CVSSv3 04/20/2022

CVSSv3 Base

≤10
≤20
≤31
≤44
≤511
≤612
≤710
≤85
≤97
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤44
≤511
≤613
≤79
≤85
≤97
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤33
≤48
≤511
≤613
≤75
≤89
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤52
≤68
≤710
≤83
≤910
≤104

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1982624.63.1
 
6.2
 
 
Hills ComNav inadequate encryption0.00CVE-2022-1318
1982615.55.0
 
6.1
 
 
FANUC ROBOGUIDE XML xml external entity reference0.08CVE-2021-43990
1982604.63.1
 
6.1
 
 
FANUC ROBOGUIDE Naming path traversal0.04CVE-2021-43988
1982595.75.5
 
6.0
 
 
FANUC ROBOGUIDE Setup Program access control0.06CVE-2021-43986
1982583.62.6
 
4.6
 
 
Red Lion DA50N Configuration File insufficiently protected credentials0.03CVE-2022-27179
1982577.66.8
 
8.4
 
 
Red Lion DA50N Package File insufficient verification of data authenticity0.00CVE-2022-26516
1982565.55.5
 
 
 
 
ovn-kubernetes Egress Network Policy access control0.03CVE-2022-0567
1982555.75.3
 
6.1
 
 
FANUC ROBOGUIDE resource consumption0.03CVE-2021-43933
1982546.87.5
 
6.0
 
 
FANUC ROBOGUIDE permission assignment0.07CVE-2021-38483
1982534.33.1
 
5.5
 
 
Hills ComNav excessive authentication0.00CVE-2022-26519
1982526.33.1
 
9.6
 
 
Red Lion DA50N Web User Interface weak password0.00CVE-2022-1039
1982513.03.0
 
 
 
 
Kyocera d-COLOR MF3555 POST Request set.cgi cross site scripting0.03CVE-2022-25344
1982504.34.3
 
 
 
 
Kyocera d-COLOR MF3555 POST Request set.cgi denial of service0.08CVE-2022-25343
1982495.75.4
 
6.1
 
 
McAfee Skyhigh Secure Web Gateway redirect0.00CVE-2022-1254
1982483.53.5
 
 
 
 
Kyocera d-COLOR MF3555 authset access control0.04CVE-2022-25342
1982475.35.3
 
 
 
 
Google Go crypto-x509 denial of service0.00CVE-2022-27536
1982463.53.5
 
 
 
 
Google Go crypto-elliptic denial of service0.00CVE-2022-28327
1982455.55.5
 
 
 
 
Google Go encoding-pem stack-based overflow0.06CVE-2022-24675
1982447.87.8
 
 
 
 
Amazon amazon-ssm-agent sudoer File default permission0.03CVE-2022-29527
1982434.34.3
 
 
 
 
Apache APISIX JSON Web Token information exposure0.03CVE-2022-29266
1982424.94.6
 
5.2
 
 
Automated Logic WebCtrl Server Help Index Page redirect0.08CVE-2022-1019
1982416.54.3
 
8.8
 
 
Fancy Product Designer Plugin FPD_Admin_Import unrestricted upload0.12CVE-2021-4096
1982404.53.7
 
5.3
 
 
E4J VikBooking Hotel Booking Engine & PMS Plugin POST Request information disclosure0.05CVE-2022-27863
1982395.35.3
 
5.3
 
 
Be POPIA Compliant Plugin API information disclosure0.07CVE-2022-1186
1982386.85.6
 
8.1
 
 
SiteGround Security Plugin Identity Verification authentication bypass0.03CVE-2022-0993
1982377.75.6
 
9.8
 
 
SiteGround Security Plugin authentication bypass0.15CVE-2022-0992
1982365.24.3
 
6.1
 
 
CleanTalk AntiSpam Plugin Users.php cross site scripting0.06CVE-2022-28222
1982355.24.3
 
6.1
 
 
CleanTalk AntiSpam Plugin Comments.php cross site scripting0.18CVE-2022-28221
1982345.24.3
 
6.1
 
 
WP YouTube Live Plugin admin.php cross site scripting0.04CVE-2022-1187
1982338.57.3
 
9.8
 
 
E4J VikBooking Hotel Booking Engine & PMS Plugin Signature unrestricted upload0.03CVE-2022-27862
1982326.45.3
 
7.5
 
 
Simple File List Plugin ee-downloader.php path traversal0.18CVE-2022-1119
1982317.56.3
 
8.8
 
 
Elementor Website Builder Plugin AJAX Action module.php unrestricted upload0.04CVE-2022-1329
1982308.57.3
 
9.8
 
 
Git LFS exe CreateProcess untrusted search path0.00CVE-2022-24826
1982296.26.3
 
6.1
 
 
Oracle PeopleSoft/PeopleSoft Enterprise PeopleTools Navigation Pages/Portal/Query Remote Code Execution0.03CVE-2022-21456
1982286.67.3
 
5.8
 
 
Smokescreen server-side request forgery0.03CVE-2022-24825
1982274.74.7
 
4.7
 
 
Mattermost Plugin Version Privilege Escalation0.04CVE-2022-1384
1982266.55.6
 
7.4
 
 
Databasir hard-coded key0.18CVE-2022-24860
1982254.63.1
 
6.1
 
 
next-auth authentication spoofing0.03CVE-2022-24858
1982244.24.6
 
3.7
 
 
Mattermost Email Invitation resource control0.04CVE-2022-1385
1982233.82.4
 
5.2
 
 
Eaton Intelligent Power Protector cross site scripting0.12CVE-2021-23283
1982224.34.3
 
 
 
 
MicroPayments Plugin cross-site request forgery0.12CVE-2022-27629
1982218.37.8
 
8.8
 
 
Hotdog Restrictions unnecessary privileges0.09CVE-2021-3101
1982205.35.3
 
 
 
 
Autodesk Navisworks 2022 PDFTron memory corruption0.18CVE-2022-27527
1982196.36.3
 
 
 
 
Autodesk AutoCAD 2022 JT File Parser buffer overflow0.12CVE-2022-25788
1982186.45.3
 
7.5
 
 
EDrhyme QCP 200W RTSP access control0.06CVE-2021-26627
1982177.26.3
 
8.1
 
 
Tobesoft XPlatform ShellExecuteW API execBrowser input validation0.18CVE-2021-26626
1982168.37.8
 
8.8
 
 
Hotdog Incomplete Fix CVE-2021-3101 unnecessary privileges0.15CVE-2022-0071
1982158.88.8
 
8.8
 
 
Tobesoft Nexacro Automatic Update insufficient verification of data authenticity0.05CVE-2021-26625
1982148.37.8
 
8.8
 
 
Amazon Linux log4j-cve-2021-44228-hotpatch-1.1-12 unnecessary privileges0.15CVE-2021-3100
1982138.37.8
 
8.8
 
 
Amazon Linux log4j-cve-2021-44228-hotpatch-1.1-16 unnecessary privileges0.21CVE-2022-0070

Do you want to use VulDB in your project?

Use the official API to access entries easily!