CVSSv3 03/18/2022

CVSSv3 Base

≤10
≤20
≤32
≤45
≤55
≤612
≤710
≤88
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤47
≤57
≤613
≤711
≤82
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤46
≤56
≤611
≤710
≤88
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤42
≤50
≤62
≤71
≤81
≤92
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1954535.64.7
 
6.6
 
 
FV Flowplayer Video Player Plugin sql injection0.06CVE-2022-25607
1954526.34.3
 
8.3
 
 
Responsive Menu Plugin Nonce Token information disclosure0.03CVE-2022-25602
1954516.36.3
 
 
 
 
Linux Kernel FUSE Filesystem dev.c write cleanup0.00CVE-2022-1011
1954445.55.5
 
 
 
 
Automotive Grade Linux HTTP afb-daemon access control0.00CVE-2022-24595
1954438.37.5
 
9.1
 
 
Linux Kernel ICMPv6 Packet igmp6_event_report resource consumption0.06CVE-2022-0742
1954427.37.3
 
 
 
 
SourceCodester One Church Management System attendancy.php sql injection0.11CVE-2022-1080
1954417.57.5
 
 
 
 
ISC BIND DS Record resume_dslookup assertion0.07CVE-2022-0667
1954407.57.5
 
 
 
 
ISC BIND DNSSEC query.c query_dname assertion0.03CVE-2022-0635
1954395.35.3
 
 
 
 
ISC BIND TCP Packet denial of service0.00CVE-2022-0396
1954383.83.8
 
 
 
 
ISC BIND Forwarder dns rebinding0.05CVE-2021-25220
1954374.43.3
 
5.5
 
 
Google SA360 tmp permission0.00CVE-2021-22571
1954366.36.3
 
 
 
 
Netgear EX6100v1/CAX80/DC112A UPnP Service stack-based overflow0.03CVE-2022-24655
1954356.36.3
 
 
 
 
Online Admission System documents.php unrestricted upload0.00CVE-2021-45835
1954345.55.5
 
 
 
 
OpenDocMan Portal add.php unrestricted upload0.04CVE-2021-45834
1954334.74.7
 
 
 
 
Pluck Theme Upload unrestricted upload0.03CVE-2022-26965
1954325.55.5
 
 
 
 
Glewlwyd SSO Server WebAuthn webauthn.c buffer overflow0.06CVE-2022-27240
1954313.53.5
 
 
 
 
Google Go ssh Library denial of service0.04CVE-2022-27191
1954305.55.5
 
 
 
 
Pascom Cloud Phone System Jive platform server-side request forgery0.03CVE-2021-45968
1954295.55.5
 
 
 
 
Pascom Cloud Phone System Tomcat config0.06CVE-2021-45967
1954286.36.3
 
 
 
 
Pascom Cloud Phone System Management REST API apply os command injection0.07CVE-2021-45966
1954275.55.5
 
 
 
 
Linux Kernel Quota Tree quota_tree.c use after free0.04CVE-2021-45868
1954264.34.3
 
 
 
 
SourceCodester One Church Management System churchprofile.php cross site scripting0.07CVE-2022-1079
1954255.35.3
 
 
 
 
BuilderPandoraRat.b Service Port 6622 hard-coded password0.03
1954247.37.3
 
 
 
 
BuilderOrcus hard-coded password0.03
1954236.36.3
 
 
 
 
BuilderOrcus permission0.04
1954226.36.3
 
 
 
 
BuilderRevengeRAT Service Port 333 xml external entity reference0.04
1954214.34.3
 
 
 
 
BuilderTorCTPHPRAT.b Web Panel cross site scripting0.05
1954205.35.3
 
 
 
 
BuilderTorCTPHPRAT.b hard-coded password0.00
1954193.02.8
 
3.3
 
 
Rapid7 Nexpose Shared Scan Configuration cross site scripting0.04CVE-2022-0758
1954183.53.5
 
 
 
 
Ligeo Download server-side request forgery0.05CVE-2021-46107
1954175.55.5
 
 
 
 
Veeam Backup and Replication access control0.14CVE-2022-26501
1954163.63.3
 
4.0
 
 
Rapid7 Insight Agent runas.exe access control0.03CVE-2022-0237
1954152.62.6
 
 
 
 
qs merge denial of service0.03CVE-2021-44907
1954144.94.9
 
 
 
 
Sonatype Nexus Repository Manager injection0.04CVE-2021-43961
1954137.56.3
 
8.8
 
 
gradio Spreadsheet csv injection0.04CVE-2022-24770
1954123.53.5
 
 
 
 
Paramiko write_private_key_file information disclosure0.06CVE-2022-24302
1954115.45.3
 
5.5
 
 
Rapid7 Nexpose Search Criteria sql injection0.05CVE-2022-0757
1954106.36.3
 
 
 
 
Spatie media-library-pro unrestricted upload0.06CVE-2021-45040
1954096.36.3
 
 
 
 
Veeam Backup and Replication API unrestricted upload0.00CVE-2022-26500
1954087.57.5
 
7.5
 
 
Nvidia Flare Admin Interface allocation of resources0.04CVE-2022-21822
1954077.37.3
 
 
 
 
SourceCodester Attendance and Payroll System Login improper authentication0.00CVE-2021-44088
1954066.36.3
 
 
 
 
Veeam Backup and Replication Veeam.Backup.PSManager.exe improper authentication0.00CVE-2022-26504
1954057.37.3
 
 
 
 
SourceCodester Attendance and Payroll System Photo unrestricted upload0.03CVE-2021-44087

Do you want to use VulDB in your project?

Use the official API to access entries easily!