CVSSv3 03/25/2022

CVSSv3 Base

≤10
≤20
≤30
≤44
≤54
≤67
≤78
≤82
≤92
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤44
≤55
≤69
≤76
≤81
≤92
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤44
≤54
≤67
≤79
≤82
≤91
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤52
≤61
≤72
≤82
≤92
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
1957847.66.3
 
9.0
 
 
ForkCMS Marking Blog Comment sql injection0.050.00885CVE-2022-1064
1957833.53.5
 
 
 
 
Yonyou u8 WebHelp cross site scripting0.020.00954CVE-2022-26263
1957826.36.3
 
 
 
 
YesWiki Registration Form sql injection0.040.00885CVE-2021-43091
1957815.55.5
 
 
 
 
PowerDNS Authoritative Server/PowerDNS Recursor Zone Transfer Privilege Escalation0.070.01537CVE-2022-27227
1957808.57.3
 
9.8
 
 
Sophos Firewall User Portal/Webadmin improper authentication0.040.32624CVE-2022-1040
1957796.36.3
 
 
 
 
ALF-BanCO hard-coded password0.040.00885CVE-2022-25577
1957786.45.3
 
7.5
 
 
grpc-swift GOAWAY Frame assertion0.020.00885CVE-2022-24777
1957773.53.5
 
 
 
 
douphp Image File show.php cross site scripting0.060.00885CVE-2022-25574
1957763.53.5
 
 
 
 
phpIPAM Subnet find_free_section_subnets.php cross site scripting0.080.01018CVE-2021-46426
1957754.64.6
 
 
 
 
TinyShop admin.php denial of service0.070.00950CVE-2020-21554
1957745.36.3
 
4.3
 
 
F-Secure Safe Browser USSD Code access control0.030.00885CVE-2021-44751
1957735.55.5
 
 
 
 
zlib memory corruption0.070.02686CVE-2018-25032
1957728.88.8
 
8.8
 
 
Synology DiskStation Manager File Service command injection0.040.01055CVE-2022-22688
1957719.89.8
 
9.8
 
 
Synology DiskStation Manager Authentication buffer overflow0.030.01156CVE-2022-22687
1957705.55.5
 
 
 
 
Survey King Excel File Export csv injection0.020.01086CVE-2022-26249
1957696.05.6
 
6.5
 
 
IBM Power 9 OP940 downgrade0.040.00885CVE-2022-22374
1957683.53.5
 
 
 
 
Management System cross site scripting0.000.00885CVE-2022-25575
1957676.36.3
 
 
 
 
Dreamer CMS sql injection0.000.00885CVE-2021-43084
1957667.27.3
 
7.1
 
 
Geon session fixiation0.030.00890CVE-2022-24781
1957656.26.3
 
6.1
 
 
Flask-AppBuilder Database Authentication Login Page redirect0.070.00954CVE-2022-24776
1957645.35.3
 
 
 
 
ARM mbed TLS Password Length mbedtls_pkcs12_derivation denial of service0.080.00885CVE-2021-43666
1957635.55.5
 
 
 
 
EyouCMS sqldata access control0.020.00885CVE-2022-26279
1957624.34.3
 
 
 
 
Bluedon Internet Access Detector Password File information disclosure0.030.00885CVE-2022-25571
1957614.34.3
 
4.3
 
 
Discourse Security Category information disclosure0.050.00890CVE-2022-24782
1957606.16.3
 
5.9
 
 
Moby permission assignment0.040.01537CVE-2022-24769
1957594.34.3
 
 
 
 
Anchor CMS Post posts.php cross-site request forgery0.040.00885CVE-2022-25576
1957586.36.3
 
 
 
 
yeyinshi TuziCMS ZhuantiController.class.php sql injection0.020.00885CVE-2022-26301
1957576.36.3
 
 
 
 
ionize String config.php Privilege Escalation0.040.01156CVE-2022-26272

Do you know our Splunk app?

Download it now for free!