CVSSv3 03/29/2022

CVSSv3 Base

≤10
≤20
≤32
≤433
≤520
≤633
≤712
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤431
≤520
≤635
≤710
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤32
≤433
≤521
≤633
≤712
≤80
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤101

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤43
≤54
≤67
≤73
≤83
≤90
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1960215.05.0
 
 
 
 
CSZ CMS article_db sql injection0.03CVE-2021-43701
1960205.55.5
 
 
 
 
QEMU Guest Driver pvrdma_cmd.c use after free0.00CVE-2022-1050
1960193.53.5
 
 
 
 
Open5GS AMF buffer overflow0.05CVE-2021-44081
1960185.55.5
 
 
 
 
SaltStack Salt Pillar Data signature verification0.04CVE-2022-22934
1960175.55.5
 
 
 
 
SaltStack Salt Master-of-Masters permission0.06CVE-2022-22941
1960166.36.3
 
 
 
 
SaltStack Salt Job authentication replay0.05CVE-2022-22936
1960154.34.3
 
 
 
 
SaltStack Salt Minion denial of service0.07CVE-2022-22935
1960144.94.3
 
5.5
 
 
Google Data Transfer Project File.createTempFile temp file0.03CVE-2021-22572
1960135.65.0
 
6.3
 
 
Linux Kernel tc_new_tfilter use after free0.06CVE-2022-1055
1960123.53.5
 
 
 
 
Tests Selector Plugin Properties File Path Configure cross site scripting0.03CVE-2022-28159
1960113.53.5
 
 
 
 
SiteMonitor Plugin Tooltip cross site scripting0.00CVE-2022-28153
1960104.34.3
 
 
 
 
Job and Node Ownership Plugin cross-site request forgery0.09CVE-2022-28152
1960094.34.3
 
 
 
 
Job and Node Ownership Plugin cross-site request forgery0.06CVE-2022-28150
1960083.53.5
 
 
 
 
Job and Node Ownership Plugin cross site scripting0.03CVE-2022-28149
1960073.53.5
 
 
 
 
Continuous Integration with Toad Edge Plugin cross site scripting0.00CVE-2022-28145
1960064.34.3
 
 
 
 
Proxmox Plugin cross-site request forgery0.03CVE-2022-28143
1960054.34.3
 
 
 
 
RocketChat Notifier Plugin URL cross-site request forgery0.04CVE-2022-28138
1960044.34.3
 
 
 
 
JiraTestResultReporter Plugin cross-site request forgery0.06CVE-2022-28136
1960035.55.5
 
 
 
 
Pipeline Phoenix AutoTest Plugin XML Parser xml external entity reference0.05CVE-2022-28155
1960025.55.5
 
 
 
 
Complexity Scatter Plot Plugin XML Parser xml external entity reference0.05CVE-2022-28154
1960015.55.5
 
 
 
 
Flaky Test Handler Plugin XML Parser xml external entity reference0.04CVE-2022-28140
1960003.53.5
 
 
 
 
pear-admin-think User-Agent cross site scripting0.02CVE-2022-23903
1959993.53.5
 
 
 
 
Tests Selector Plugin exposure of resource0.03CVE-2022-28160
1959985.55.5
 
 
 
 
Pipeline Phoenix AutoTest Plugin authorization0.00CVE-2022-28158
1959975.55.5
 
 
 
 
Pipeline Phoenix AutoTest Plugin FTP path traversal0.03CVE-2022-28157
1959965.55.5
 
 
 
 
Pipeline Phoenix AutoTest Plugin path traversal0.04CVE-2022-28156
1959955.55.5
 
 
 
 
Job and Node Ownership Plugin authorization0.05CVE-2022-28151
1959943.53.5
 
 
 
 
Continuous Integration with Toad Edge Plugin File Browser path traversal0.03CVE-2022-28148
1959935.55.5
 
 
 
 
Continuous Integration with Toad Edge Plugin authorization0.04CVE-2022-28147
1959923.53.5
 
 
 
 
Continuous Integration with Toad Edge Plugin path traversal0.03CVE-2022-28146
1959915.55.5
 
 
 
 
Proxmox Plugin HTTP Endpoint authorization0.06CVE-2022-28144
1959905.05.0
 
 
 
 
Proxmox Plugin certificate validation0.03CVE-2022-28142
1959893.53.5
 
 
 
 
Proxmox Plugin config.xml credentials storage0.05CVE-2022-28141
1959885.55.5
 
 
 
 
RocketChat Notifier Plugin authorization0.02CVE-2022-28139
1959875.55.5
 
 
 
 
JiraTestResultReporter Plugin URL authorization0.05CVE-2022-28137
1959863.53.5
 
 
 
 
instant-messaging Plugin Configuration File credentials storage0.05CVE-2022-28135
1959855.55.5
 
 
 
 
Bitbucket Server Integration Plugin HTTP Endpoint authorization0.03CVE-2022-28134
1959843.53.5
 
 
 
 
Bitbucket Server Integration Plugin URL Scheme cross site scripting0.05CVE-2022-28133
1959833.53.5
 
 
 
 
re2c dead_rules.cc recursion0.03CVE-2022-23901
1959824.43.5
 
5.4
 
 
Shopizer Manage Images cross site scripting0.04CVE-2022-23059
1959815.55.5
 
 
 
 
Firebase PHP-JWT kid Header Privilege Escalation0.06CVE-2021-46743
1959806.35.5
 
7.2
 
 
crater deserialization0.06CVE-2022-1032
1959796.36.3
 
 
 
 
Google Chrome v8 type confusion0.02CVE-2022-1096
1959786.36.3
 
 
 
 
TP-LINK TL-WR840N buffer overflow0.00CVE-2022-26641
1959773.53.5
 
 
 
 
Popup Like box Plugin Admin Page cross site scripting0.03CVE-2022-0641
1959765.55.5
 
 
 
 
HiBy Music HiBy OS HTTP Server pathname traversal0.07CVE-2021-44124
1959755.55.5
 
 
 
 
goo blog app injection0.03CVE-2022-25420
1959743.53.5
 
 
 
 
DHC Vision eQMS cross site scripting0.05CVE-2022-24957
1959736.96.3
 
7.6
 
 
Orckestra C1 CMS server-side request forgery0.04CVE-2022-24789
1959724.64.6
 
 
 
 
Suzuki Connect CAN Message improper restriction of rendered ui layers0.08CVE-2022-26269

52 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!