CVSSv3 03/22/2022

CVSSv3 Base

≤10
≤20
≤33
≤48
≤512
≤613
≤713
≤810
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤48
≤513
≤616
≤716
≤83
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤33
≤48
≤513
≤616
≤711
≤89
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤42
≤51
≤61
≤71
≤84
≤92
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1956162.92.4
 
3.4
 
 
Electron Web Bluetooth API exposure of resource0.05CVE-2022-21718
1956155.55.5
 
 
 
 
tcpprep tree.c packet2tree assertion0.09CVE-2022-25484
1956146.25.4
 
7.1
 
 
CycloneDX BOM Repository Server path traversal0.09CVE-2022-24774
1956136.36.3
 
 
 
 
WebRun Login sql injection0.09CVE-2021-43650
1956126.45.3
 
7.5
 
 
PJSIP PJSUA2 pjmedia_sdp_media_print stack-based overflow0.05CVE-2022-24764
1956114.74.1
 
5.3
 
 
microweber integer overflow0.13CVE-2022-1036
1956105.55.5
 
 
 
 
GlobalProtect-openconnect GPService access control0.13CVE-2021-45810
1956098.08.0
 
 
 
 
GlobalProtect-openconnect GPService access control0.04CVE-2021-45809
1956086.94.7
 
9.1
 
 
star7th showdoc unrestricted upload0.04CVE-2022-1034
1956077.37.3
 
 
 
 
Backdoor.Win32.BirdSpy.b Service Port 50829 hard-coded credentials0.13
1956067.37.3
 
 
 
 
Backdoor.Win32.Agent.bxxn Service Port 1080 backdoor0.00
1956054.34.3
 
4.3
 
 
crater-invoice cross-site request forgery0.08CVE-2022-0515
1956044.34.3
 
 
 
 
Chamilo LMS URL cross-site request forgery0.04CVE-2021-40662
1956034.34.3
 
 
 
 
Snapt Aria cross-site request forgery0.09CVE-2022-24235
1956025.95.4
 
6.5
 
 
crater-invoice behavioral workflow0.04CVE-2022-0514
1956017.56.3
 
8.8
 
 
Sophos UTM Mail Manager sql injection0.05CVE-2022-0386
1956005.55.5
 
 
 
 
Axiomatic Bento4 AP4_HvccAtom heap-based overflow0.04CVE-2022-27607
1955993.53.5
 
 
 
 
Bigantsoft BigAnt Server denial of service0.09CVE-2022-23352
1955983.53.5
 
 
 
 
Bigantsoft BigAnt Server cross site scripting0.17CVE-2022-23350
1955974.34.3
 
 
 
 
Bigantsoft BigAnt Server cross-site request forgery0.04CVE-2022-23349
1955966.45.3
 
7.5
 
 
guzzlehttp psr7 Header Parser input validation0.17CVE-2022-24775
1955956.36.3
 
 
 
 
Snapt Aria Email permission0.00CVE-2022-24236
1955944.64.6
 
 
 
 
idcCMS Setting install.lock denial of service0.00CVE-2022-27333
1955935.55.5
 
 
 
 
CSCMS redirect0.00CVE-2022-27090
1955925.55.5
 
 
 
 
Chamilo LMS Plugin code injection0.09CVE-2021-38745
1955916.36.3
 
 
 
 
Sourcecodester Simple Subscription Website Apply Endpoint sql injection0.00CVE-2022-26285
1955906.36.3
 
 
 
 
Sourcecodester Simple Client Management System manage_client endpoint sql injection0.00CVE-2022-26284
1955895.55.5
 
 
 
 
Sourcecodester Simple Subscription Website view_plan endpoint sql injection0.03CVE-2022-26283
1955886.36.3
 
 
 
 
Poetry untrusted search path0.07CVE-2022-26184
1955876.36.3
 
 
 
 
PNPM untrusted search path0.04CVE-2022-26183
1955862.62.6
 
 
 
 
Bigantsoft BigAnt Server unknown vulnerability0.00CVE-2022-23348
1955855.55.5
 
 
 
 
Bigantsoft BigAnt Server pathname traversal0.03CVE-2022-23347
1955845.55.5
 
 
 
 
Bigantsoft BigAnt Server access control0.11CVE-2022-23346
1955835.55.5
 
 
 
 
Bigantsoft BigAnt Server access control0.00CVE-2022-23345
1955824.34.3
 
 
 
 
Lexar F35 Authentication Module access control0.04CVE-2021-46390
1955815.55.5
 
 
 
 
Snapt Aria snaptPowered2 command injection0.09CVE-2022-24237
1955803.23.1
 
3.3
 
 
Sophos UTM Confd Log File unknown vulnerability0.07CVE-2022-0652
1955798.57.3
 
9.8
 
 
mitmproxy request smuggling0.04CVE-2022-24766
1955786.36.3
 
 
 
 
Beekeeper Studio Display Field injection0.00CVE-2022-26174
1955777.56.3
 
8.8
 
 
ungit fetch argument injection0.04CVE-2022-25766
1955763.53.5
 
 
 
 
3D FlipBook Plugin Setting cross site scripting0.00CVE-2022-0423
1955754.34.3
 
 
 
 
Simple Membership Plugin Transaction cross-site request forgery0.13CVE-2022-0681
1955744.34.3
 
 
 
 
Pricing Table Builder Plugin Admin Page cross site scripting0.00CVE-2022-0640
1955733.53.5
 
 
 
 
Mega Menu Plugin Admin Page cross site scripting0.04CVE-2022-0628
1955723.53.5
 
 
 
 
Amelia Plugin Admin Page cross site scripting0.04CVE-2022-0627
1955714.34.3
 
 
 
 
Amelia Plugin cross-site request forgery0.00CVE-2022-0616
1955702.42.4
 
 
 
 
BulletProof Security Plugin Setting cross site scripting0.00CVE-2022-0590
1955693.53.5
 
 
 
 
Modern Events Calendar Lite Plugin Hourly Schedule cross site scripting0.00CVE-2022-0364
1955683.53.5
 
 
 
 
Squirrly SEO Plugin Admin Page cross site scripting0.04CVE-2021-25019
1955677.37.3
 
 
 
 
Simple Link Directory Plugin SQL Statement qcopd_upvote_action sql injection0.00CVE-2022-0760

10 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!