CVSSv3 03/30/2022

CVSSv3 Base

≤10
≤20
≤30
≤414
≤510
≤617
≤735
≤818
≤92
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤416
≤59
≤641
≤710
≤818
≤92
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤31
≤416
≤511
≤626
≤735
≤86
≤90
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤43
≤52
≤64
≤74
≤86
≤91
≤1016

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤102

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1961194.34.3
 
 
 
 
Foreman Salt Plugin denial of service0.05CVE-2021-3456
1961183.53.5
 
 
 
 
Joomla com_media cross site scripting0.05CVE-2022-23801
1961173.53.5
 
 
 
 
Joomla Filter cross site scripting0.05CVE-2022-23800
1961163.53.5
 
 
 
 
Joomla com_fields cross site scripting0.00CVE-2022-23796
1961155.55.5
 
 
 
 
Joomla Privilege Escalation0.05CVE-2022-23799
1961145.55.5
 
 
 
 
Joomla redirect0.05CVE-2022-23798
1961136.36.3
 
 
 
 
Joomla sql injection0.09CVE-2022-23797
1961126.36.3
 
 
 
 
Joomla improper authentication0.09CVE-2022-23795
1961115.55.5
 
 
 
 
Joomla tar path traversal0.05CVE-2022-23793
1961104.34.3
 
 
 
 
Google Android Tremolo out-of-bounds read0.00CVE-2021-39762
1961094.34.3
 
 
 
 
Joomla Source Code information disclosure0.00CVE-2022-23794
1961088.07.5
 
8.5
 
 
TIBCO Managed File Transfer Platform Server cfsend/cfrecv/CyberResp Privilege Escalation0.09CVE-2022-22772
1961076.36.3
 
 
 
 
Linux Kernel Virtio Device Driver vdpa.c vhost_vdpa_config_validate integer overflow0.04CVE-2022-0998
1961065.55.5
 
 
 
 
Linux Kernel Audit Rule access control0.13CVE-2020-35501
1961056.36.3
 
 
 
 
Google Chrome Resource Timing Remote Code Execution0.09CVE-2022-1146
1961046.36.3
 
 
 
 
Google Chrome Extensions use after free0.18CVE-2022-1145
1961036.36.3
 
 
 
 
Google Chrome WebUI use after free0.13CVE-2022-1144
1961026.36.3
 
 
 
 
Google Chrome WebUI heap-based overflow0.22CVE-2022-1143
1961016.36.3
 
 
 
 
Google Chrome WebUI heap-based overflow0.09CVE-2022-1142
1961006.36.3
 
 
 
 
Google Chrome File Manager use after free0.09CVE-2022-1141
1960996.36.3
 
 
 
 
Google Chrome Background Fetch API Remote Code Execution0.05CVE-2022-1139
1960986.36.3
 
 
 
 
Google Chrome Web Cursor Remote Code Execution0.13CVE-2022-1138
1960976.36.3
 
 
 
 
Google Chrome Extensions Remote Code Execution0.05CVE-2022-1137
1960966.36.3
 
 
 
 
Google Chrome Tab Strip use after free0.09CVE-2022-1136
1960956.36.3
 
 
 
 
Google Chrome Shopping Cart use after free0.04CVE-2022-1135
1960946.36.3
 
 
 
 
Google Chrome v8 type confusion0.57CVE-2022-1134
1960936.36.3
 
 
 
 
Google Chrome WebRTC use after free0.05CVE-2022-1133
1960926.36.3
 
 
 
 
Google Chrome Virtual Keyboard Remote Code Execution0.26CVE-2022-1132
1960916.36.3
 
 
 
 
Google Chrome Cast UI use after free0.05CVE-2022-1131
1960906.36.3
 
 
 
 
Google Chrome WebOTP Remote Code Execution0.22CVE-2022-1130
1960896.36.3
 
 
 
 
Google Chrome Full Screen Mode Remote Code Execution0.09CVE-2022-1129
1960886.36.3
 
 
 
 
Google Chrome Web Share API Remote Code Execution0.13CVE-2022-1128
1960876.36.3
 
 
 
 
Google Chrome QR Code Generator use after free0.09CVE-2022-1127
1960866.36.3
 
 
 
 
Google Chrome Portals use after free0.40CVE-2022-1125
1960853.12.4
 
3.8
 
 
Profelis SambaBox Group cross site scriting0.05CVE-2022-25620
1960844.04.2
 
3.8
 
 
Profelis SambaBox Ping Tool command injection0.05CVE-2022-25619
1960835.73.5
 
8.0
 
 
OpenEMR cross site scripting0.05CVE-2022-1181
1960824.03.5
 
4.6
 
 
OpenEMR cross site scripting0.00CVE-2022-1180
1960814.03.5
 
4.6
 
 
OpenEMR Rule cross site scripting0.00CVE-2022-1179
1960805.43.5
 
7.3
 
 
OpenEMR cross site scripting0.05CVE-2022-1178
1960796.86.3
 
7.4
 
 
Snipe-IT Login Enable behavioral workflow0.00CVE-2022-1155
1960787.06.3
 
7.8
 
 
vim utf_ptr2char use after free0.05CVE-2022-1154
1960773.53.5
 
 
 
 
DouPHP login.php cross site scripting0.00CVE-2022-24131
1960769.89.8
 
 
9.8
 
VMware Spring Boot SpringShell code injection4.24CVE-2022-22965
1960755.55.5
 
 
 
 
RuoYi WebUI resetPwd password recovery0.05CVE-2022-23869
1960746.36.3
 
 
 
 
RuoYi XLSX Log File csv injection0.13CVE-2022-23868
1960735.44.3
 
6.5
 
 
OpenEMR Patient Report access control0.00CVE-2022-1177
1960724.53.5
 
5.6
 
 
GPAC null pointer dereference0.09CVE-2022-1172
1960713.53.5
 
 
 
 
Apache DolphinScheduler User Registration resource consumption0.09CVE-2022-25598
1960709.89.8
 
 
9.8
 
VMware Spring Cloud Function SpEL Expression code injection7.95CVE-2022-22963

48 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!