFF TIFF Image tiffcrop.c ExtractImageSection heap-based overflow0.16CVE-2022-0891
1945165.55.5
 
 
 
 
Luocms template_manage.php access control0.03CVE-2022-24609
1945156.36.3
 
 
 
 
Luocms news_ok.php sql injection0.03CVE-2022-24607
1945146.36.3
 
 
 
 
Luocms sort_ok.php sql injection0.06CVE-2022-24606
1945136.36.3
 
 
 
 
Luocms link_mod.php sql injection0.00CVE-2022-24604
1945126.36.3
 
 
 
 
Luocms sort_mod.php sql injection0.03CVE-2022-24603
1945116.36.3
 
 
 
 
Luocms news_mod.php sql injection0.07CVE-2022-24602
1945105.55.5
 
 
 
 
Luocms admin_mod.php sql injection0.00CVE-2022-24601
1945096.36.3
 
 
 
 
Luocms login.php sql injection0.03CVE-2022-24600
1945086.36.3
 
 
 
 
Linux Kernel KVM kvm-s390.c kvm_s390_guest_sida_op memory corruption0.09CVE-2022-0516
1945076.56.5
 
 
 
 
Linux Kernel BPF Subsystem map_get_next_key uninitialized resource0.07CVE-2022-0433
1945066.36.3
 
 
 
 
Linux Kernel volumes.c btrfs_rm_device null pointer dereference0.10CVE-2021-3739
1945054.34.3
 
 
 
 
Linux Kernel OverlayFS Subsystem information disclosure0.13CVE-2021-3732
1945045.55.5
 
 
 
 
SAP NetWeaver Application Server for ABAP authorization0.03CVE-2022-26102
1945036.36.3
 
 
 
 
Network Olympus JSON eventinstance sql injection0.00CVE-2022-25225
1945024.94.3
 
5.5
 
 
LibTIFF tiffcp denial of service0.07CVE-2022-0865
1945016.56.5
 
 
 
 
Linux Kernel Operation Trigger denial of service0.06CVE-2021-4023
1945004.74.7
 
 
 
 
Abantecart Media Manager unrestricted upload0.00CVE-2022-26521
1944996.36.3
 
 
 
 
SentCMS upload unrestricted upload0.00CVE-2022-24652
1944986.36.3
 
 
 
 
SentCMS upload unrestricted upload0.00CVE-2022-24651
1944973.53.5
 
 
 
 
Citrix Federated Authentication Service exposure of resource0.16CVE-2022-26355
1944966.36.3
 
 
 
 
SalesAgility SuiteCRM Scheduled Reports deserialization0.00CVE-2022-23940
1944954.34.3
 
4.3
 
 
Mattermost Server Document Extractor stack-based overflow0.10CVE-2022-0904
1944946.56.5
 
 
 
 
Linux Kernel KVM null pointer dereference0.03CVE-2021-4095
1944935.35.3
 
5.3
 
 
phpMyAdmin information disclosure0.13CVE-2022-0813
1944923.32.4
 
4.3
 
 
Microweber File Upload cross site scripting0.09CVE-2022-0906
1944916.97.3
 
6.5
 
 
gitea improper authorization0.10CVE-2022-0905
1944906.35.0
 
7.7
 
 
Microweber code injection0.00CVE-2022-0895
1944893.13.1
 
 
 
 
Apache Spark Mutual Authentication Protocol improper authentication0.03CVE-2021-38296
1944884.43.5
 
5.4
 
 
WAGO Compact Controller CC100 Configuration Page cross site scripting0.07CVE-2022-22511
1944873.63.5
 
3.7
 
 
Zabbix Link cross site scripting0.06CVE-2022-24919
1944864.12.8
 
5.5
 
 
mruby null pointer dereference0.03CVE-2022-0890
1944853.12.6
 
3.7
 
 
Zabbix Link cross site scripting0.00CVE-2022-24918
1944843.12.6
 
3.7
 
 
Zabbix Link cross site scripting0.00CVE-2022-24917
1944834.03.5
 
4.6
 
 
Zabbix Action Pages cross site scripting0.00CVE-2022-24349
1944826.54.3
 
8.8
 
 
Schneider Electric Ritto Wiser Door Door Panel information disclosure0.00CVE-2021-22783
1944816.36.3
 
 
 
 
Schneider Electric SMT/SMTL/SCL/SMX UPS authentication replay0.30CVE-2022-22806
1944806.36.3
 
 
 
 
Schneider Electric SMT/SMC/SCL/SMX/SRT UPS improper authentication1.40CVE-2022-0715
1944795.35.3
 
5.3
 
 
Schneider Electric EcoStruxure Process Expert Modbus Response unusual condition0.03CVE-2022-24323
1944783.53.5
 
3.5
 
 
Nextcloud Server File resource consumption0.03CVE-2022-24741
1944776.36.3
 
6.3
 
 
Maddy PAM session expiration0.00CVE-2022-24732
1944766.14.6
 
7.7
 
 
Stripe CLI os command injection0.03CVE-2022-24753
1944755.65.9
 
5.3
 
 
Schneider Electric EcoStruxure Control Expert Modbus Response memory corruption0.07CVE-2022-24322
1944747.37.3
 
 
 
 
Schneider Electric SMT/SMC/SMTL/SCL/SMX TLS Packet buffer overflow0.76CVE-2022-22805

6 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!