CVSSv3 03/23/2022

CVSSv3 Base

≤10
≤20
≤31
≤43
≤53
≤611
≤73
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤44
≤53
≤610
≤75
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤41
≤55
≤611
≤72
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤42
≤51
≤62
≤71
≤82
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1956395.75.7
 
 
 
 
Asus RT-AC68U blocking.cgi denial of service0.09CVE-2021-45757
1956385.55.5
 
 
 
 
Asus RT-AC68U/RT-AC5300 blocking_request.cgi buffer overflow0.09CVE-2021-45756
1956374.84.3
 
5.4
 
 
McAfee ePolicy Orchestrator Link cross site scripting0.09CVE-2022-0857
1956365.34.2
 
6.5
 
 
McAfee ePolicy Orchestrator insufficiently protected credentials0.04CVE-2022-0859
1956353.74.2
 
3.1
 
 
McAfee being API password recovery0.04CVE-2022-0862
1956344.34.3
 
4.3
 
 
McAfee ePolicy Orchestrator Link cross site scripting0.05CVE-2022-0858
1956334.02.7
 
5.4
 
 
McAfee ePolicy Orchestrator sql injection0.09CVE-2022-0842
1956324.14.7
 
3.5
 
 
McAfee ePolicy Orchestrator Extension Import xml external entity reference0.04CVE-2022-0861
1956317.37.3
 
 
 
 
Apache Traffic Server TLS Origin improper authentication0.00CVE-2021-44759
1956305.55.5
 
 
 
 
Apache Traffic Server Request Line Parser input validation0.08CVE-2021-44040
1956296.76.3
 
7.2
 
 
crater-invoice unrestricted upload0.04CVE-2022-1033
1956285.55.5
 
 
 
 
Linux Kernel ESP Transformation esp4.c buffer overflow0.21CVE-2022-27666
1956273.53.5
 
 
 
 
enhanced-github cross site scripting0.05CVE-2021-33961
1956262.62.6
 
 
 
 
CMDBuild Temporary Log Table information disclosure0.05CVE-2022-25518
1956256.35.3
 
7.3
 
 
radare2 op_is_set_bp use after free0.05CVE-2022-1031
1956245.55.5
 
 
 
 
TOTOLINK N600R Login Interface command injection0.04CVE-2022-26189
1956235.55.5
 
 
 
 
TOTOLINK N600R NTPSyncWithHost command injection0.00CVE-2022-26188
1956225.55.5
 
 
 
 
TOTOLINK N600R pingCheck command injection0.04CVE-2022-26187
1956215.55.5
 
 
 
 
TOTOLINK N600R exportOvpn Interface cstecgi.cgi command injection0.00CVE-2022-26186
1956207.37.3
 
 
 
 
Bitrix Site Manager Vote Module Remote Code Execution0.13CVE-2022-27228
1956195.55.5
 
 
 
 
Simple-Plist parse code injection0.05CVE-2022-26260
1956186.36.3
 
 
 
 
MyBatis AbstractWrapper.java sql injection0.04CVE-2022-25517
1956175.55.5
 
 
 
 
Faust propagate.cpp realPropagate heap-based overflow0.13CVE-2021-41736

Do you want to use VulDB in your project?

Use the official API to access entries easily!