CVSSv3 04/25/2022

CVSSv3 Base

≤10
≤20
≤30
≤410
≤53
≤618
≤710
≤87
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤410
≤54
≤619
≤710
≤85
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤412
≤57
≤616
≤78
≤85
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤52
≤60
≤72
≤83
≤96
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1984865.36.3
 
4.3
 
 
ShortPixel Adaptive Images Plugin Setting access control0.03CVE-2022-29417
1984857.37.3
 
 
 
 
Users Ultra Plugin AJAX Action rating_vote sql injection0.05CVE-2022-0769
1984847.37.3
 
 
 
 
Master Elements Plugin remove_post_meta_condition sql injection0.00CVE-2022-0693
1984837.37.3
 
 
 
 
RRatingg Plugin rrtngg_delete_leads sql injection0.04CVE-2022-0657
1984823.53.5
 
 
 
 
myCred Plugin AJAX Action mycred-tools-select-user information disclosure0.04CVE-2022-0287
1984814.94.9
 
 
 
 
English Admin Plugin admin_custom_language_return_url redirect0.04CVE-2021-25111
1984806.36.3
 
 
 
 
Advanced Page Visit Counter Plugin AJAX Action apvc_reset_count_art sql injection0.00CVE-2021-24957
1984795.55.5
 
 
 
 
DW Question & Answer Pro Plugin Comment authorization0.04CVE-2021-24800
1984783.53.5
 
 
 
 
Anti-Malware Security and Brute-Force Firewall Plugin Admin Page cross site scripting0.04CVE-2022-0953
1984773.53.5
 
 
 
 
Easy Google Maps Plugin Admin Dashboard cross site scripting0.00CVE-2021-46780
1984765.95.5
 
6.3
 
 
IBM Planning Analytics Workspace unrestricted upload0.04CVE-2021-39040
1984753.53.5
 
 
 
 
SourceCodester SCBS Online Sports Venue Reservation System booking.php cross site scripting0.04CVE-2022-28094
1984745.54.3
 
6.8
 
 
IBM Planning Analytics unrestricted upload0.04CVE-2022-22392
1984735.55.5
 
 
 
 
SourceCodester SCBS Online Sports Venue Reservation System PHP File file inclusion0.04CVE-2022-28093
1984726.85.6
 
8.1
 
 
czproject git-php isRemoteUrlReadable argument injection0.00CVE-2022-25866
1984717.37.3
 
 
 
 
Donations Plugin sql injection0.03CVE-2022-0782
1984704.34.3
 
 
 
 
uDraw Plugin Parameter udraw_convert_url_to_base64 file access0.07CVE-2022-0656
1984695.55.5
 
 
 
 
flo-launch Plugin Cookie wp-config.php access control0.04CVE-2022-0541
1984685.55.5
 
 
 
 
Tatsu Plugin ZIP File add_custom_font unrestricted upload0.08CVE-2021-25094
1984677.37.3
 
 
 
 
Admin Word Count Column Plugin Phar Deserialization readfile path traversal0.13CVE-2022-1390
1984665.55.5
 
 
 
 
SP Project & Document Manager Plugin File Extension unrestricted upload0.04CVE-2021-4225
1984653.53.5
 
 
 
 
element-plus cross site scripting0.00CVE-2022-27103
1984646.64.3
 
9.0
 
 
neorazorx facturascripts cross site scripting0.00CVE-2022-1457
1984633.53.5
 
 
 
 
Hoosk Edit Page cross site scripting0.08CVE-2022-28586
1984625.55.5
 
 
 
 
Gibbon URL server-side request forgery0.00CVE-2022-27311
1984615.65.6
 
 
 
 
VeryFitPro Backend API Remote Code Execution0.04CVE-2021-36460
1984605.43.5
 
7.3
 
 
OpenEMR cross site scripting0.08CVE-2022-1458
1984595.55.5
 
 
 
 
GIFLIB gif2rgb.c DumpScreen2RGB heap-based overflow0.00CVE-2022-28506
1984586.36.3
 
 
 
 
Xpdf PDF File XRef.cc readXRefTable memory corruption0.06CVE-2022-27135
1984577.26.3
 
8.1
 
 
OpenEMR Privilege Escalation0.04CVE-2022-1461
1984563.73.7
 
 
 
 
TerraMaster F4-210/F2-210 unknown vulnerability0.07CVE-2021-45841
1984556.34.3
 
8.3
 
 
OpenEMR information exposure0.20CVE-2022-1459
1984544.34.3
 
4.3
 
 
F-Secure Atlant fsicapd resource consumption0.13CVE-2022-28871
1984535.55.5
 
 
 
 
coreboot Privilege Escalation0.04CVE-2022-29264
1984523.53.5
 
 
 
 
GalleryCMS add cross site scripting0.08CVE-2022-27428
1984515.55.5
 
 
 
 
Jizhicms update.html server-side request forgery0.04CVE-2022-27429
1984505.55.5
 
 
 
 
Typemill PHP File unrestricted upload0.04CVE-2022-28053
1984493.53.5
 
 
 
 
TerraMaster F4-210/F2-210 TOS information disclosure0.00CVE-2021-45842
1984483.53.5
 
 
 
 
TerraMaster F4-210/F2-210 TOS information disclosure0.04CVE-2021-45839
1984478.88.8
 
 
 
 
TerraMaster F4-210/F2-210 TOS Privilege Escalation0.20CVE-2021-45840
1984468.88.8
 
 
 
 
TerraMaster F4-210/F2-210 TOS Privilege Escalation0.04CVE-2021-45837
1984456.36.3
 
 
 
 
TerraMaster F4-210/F2-210 TOS injection0.04CVE-2021-45836
1984447.26.3
 
8.1
 
 
Artica Proxy main.cgi pathname traversal0.04CVE-2021-40680
1984435.55.5
 
 
 
 
HtmlUnit NekoHtml PI Data heap-based overflow0.13CVE-2022-29546
1984425.55.5
 
 
 
 
Artifex Ghostscript completefont Privilege Escalation0.07CVE-2019-25059
1984416.36.3
 
 
 
 
UniverSIS API API Endpoint sql injection0.25CVE-2022-29603
1984406.36.3
 
 
 
 
rippled XRPL Mainnet heap-based overflow0.08CVE-2022-29077
1984396.23.5
 
9.0
 
 
snipe-it cross site scripting0.07CVE-2022-1445
1984386.25.3
 
7.1
 
 
radare2 r_bin_java_bootstrap_methods_attr_new out-of-bounds read0.04CVE-2022-1452
1984375.94.8
 
7.1
 
 
radare2 r_bin_java_constant_value_attr_new out-of-bounds read0.08CVE-2022-1451

Might our Artificial Intelligence support you?

Check our Alexa App!