CVSSv3 04/04/2022

CVSSv3 Base

≤10
≤20
≤30
≤47
≤54
≤69
≤713
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤47
≤54
≤616
≤76
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤47
≤57
≤66
≤714
≤80
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤52
≤60
≤74
≤80
≤94
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1964076.36.3
 
 
 
 
Caucho Resin HTTP Request pathname traversal0.07CVE-2021-44138
1964067.56.3
 
8.8
 
 
SUSE Rancher access control0.10CVE-2021-36776
1964054.34.3
 
 
 
 
Public Knowledge Project Open Journal System HTTP Header cross site scripting0.07CVE-2022-26616
1964045.55.5
 
 
 
 
Car Rental System Add Car unrestricted upload0.03CVE-2022-28062
1964036.95.3
 
8.6
 
 
Kyocera MFP Net View insufficiently protected credentials0.34CVE-2022-1026
1964026.36.3
 
 
 
 
Vembu BDR File unquoted search path0.00CVE-2021-43458
1964016.36.3
 
 
 
 
bVPN File unquoted search path0.07CVE-2021-43457
1964006.36.3
 
 
 
 
Rumble Mail Server File unquoted search path0.03CVE-2021-43456
1963996.36.3
 
 
 
 
FreeLAN File unquoted search path0.00CVE-2021-43455
1963986.36.3
 
 
 
 
AnyTXT Searcher File unquoted search path0.00CVE-2021-43454
1963973.53.5
 
 
 
 
Simple Bakery Shop Management information disclosure0.03CVE-2022-28063
1963963.53.5
 
 
 
 
Ecommerce-Website cross site scripting0.07CVE-2022-27436
1963956.36.3
 
 
 
 
Ecommerce-Website Product Image unrestricted upload0.00CVE-2022-27435
1963943.53.5
 
 
 
 
Dell EMC RSA Archer cross site scripting0.03CVE-2021-33616
1963937.56.3
 
8.8
 
 
SUSE Rancher access control0.14CVE-2021-36775
1963926.84.7
 
9.0
 
 
Calibre-Web server-side request forgery0.10CVE-2022-0939
1963916.36.3
 
 
 
 
htmldoc gif_read_lzw heap-based overflow0.10CVE-2022-24191
1963903.63.3
 
4.0
 
 
GPAC infinite loop0.03CVE-2022-1222
1963895.44.3
 
6.5
 
 
phpipam privileges assignment0.10CVE-2022-1225
1963885.44.3
 
6.5
 
 
phpipam improper authorization0.03CVE-2022-1224
1963875.44.3
 
6.5
 
 
phpipam access control0.17CVE-2022-1223
1963863.53.5
 
 
 
 
Craft CMS cross site scripting0.00CVE-2022-28378
1963854.62.4
 
6.8
 
 
jc21 Nginx Proxy Manager Item Delete cross site scripting0.17CVE-2022-28379
1963843.53.5
 
 
 
 
swaylock denial of service0.10CVE-2022-26530
1963835.55.5
 
 
 
 
rc-httpd serve-static path traversal0.03CVE-2022-28380
1963825.36.3
 
4.3
 
 
Calibre-Web improper authorization0.07CVE-2022-0406
1963814.34.3
 
4.3
 
 
Calibre-Web access control0.00CVE-2022-0405
1963804.34.3
 
 
 
 
IdeaRE RefTree DownloadDwg Endpoint pathname traversal0.21CVE-2022-27248
1963793.53.5
 
 
 
 
Barco Control Room Management pathname traversal0.07CVE-2022-26233
1963786.36.3
 
 
 
 
BusyBox netstat Privilege Escalation0.85CVE-2022-28391
1963776.36.3
 
 
 
 
ALLPlayer ALLMediaServer Service Port 888 Mediaserver.exe stack-based overflow0.07CVE-2022-28381
1963766.36.3
 
 
 
 
IdeaRE RefTree UploadDwg unrestricted upload0.00CVE-2022-27249
1963755.55.5
 
 
 
 
Linux Kernel ems_usb.c ems_usb_start_xmit double free0.20CVE-2022-28390
1963745.55.5
 
 
 
 
Linux Kernel mcba_usb.c mcba_usb_start_xmit double free0.24CVE-2022-28389
1963735.55.5
 
 
 
 
Linux Kernel usb_8dev.c usb_8dev_start_xmit double free0.20CVE-2022-28388

Do you need the next level of professionalism?

Upgrade your account now!