CVSSv3 04/21/2022

CVSSv3 Base

≤10
≤20
≤30
≤48
≤58
≤610
≤710
≤84
≤90
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤48
≤58
≤615
≤78
≤81
≤90
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤413
≤513
≤66
≤75
≤83
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤51
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤54
≤62
≤73
≤85
≤93
≤104

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1983036.13.5
 
8.7
 
 
Combodo iTop Tooltip cross site scripting0.08CVE-2022-24870
1983025.43.5
 
7.3
 
 
GLPI SVG Upload cross site scripting0.15CVE-2022-24868
1983017.37.3
 
7.3
 
 
detekt xml external entity reference0.34CVE-2022-0272
1983006.84.3
 
9.3
 
 
Combodo iTop Export CSV Page cross site scripting0.19CVE-2021-41161
1982994.03.5
 
4.6
 
 
GLPI Stylesheet Link cross site scripting0.15CVE-2022-24869
1982986.45.3
 
7.5
 
 
GLPI Config information disclosure0.15CVE-2022-24867
1982974.43.5
 
5.4
 
 
IBM Maximo Asset Management Web UI cross site scripting0.19CVE-2022-22435
1982964.43.5
 
5.4
 
 
IBM Maximo Asset Management Web UI cross site scripting0.11CVE-2022-22436
1982956.84.3
 
9.3
 
 
Combodo iTop cross site scripting0.15CVE-2021-41162
1982946.24.3
 
8.1
 
 
chatwoot cross site scripting0.27CVE-2022-1022
1982935.44.3
 
6.5
 
 
MongoDB Command Dispatch assertion0.20CVE-2022-24272
1982926.05.3
 
6.8
 
 
vim Local Privilege Escalation0.26CVE-2022-1420
1982913.53.5
 
 
 
 
NI SystemLink Web Server cross site scripting0.04CVE-2022-27237
1982906.36.3
 
 
 
 
Blazer Query sql injection0.08CVE-2022-29498
1982895.55.5
 
 
 
 
pam_tacplus Arep Data Structure pam_tacplus.c pam_sm_acct_mgmt Privilege Escalation0.28CVE-2016-20014
1982885.55.5
 
 
 
 
GPAC rtp_pck_mpeg4.c gp_rtp_builder_do_hevc heap-based overflow0.12CVE-2022-29537
1982877.37.3
 
 
 
 
Atlassian JIRA Server/Data Center Seraph improper authentication3.00CVE-2022-0540
1982864.34.3
 
 
 
 
Synacor Zimbra Request Parameter launchNewWindow.jsp cross site scripting0.23CVE-2022-27926
1982854.44.3
 
4.6
 
 
WSO2 API Manager Management Console cross site scripting0.38CVE-2022-29548
1982843.83.5
 
4.1
 
 
Origin Protocol POST Request join cross site scripting0.15CVE-2022-24864
1982836.04.3
 
7.7
 
 
Databasir JDBC Driver server-side request forgery0.12CVE-2022-24862
1982826.36.3
 
 
 
 
CreateRedirect Extension Target Page permission0.24CVE-2022-29547
1982814.74.7
 
 
 
 
Synacor Zimbra Collaboration mboximport pathname traversal0.08CVE-2022-27925
1982806.36.3
 
 
 
 
Synacor Zimbra Collaboration Memcache Command injection0.11CVE-2022-27924
1982796.36.3
 
 
 
 
GNOME Epiphany HTML Document ephy_string_shorten buffer overflow0.15CVE-2022-29536
1982786.94.3
 
9.6
 
 
wire-webapp Web Application Interface cross site scripting0.27CVE-2022-24799
1982774.13.54.8
 
 
 
MISP javascript: URL cross site scripting0.38CVE-2022-29532
1982763.53.5
 
 
 
 
MISP Event Graph cross site scripting0.19CVE-2022-29531
1982753.53.5
 
 
 
 
MISP Galaxy Cluster cross site scripting0.34CVE-2022-29530
1982743.53.5
 
 
 
 
MISP LinOTP Login cross site scripting0.08CVE-2022-29529
1982737.26.3
 
8.1
 
 
Shopware Admin-API permission assignment0.08CVE-2022-24872
1982725.94.7
 
7.2
 
 
Shopware Admin SDK server-side request forgery0.08CVE-2022-24871
1982715.55.5
 
 
 
 
MISP Phar deserialization0.31CVE-2022-29528
1982703.93.5
 
4.4
 
 
Adobe Consulting Services ACS Commons GET Parameter page-compare.html cross site scripting0.08CVE-2022-24874
1982694.34.3
 
 
 
 
MDT SCN-IP100.03/SCN-IP000.03 KNXnet IP Secure Layer denial of service0.56CVE-2021-37740
1982687.37.3
 
 
 
 
Atlassian Bitbucket Data Center Java SharedSecretClusterAuthenticator deserialization0.19CVE-2022-26133
1982675.44.3
 
6.5
 
 
HumHub information disclosure0.11CVE-2022-24865
1982669.38.8
 
9.9
 
 
Databasir JDBC Driver input validation0.08CVE-2022-24861
1982655.05.0
 
 
 
 
webTareas POST Parameter editapprovalstage.php sql injection0.08CVE-2021-43481
1982643.53.5
 
 
 
 
MISP Checkbox OrganisationsController.php cross site scripting0.19CVE-2022-29533
1982635.55.5
 
 
 
 
MISP HTTP Header UsersController.php access control0.23CVE-2022-29534

Want to stay up to date on a daily basis?

Enable the mail alert feature now!