CVSSv3 04/05/2022

CVSSv3 Base

≤10
≤20
≤35
≤431
≤520
≤642
≤734
≤83
≤95
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤36
≤430
≤521
≤653
≤723
≤83
≤94
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤36
≤441
≤523
≤637
≤725
≤87
≤91
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤44
≤59
≤611
≤73
≤817
≤97
≤106

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1965496.34.3
 
8.4
 
 
JetBrains IntelliJ IDEA Protected Field information disclosure0.04CVE-2022-28651
1965485.43.5
 
7.3
 
 
JetBrains YouTrack Classic UI cross site scripting0.05CVE-2022-28650
1965475.15.5
 
4.6
 
 
JetBrains YouTrack Issue Description unknown vulnerability0.03CVE-2022-28649
1965464.63.5
 
5.7
 
 
JetBrains YouTrack Issue Description cross site scripting0.00CVE-2022-28648
1965454.43.5
 
5.4
 
 
Combodo iTop HTML Attachment cross site scripting0.06CVE-2022-24811
1965448.88.8
 
8.8
 
 
Combodo iTop User Portal code injection0.06CVE-2022-24780
1965436.45.3
 
7.5
 
 
radare2 heap-based overflow0.03CVE-2022-1244
1965425.55.5
 
 
 
 
Jellycms db.php unrestricted upload0.03CVE-2022-26630
1965413.53.5
 
 
 
 
Zoho ManageEngine SupportCenter Plus Request History cross site scripting0.02CVE-2022-25373
1965403.53.5
 
 
 
 
Zoho ManageEngine ServiceDesk Plus information disclosure0.03CVE-2022-25245
1965396.36.3
 
 
 
 
Zoho ManageEngine ADAudit Password Field access control0.03CVE-2022-24978
1965387.37.3
 
 
 
 
Zoho ManageEngine ADAudit xml external entity reference0.03CVE-2022-28219
1965375.55.5
 
 
 
 
JerryScript ecma-builtin-array-prototype.c ecma_builtin_array_prototype_object_slice buffer overflow0.05CVE-2021-41751
1965365.43.5
 
7.4
 
 
TastyIgniter cross site scripting0.00CVE-2022-0602
1965353.53.5
 
 
 
 
xCss Valine Comment cross site scripting0.03CVE-2020-28847
1965345.55.5
 
 
 
 
Sina Weibo Android SDK redirect0.03CVE-2020-23349
1965337.06.3
 
7.8
 
 
beego profile.go GetCPUProfile symlink0.08CVE-2021-27117
1965327.06.3
 
7.8
 
 
beego profile.go MemProf symlink0.03CVE-2021-27116
1965314.83.7
 
5.9
 
 
yajl-ruby yajl_buf.c heap-based overflow0.03CVE-2022-24795
1965305.55.5
 
 
 
 
JerryScript opt stack-based overflow0.05CVE-2021-41752
1965295.55.5
 
 
 
 
beego Route Lookup access control0.11CVE-2021-30080
1965285.55.5
 
 
 
 
Jeesite Apache Shiro deserialization0.06CVE-2020-19229
1965273.53.5
 
 
 
 
WWBN AVideo function.php getDeviceID cross site scripting0.04CVE-2022-27462
1965265.35.3
 
5.3
 
 
IBM MQ Appliance Login denial of service0.00CVE-2022-22355
1965255.55.5
 
 
 
 
WWBN Avideo URL login.json.php redirect0.00CVE-2022-27463
1965244.34.3
 
 
 
 
Memcached null pointer dereference0.03CVE-2022-26635
1965236.36.3
 
 
 
 
HorizontCMS unrestricted upload0.00CVE-2021-28428
1965224.23.1
 
5.3
 
 
IBM MQ Appliance information exposure0.05CVE-2022-22356
1965215.74.3
 
7.2
 
 
Medialize URI.js cross site scripting0.03CVE-2022-1243
1965205.44.3
 
6.5
 
 
Combodo iTop privUITransactionFile cross-site request forgery0.00CVE-2021-41245
1965196.36.3
 
 
 
 
ImpressCMS sql injection0.00CVE-2022-26986
1965184.74.7
 
 
 
 
SimpleMachinesForum Theme Privilege Escalation0.03CVE-2022-26982
1965175.55.5
 
 
 
 
Xen PCI Device memory corruption0.03CVE-2022-26361
1965165.55.5
 
 
 
 
Xen PCI Device memory corruption0.00CVE-2022-26360
1965155.55.5
 
 
 
 
Xen PCI Device memory corruption0.03CVE-2022-26359
1965145.55.5
 
 
 
 
Xen PCI Device memory corruption0.05CVE-2022-26358
1965134.34.3
 
 
 
 
Xen VT-d Domain ID Cleanup memory leak0.00CVE-2022-26357
1965122.62.6
 
 
 
 
Xen VRAM Tracking XEN_DMOP_track_dirty_vram memory leak0.03CVE-2022-26356
1965116.36.3
 
 
 
 
easy-mock JS Code sandbox0.03CVE-2021-38834
1965102.42.4
 
 
 
 
Mark Posts Plugin cross site scripting0.03CVE-2022-0958
1965093.53.5
 
 
 
 
Ad Inserter Free Plugin/Ad Inserter Pro Plugin Admin Page cross site scripting0.04CVE-2022-0901
1965088.37.3
 
9.3
 
 
mruby str_escape use after free0.04CVE-2022-1212
1965076.36.3
 
 
 
 
Samsung Portable SSD T5 PC access control0.00CVE-2022-25154
1965066.36.3
 
 
 
 
Sherpa Connector Service SherpaConnectorService.exe unquoted search path0.05CVE-2022-23909
1965053.73.1
 
4.3
 
 
growi weak password0.00CVE-2022-1236
1965045.63.7
 
7.5
 
 
livehelperchat unknown vulnerability0.07CVE-2022-1235
1965033.53.5
 
 
 
 
JobMonster Theme file access0.06CVE-2022-1166
1965026.36.3
 
 
 
 
HisiPHP access control0.00CVE-2020-28062
1965016.36.3
 
 
 
 
MapPress Maps for Plugin File Extension ajax_save unrestricted upload0.03CVE-2022-0537
1965003.53.5
 
 
 
 
TPCMS cross site scripting0.05CVE-2022-27441

92 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!