CVSSv3 03/26/2022

CVSSv3 Base

≤10
≤20
≤30
≤422
≤512
≤611
≤717
≤89
≤93
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤423
≤513
≤615
≤716
≤84
≤93
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤422
≤515
≤610
≤714
≤811
≤90
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤42
≤53
≤60
≤70
≤85
≤92
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1958596.36.3
 
 
 
 
Netgear R8500 ipv6_fix.cgi os command injection0.74CVE-2022-27947
1958586.36.3
 
 
 
 
Netgear R8500 admin_account.cgi os command injection0.56CVE-2022-27946
1958576.36.3
 
 
 
 
Netgear R8500 password.cgi os command injection0.52CVE-2022-27945
1958565.55.5
 
 
 
 
tcpreplay tcpprep get.c parse_mpls heap-based overflow0.48CVE-2022-27942
1958555.55.5
 
 
 
 
tcpreplay tcprewrite get.c get_l2len_protocol heap-based overflow0.30CVE-2022-27941
1958545.55.5
 
 
 
 
tcpreplay tcprewrite get.c get_ipv6_next heap-based overflow0.39CVE-2022-27940
1958533.53.5
 
 
 
 
tcpreplay tcprewrite get.c get_layer4_v6 assertion0.43CVE-2022-27939
1958523.53.5
 
 
 
 
stb Image Loader stb_image.h stbi__create_png_image_raw assertion0.26CVE-2022-27938
1958513.53.5
 
 
 
 
GNU gcc rust-demangle.c demangle_const resource consumption1.35CVE-2022-27943
1958504.34.3
 
 
 
 
Fortessa FTBTLD Smart Lock Bluetooth Service permission1.74CVE-2021-44905
1958496.36.3
 
 
 
 
CheckMK Raw Edition Web Management Console Privilege Escalation1.48CVE-2021-40904
1958485.55.5
 
 
 
 
soa-model WSDLParser xml external entity reference1.48CVE-2021-43090
1958473.83.5
 
4.1
 
 
Simple Event Planner Plugin cross site scripting1.35CVE-2022-25611
1958463.53.5
 
 
 
 
ClassCMS Column Module cross site scripting1.53CVE-2022-25582
1958453.23.1
 
3.4
 
 
Simple Ajax Chat cross site scripting1.30CVE-2022-25610
1958443.53.5
 
 
 
 
libkiwix URL Parameter cross site scripting1.22CVE-2022-27920
1958433.73.7
 
3.7
 
 
Statamic REST API information disclosure1.09CVE-2022-24784
1958423.53.5
 
 
 
 
Keycloak cross site scripting1.48CVE-2021-20323
1958414.64.6
 
 
 
 
Mendelson OFTP2 Upload Directory pathname traversal1.01CVE-2022-27906
1958406.36.3
 
 
 
 
Docker Desktop Log File symlink1.22CVE-2022-26659
1958393.53.5
 
 
 
 
Joget DX 7 Datalist Table cross site scripting1.00CVE-2022-26197
1958388.67.3
 
10.0
 
 
Deno privileges management1.57CVE-2022-24783
1958373.53.5
 
 
 
 
OpenEMR Hospital Information Management System cross site scripting0.92CVE-2022-24643
1958366.36.3
 
 
 
 
Pacemaker pcsd improper authentication0.92CVE-2022-1049
1958353.53.5
 
 
 
 
libvirt nwfilter virNWFilterObjListNumOfNWFilters locking1.02CVE-2022-0897
1958345.55.5
 
 
 
 
TOTOLINK T10 HTTP Request http_request_parse buffer overflow1.00CVE-2021-43636
1958333.53.5
 
 
 
 
libvirt libxl Driver locking0.75CVE-2021-4147
1958325.55.5
 
 
 
 
OpenEXR size_t integer overflow0.96CVE-2021-3933
1958316.36.3
 
 
 
 
Caribou Screen Lock improper authentication0.44CVE-2021-3567
1958303.53.5
 
 
 
 
Cloud Foundry CAPI Service Broker resource consumption0.62CVE-2021-22100
1958294.34.3
 
 
 
 
Typesetter POST cross-site request forgery0.49CVE-2022-25523
1958284.34.3
 
 
 
 
CheckMK Raw Edition Web Service cross site scripting0.39CVE-2021-40906
1958278.67.3
 
10.0
 
 
Western Digital My Cloud/WD Cloud link following0.52CVE-2022-22995
1958266.36.3
 
 
 
 
DuckDuckGo Browser Javascript improper restriction of rendered ui layers0.62CVE-2021-44683
1958255.65.6
 
 
 
 
SurveyKing Session Cookie session expiration0.53CVE-2022-25590
1958246.36.3
 
 
 
 
Moodle Badges Criteria sql injection1.14CVE-2022-0983
1958234.34.3
 
 
 
 
OpenEXR ImfChromaticities.cpp RGBtoXYZ divide by zero0.58CVE-2021-3941
1958225.94.2
 
7.7
 
 
mruby mrb_vm_exec use after free0.48CVE-2022-1071
1958216.65.0
 
8.2
 
 
SolarWinds WebHelpDesk input validation0.79CVE-2021-35254
1958206.55.3
 
7.8
 
 
Splunk Enterprise Splunk-to-Splunk Protocol out-of-bounds read0.57CVE-2021-3422
1958196.36.3
 
 
 
 
smart_proxy_openscap authorization0.26CVE-2021-20290
1958187.37.3
 
 
 
 
Gradle Enterprise Configuration File access control0.35CVE-2022-27919
1958177.37.3
 
 
 
 
SonicWALL SonicOS HTTP Request stack-based overflow0.79CVE-2022-22274
1958166.36.3
 
 
 
 
CheckMK Enterprise Edition Web Management Console unrestricted upload0.35CVE-2021-40905
1958155.13.1
 
7.1
 
 
Delta Electronics DIAEnergie Web Application cleartext transmission0.39CVE-2022-0988
1958143.53.5
 
 
 
 
3scale APIdocs Invalid Token authorization0.48CVE-2021-3814
1958135.75.7
 
 
 
 
QEMU Vmware Paravirtual RDMA Device memory corruption0.88CVE-2021-3582
1958126.45.3
 
7.5
 
 
EFM iptime NAS2dual improper authentication0.52CVE-2021-26620
1958119.79.8
 
9.6
 
 
Genian NAC Parameter Validation input validation0.61CVE-2021-26622
1958109.09.8
 
8.1
 
 
NetU MEX01 strcpy buffer overflow0.49CVE-2021-26621

25 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!