CVSSv3 April 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤22
≤352
≤4317
≤5336
≤6521
≤7660
≤8352
≤9181
≤10103

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤22
≤358
≤4334
≤5336
≤6698
≤7526
≤8351
≤9123
≤1096

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤25
≤388
≤4386
≤5362
≤6501
≤7596
≤8353
≤9130
≤10103

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤44
≤527
≤655
≤7135
≤892
≤935
≤1072

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤22
≤314
≤453
≤5113
≤6175
≤7179
≤8272
≤9182
≤10106

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤52
≤68
≤723
≤869
≤911
≤103

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDCNAVendResVulnerabilityCTICVE
04/30/20223.53.5
 
 
 
 
MediaWiki SecurePoll Extension information disclosure0.09CVE-2022-28323
04/30/20225.55.5
 
 
 
 
Apache NiFi Standard Content Viewer Service xml external entity reference0.02CVE-2022-29265
04/30/20226.54.3
 
8.8
 
 
One Click Demo Import Plugin cross-site request forgery0.03CVE-2022-29451
04/30/20224.84.3
 
5.4
 
 
WPKube Subscribe To Comments Reloaded Plugin Log Archive cross-site request forgery0.07CVE-2022-29414
04/30/20226.66.6
 
6.6
 
 
NVIDIA Omniverse Nucleus/Omniverse Cache OpenSSL Configuration name resolution0.02CVE-2022-28198
04/30/20224.83.7
 
5.9
 
 
IBM UrbanCode Deploy inadequate encryption0.04CVE-2021-39082
04/30/20225.55.5
 
 
 
 
USU Oracle Optimization os command injection0.10CVE-2022-29937
04/30/20223.53.5
 
 
 
 
USU Oracle Optimization Agent-Installer information disclosure0.35CVE-2022-29935
04/30/20228.08.0
 
 
 
 
USU Oracle Optimization Polkit Authentication improper authentication0.26CVE-2022-29934
04/30/20226.36.3
 
 
 
 
USU Oracle Optimization Java Deserialization save-data-upload-big-file deserialization0.04CVE-2022-29936
04/30/20223.53.5
 
 
 
 
Woodpecker Build Log BuildLog.vue cross site scripting0.04CVE-2022-29947
04/30/20224.84.3
 
5.4
 
 
yaireo tagify Field cross site scripting0.03CVE-2022-25854
04/30/20223.53.5
 
 
 
 
pesign pwdata Invocation cms_common.c cms_set_pw_data null pointer dereference0.16CVE-2022-1249
04/30/20225.55.5
 
 
 
 
Glewlwyd static_compressed_inmemory_website_callback.c pathname traversal0.04CVE-2022-29967
04/30/20227.35.3
 
9.3
 
 
erudika scoold Text Size resource consumption0.02CVE-2022-1543
04/30/20223.53.5
 
 
 
 
Automation Anywhere Automation 360 RPA Package hard-coded key0.35CVE-2022-29856
04/30/20225.55.5
 
 
 
 
ALLPlayer ALLMediaServer MediaServer.exe buffer overflow0.04CVE-2022-28480
04/30/20227.06.3
 
7.8
 
 
Delta Electronics ASDA-Soft Project File out-of-bounds write0.26CVE-2022-1403
04/30/20227.06.3
 
7.8
 
 
Delta Electronics ASDA-Soft Project File out-of-bounds0.12CVE-2022-1402
04/30/20226.36.3
 
 
 
 
Moodle improper authentication0.05CVE-2022-0985
04/30/20225.55.5
 
 
 
 
Moodle Badge Criteria access control0.07CVE-2022-0984
04/30/20225.93.7
 
8.1
 
 
Elcomplus SmartPTT SCADA Server information disclosure0.04CVE-2021-43938
04/30/20228.08.0
 
 
 
 
QEMU QXL Display Device Emulation heap-based overflow0.06CVE-2021-4207
04/30/20228.08.0
 
 
 
 
QEMU QXL Display Device Emulation cursor_alloc heap-based overflow0.04CVE-2021-4206
04/30/20227.56.3
 
8.8
 
 
Johnson Controls Metasys ADS/Metasys ADX/Metasys OAS privileges management0.13CVE-2021-36207
04/30/20223.53.1
 
4.0
 
 
DJI Drone AeroScope Protocol information disclosure0.02CVE-2022-29945
04/30/20227.37.3
 
 
 
 
Max Feoktistov Small HTTP Server GET Request buffer overflow0.07CVE-2022-28994
04/30/20225.55.5
 
 
 
 
Podman Image permissions0.07CVE-2022-1227
04/30/20226.36.3
 
 
 
 
ImageMagick DICOM Image dcm.c RelinquishDCMInfo use after free0.04CVE-2022-1114
04/30/20225.94.3
 
7.6
 
 
Elcomplus SmartPTT SCADA Server Web Application cross-site request forgery0.02CVE-2021-43937
04/30/20226.36.3
 
 
 
 
GNOME gnome-shell CAP_SYS_NICE dropped privileges0.07CVE-2021-3982
04/30/20226.36.3
 
 
 
 
Linux Kernel Kernel Memory af_key.c pfkey_register information disclosure0.03CVE-2022-1353
04/30/20226.36.3
 
 
 
 
Linux Kernel Sound Subsystem hw_params use after free0.02CVE-2022-1048
04/30/20226.36.3
 
 
 
 
Linux Kernel Netfilter Subsystem nf_tables_api.c nft_do_chain out-of-bounds write0.05CVE-2022-1015
04/30/20223.33.3
 
 
 
 
Linux Kernel Device hamradio use after free0.05CVE-2022-1195
04/29/20223.53.5
 
 
 
 
Intelliants Subrion CMS List of Subjects cross site scripting0.03CVE-2021-41948
04/29/20225.55.5
 
 
 
 
Red Planet Laundry Management System sql injection0.04CVE-2022-28452
04/29/20228.67.3
 
9.9
 
 
onlaj Piano LED Visualizer os.path.join file inclusion0.09CVE-2022-24900
04/29/20227.37.3
 
 
 
 
MSVOD sql injection0.08CVE-2021-41942
04/29/20229.89.8
 
 
 
 
Wondershare Dr. Fone ElevationService.exe access control0.03CVE-2021-44595
04/29/20229.89.8
 
 
 
 
Wondershare Dr. Fone InstallAssistService.exe Remote Code Execution0.00CVE-2021-44596
04/29/20225.95.3
 
6.6
 
 
bfabiszewski libmobi parse_rawml.c buffer overflow0.04CVE-2022-1534
04/29/20225.95.3
 
6.6
 
 
bfabiszewski libmobi buffer overflow0.08CVE-2022-1533
04/29/20223.12.4
 
3.8
 
 
livehelperchat cross site scripting0.02CVE-2022-1530
04/29/20228.67.3
 
10.0
 
 
RTX ARAX-UI Synonym Lookup sql injection0.08CVE-2022-1531
04/29/20223.53.5
 
3.5
 
 
automad Dashboard cross site scripting0.04CVE-2022-1536
04/29/20223.53.5
 
3.5
 
 
Emlog Pro POST Parameter cross site scripting0.02CVE-2022-1526
04/29/20223.53.5
 
 
 
 
WBCE CMS cross site scripting0.04CVE-2022-28477
04/29/20223.53.5
 
 
 
 
Limbas cross site scripting0.03CVE-2022-28454
04/29/20223.53.5
 
 
 
 
Nimbus Skin Advertise Link Message cross site scripting0.11CVE-2022-29907

2474 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!