CVSSv3 03/17/2022

CVSSv3 Base

≤10
≤20
≤31
≤415
≤515
≤634
≤728
≤814
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤424
≤56
≤647
≤718
≤811
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤416
≤519
≤632
≤727
≤813
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤50
≤64
≤75
≤87
≤93
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1954047.37.3
 
 
 
 
BuilderTorCTPHPRAT.b unrestricted upload0.04
1954036.36.3
 
 
 
 
Anaconda/Miniconda3 Environment Variable uncontrolled search path0.08CVE-2022-26526
1954025.35.3
 
 
 
 
Veeam Agent deserialization0.07CVE-2022-26503
1954016.36.3
 
 
 
 
Kingsoft WPS Presentation PPS File d3dx9_41.dll uncontrolled search path0.08CVE-2022-26511
1954006.36.3
 
 
 
 
Kingsoft WPS Office Installer shcore.dll uncontrolled search path0.14CVE-2022-26081
1953996.36.3
 
 
 
 
Kingsoft WPS Office Installer VERSION.DLL uncontrolled search path0.04CVE-2022-25969
1953987.26.3
 
8.1
 
 
ChainSafe libp2p-noise Noise Protocol signature verification0.08CVE-2022-24759
1953975.55.5
 
 
 
 
Minimist index.js setKey code injection0.43CVE-2021-44906
1953966.36.3
 
 
 
 
Kingsoft Internet Security 9 Plus Kernel Mode Driver stack-based overflow0.08CVE-2022-25949
1953956.36.3
 
 
 
 
Gradle Enterprise Default Built-in Cache Configuration access control0.11CVE-2022-25364
1953947.37.3
 
 
 
 
Frams Fast File EXchange fexsrv injection0.08CVE-2020-15591
1953936.55.6
 
7.4
 
 
SinGooCMS.Utility Socket Client Remote Code Execution0.00CVE-2022-0749
1953926.76.3
 
7.1
 
 
accesslog Constructor code injection0.04CVE-2022-25760
1953917.97.3
 
8.6
 
 
set-in Object Prototype code injection0.04CVE-2022-25354
1953907.47.3
 
7.5
 
 
libnested index.js code injection0.04CVE-2022-25352
1953896.36.3
 
6.3
 
 
bodymen code injection0.00CVE-2022-25296
1953885.55.5
 
 
 
 
SailsJS Sails.js load-action-modules.js loadActionModules code injection0.08CVE-2021-44908
1953876.97.3
 
6.5
 
 
notevil code injection0.04CVE-2021-23771
1953865.75.0
 
6.4
 
 
guake D-Bus Interface execute_command_by_uuid Privilege Escalation0.00CVE-2021-23556
1953854.83.7
 
5.9
 
 
valyala fasthttp ServeFile pathname traversal0.08CVE-2022-21221
1953847.04.3
 
9.8
 
 
post-loader Markdown Parser cross site scripting0.00CVE-2022-0748
1953837.37.3
 
 
 
 
Netgear W104 MNU_top.htm improper authentication0.00CVE-2021-44262
1953827.37.3
 
 
 
 
Netgear W104 BRS_top.html improper authentication0.04CVE-2021-44261
1953817.37.3
 
 
 
 
WAVLINK AC1200 live_mfg.html improper authentication0.08CVE-2021-44260
1953807.37.3
 
 
 
 
WAVLINK AC1200 wx.html improper authentication0.04CVE-2021-44259
1953795.34.1
 
6.6
 
 
git Git os command injection0.07CVE-2021-23632
1953787.47.3
 
7.5
 
 
Pylons Waitress HTTP Request request smuggling0.07CVE-2022-24761
1953776.36.3
 
 
 
 
Slims9 Bulian backup.php sql injection0.04CVE-2021-45794
1953766.36.3
 
 
 
 
Slims9 Bulian comment.inc.php sql injection0.08CVE-2021-45793
1953757.56.3
 
8.8
 
 
prasathmani TinyFileManager path traversal0.04CVE-2022-1000
1953743.53.5
 
 
 
 
Slims9 Bulian custom_field.php cross site scripting0.00CVE-2021-45792
1953736.36.3
 
 
 
 
Slims8 Akasia index.php sql injection0.00CVE-2021-45791
1953723.53.5
 
 
 
 
Naver Whale HWP File file access0.00CVE-2022-24075
1953715.55.5
 
 
 
 
Naver Whale Bridge access control0.07CVE-2022-24074
1953705.55.5
 
 
 
 
Naver Whale Web Request API access control0.04CVE-2022-24073
1953695.05.0
 
 
 
 
Naver Whale devtools API privileges management0.07CVE-2022-24072
1953683.53.5
 
 
 
 
DolphinPHP User Management Page cross site scripting0.14
1953676.36.3
 
 
 
 
Google Chrome New Tab Page use after free0.11CVE-2022-0980
1953666.36.3
 
 
 
 
Google Chrome Safe Browsing use after free0.07CVE-2022-0979
1953656.36.3
 
 
 
 
Google Chrome ANGLE use after free0.14CVE-2022-0978
1953646.36.3
 
 
 
 
Google Chrome Browser UI use after free0.07CVE-2022-0977
1953636.36.3
 
 
 
 
Google Chrome GPU heap-based overflow0.08CVE-2022-0976
1953626.36.3
 
 
 
 
Google Chrome ANGLE use after free0.14CVE-2022-0975
1953616.36.3
 
 
 
 
Google Chrome Splitscreen use after free0.04CVE-2022-0974
1953606.36.3
 
 
 
 
Google Chrome Safe Browsing use after free0.16CVE-2022-0973
1953596.36.3
 
 
 
 
Google Chrome Extensions use after free0.24CVE-2022-0972
1953586.36.3
 
 
 
 
Google Chrome Blink Layout use after free0.76CVE-2022-0971
1953573.53.5
 
 
 
 
Sourcecodester Online Project Time Management System cross site scripting0.04CVE-2022-26295
1953564.84.3
 
5.4
 
 
braintree sanitize-url sanitizeUrl cross site scripting0.04CVE-2021-23648
1953554.84.8
 
 
 
 
Google Android RequestManageCredentials.java onCreate improper restriction of rendered ui layers0.00CVE-2021-39702

58 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!