CVSSv3 03/19/2022

CVSSv3 Base

≤10
≤21
≤30
≤413
≤56
≤637
≤715
≤81
≤90
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤30
≤413
≤56
≤644
≤78
≤81
≤90
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤35
≤415
≤53
≤633
≤715
≤80
≤92
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤21
≤31
≤41
≤57
≤63
≤72
≤87
≤91
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1955286.85.5
 
8.2
 
 
Admidio session expiration0.05CVE-2022-0991
1955274.34.3
 
 
 
 
iRZ Mobile Router Administration Panel crontab cross-site request forgery0.03CVE-2022-27226
1955265.55.5
 
 
 
 
Classcms TXT File Upload classupload code injection0.00CVE-2022-25581
1955255.55.5
 
 
 
 
taocms .htaccess code injection0.05CVE-2022-25578
1955246.36.3
 
 
 
 
Chipset Privilege Escalation0.04CVE-2022-27250
1955235.55.5
 
 
 
 
Tenda AC6 SetPptpServerCfg stack-based overflow0.00CVE-2022-25461
1955225.55.5
 
 
 
 
Tenda AC6 SetPptpServerCfg stack-based overflow0.04CVE-2022-25460
1955215.55.5
 
 
 
 
Tenda AC6 SetSysTimeCfg stack-based overflow0.00CVE-2022-25459
1955205.55.5
 
 
 
 
Tenda AC6 exeCommand stack-based overflow0.04CVE-2022-25458
1955195.55.5
 
 
 
 
Tenda AC6 SetSysTimeCfg stack-based overflow0.05CVE-2022-25457
1955185.55.5
 
 
 
 
Tenda AC6 WifiBasicSet stack-based overflow0.00CVE-2022-25456
1955175.55.5
 
 
 
 
Tenda AC6 SetFirewallCfg stack-based overflow0.05CVE-2022-25454
1955165.55.5
 
 
 
 
Tenda AC6 saveParentControlInfo stack-based overflow0.05CVE-2022-25453
1955155.55.5
 
 
 
 
Tenda AC6 saveParentControlInfo stack-based overflow0.00CVE-2022-25452
1955145.55.5
 
 
 
 
Tenda AC6 setstaticroutecfg stack-based overflow0.05CVE-2022-25451
1955135.55.5
 
 
 
 
Tenda AC6 SetVirtualServerCfg stack-based overflow0.03CVE-2022-25450
1955125.55.5
 
 
 
 
Tenda AC6 saveParentControlInfo stack-based overflow0.03CVE-2022-25449
1955115.55.5
 
 
 
 
Tenda AC6 openSchedWifi stack-based overflow0.00CVE-2022-25448
1955105.55.5
 
 
 
 
Tenda AC6 openSchedWifi stack-based overflow0.04CVE-2022-25447
1955095.55.5
 
 
 
 
Tenda AC6 openSchedWifi stack-based overflow0.05CVE-2022-25446
1955085.55.5
 
 
 
 
Tenda AC6 PowerSaveSet stack-based overflow0.03CVE-2022-25445
1955075.55.5
 
 
 
 
Tenda AC9 SetSysTimeCfg stack-based overflow0.00CVE-2022-25440
1955065.55.5
 
 
 
 
Tenda AC9 SetVirtualServerCfg stack-based overflow0.03CVE-2022-25437
1955055.55.5
 
 
 
 
Tenda AC9 SetStaticRoutecfg stack-based overflow0.03CVE-2022-25435
1955045.55.5
 
 
 
 
Tenda AC9 SetFirewallCfg stack-based overflow0.05CVE-2022-25434
1955035.55.5
 
 
 
 
Tenda AC9 saveparentcontrolinfo stack-based overflow0.00CVE-2022-25433
1955025.55.5
 
 
 
 
Tenda AC9 Formsetqosband stack-based overflow0.00CVE-2022-25431
1955015.55.5
 
 
 
 
Tenda AC9 saveparentcontrolinfo buffer overflow0.08CVE-2022-25429
1955005.55.5
 
 
 
 
Tenda AC9 saveparentcontrolinfo stack-based overflow0.00CVE-2022-25428
1954995.55.5
 
 
 
 
Tenda AC9 openSchedWifi stack-based overflow0.07CVE-2022-25427
1954986.36.3
 
 
 
 
Tenda AC9 SetIPTVCfg Privilege Escalation0.04CVE-2022-25441
1954976.36.3
 
 
 
 
Tenda AC9 SetIPTVCfg Privilege Escalation0.04CVE-2022-25438
1954965.55.5
 
 
 
 
Tenda AC6 SetIpMacBind stack-based overflow0.04CVE-2022-25455
1954955.55.5
 
 
 
 
Tenda AC9 SetIpMacBind stack-based overflow0.04CVE-2022-25439
1954943.53.5
 
 
 
 
Piwigo maintenance_actions.php information disclosure0.03CVE-2022-26267
1954936.36.3
 
 
 
 
Piwigo pwg.users.php sql injection0.08CVE-2022-26266
1954923.53.5
 
 
 
 
DCN Firewall DCME-520 log_management.php information disclosure0.04CVE-2022-25389
1954916.36.3
 
 
 
 
Contao Managed Edition Privilege Escalation0.04CVE-2022-26265
1954906.36.3
 
 
 
 
DCN Firewall DCME-520 ping.php Privilege Escalation0.04CVE-2022-25390
1954893.62.4
 
4.8
 
 
Accelerated Mobile Pages Plugin cross site scripting0.04CVE-2021-23150
1954883.82.7
 
4.9
 
 
IBM Business Automation Workflow cleartext storage0.04CVE-2021-39046
1954875.44.3
 
6.5
 
 
IBM Engineering Requirements Quality Assistant denial of service0.00CVE-2021-29899
1954865.55.5
 
 
 
 
MISP CLI Server.php server-side request forgery0.04CVE-2022-27245
1954855.35.3
 
 
 
 
Open Web Analytics Cache Hash information disclosure0.04CVE-2022-24637
1954847.88.8
 
6.7
 
 
Rockwell Automation ISaGRAF Runtime uncontrolled search path0.04CVE-2020-25182
1954833.74.1
 
3.3
 
 
Mattermost API privileges management0.03CVE-2022-1003
1954822.02.0
 
2.0
 
 
Mattermost Email Invitation injection0.00CVE-2022-1002
1954813.73.7
 
 
 
 
OpenVPN External Authentication Plug-in authentication bypass0.00CVE-2022-0547
1954807.06.5
 
7.5
 
 
Syltek Payment insufficient verification of data authenticity0.04CVE-2021-4031
1954793.53.5
 
 
 
 
Brocade Fabric OS Web Application information disclosure0.00CVE-2021-27789

25 more entries are not shown

Do you know our Splunk app?

Download it now for free!