CVSSv3 04/27/2022

CVSSv3 Base

≤10
≤20
≤30
≤413
≤513
≤67
≤74
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤413
≤514
≤66
≤74
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤416
≤512
≤66
≤74
≤81
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤52
≤63
≤71
≤80
≤92
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1985705.45.4
 
 
 
 
Telesquare TLR-2005KSH Delete Request denial of service0.07CVE-2021-46424
1985695.35.3
 
 
 
 
Telesquare TLR-2005KSH Configuration File information disclosure0.05CVE-2021-46423
1985687.37.3
 
 
 
 
Telesquare SDT-CW3B1 os command injection0.05CVE-2021-46422
1985675.34.3
 
6.3
 
 
Microweber cross site scripting0.07CVE-2022-1504
1985666.36.3
 
 
 
 
D-Link DIR-825 G1 webupg improper authentication0.07CVE-2021-46442
1985655.55.5
 
 
 
 
D-Link DIR-825 G1 webupg os command injection0.14CVE-2021-46441
1985644.34.3
 
 
 
 
Franklin Fueling Systems FFS T5 pathname traversal0.05CVE-2021-46421
1985634.34.3
 
 
 
 
Franklin Fueling Systems TS-550 EVO pathname traversal0.00CVE-2021-46420
1985623.33.3
 
 
 
 
Hashicorp go-getter log file0.00CVE-2022-29810
1985613.53.5
 
 
 
 
Nop Solution Ltd nopCommerce Customer Info cross site scripting0.07CVE-2022-28448
1985604.43.3
 
5.5
 
 
Foundry Issues Session Token log file0.05CVE-2022-27888
1985593.53.5
 
 
 
 
Zammad Password Length denial of service0.00CVE-2022-29700
1985584.34.3
 
 
 
 
Zammad CTI Caller Log denial of service0.07CVE-2022-27332
1985573.53.5
 
 
 
 
Zammad Administrative Configuration Change information disclosure0.05CVE-2022-27331
1985563.53.5
 
 
 
 
Eclipse Openj9 Java MethodHandle type confusion0.00CVE-2021-41041
1985553.53.5
 
 
 
 
Nop Solution Ltd nopCommerce Apply for Vendor Account cross site scripting0.07CVE-2022-28449
1985547.56.3
 
8.8
 
 
Tobesoft XPlatform File Creation path traversal0.00CVE-2021-26629
1985533.33.3
 
 
 
 
CipherMail Webmail Messenger Roundcube Configuration File information disclosure0.00CVE-2022-28218
1985526.24.3
 
8.1
 
 
MaxBoard Menu cross site scripting0.00CVE-2021-26628
1985513.53.5
 
 
 
 
Zammad Forgot Password denial of service0.07CVE-2022-29701
1985503.53.5
 
 
 
 
Nop Solution Ltd nopCommerce Forums cross site scripting0.07CVE-2022-28450
1985493.53.5
 
 
 
 
htmldoc ps-pdf.cxx pdf_write_names heap-based overflow0.09CVE-2022-28085
1985485.55.5
 
 
 
 
Red Hat Single Sign-On authorization0.23CVE-2022-1466
1985474.34.3
 
4.3
 
 
Discourse Assign UserBookmarkSerializer information disclosure0.07CVE-2022-24866
1985464.54.3
 
4.7
 
 
Tripetto Plugin SVG Image Upload cross site scripting0.00CVE-2021-36895
1985454.43.5
 
5.4
 
 
Alexander Ustimenko Psychological Tests & Quizzes Plugin cross site scripting0.09CVE-2021-36867
1985444.43.5
 
5.4
 
 
Alexander Ustimenko Psychological Tests & Quizzes Plugin cross site scripting0.05CVE-2022-27854
1985433.53.5
 
 
 
 
HotelDruid Hotel Management Software creaprezzi.php cross site scripting0.05CVE-2022-26564
1985423.53.5
 
3.5
 
 
GetSimple CMS Content Module edit.php cross site scripting0.64CVE-2022-1503
1985414.64.6
 
 
 
 
HongCMS denial of service0.00CVE-2022-28523
1985403.53.5
 
 
 
 
ZCMS cross site scripting0.00CVE-2022-28522
1985394.64.6
 
 
 
 
GreenCMS denial of service0.00CVE-2022-28918
1985385.55.5
 
 
 
 
bloofoxCMS unrestricted upload0.07CVE-2022-28528
1985374.64.6
 
 
 
 
dhcms denial of service0.00CVE-2022-28527
1985366.36.3
 
 
 
 
ED01-CMS post.php sql injection0.00CVE-2022-28524
1985355.55.5
 
 
 
 
ZCMS file inclusion0.00CVE-2022-28521
1985344.64.6
 
 
 
 
Verydows database_controller.php denial of service0.07CVE-2022-28059
1985334.64.6
 
 
 
 
Verydows file_controller.php denial of service0.00CVE-2022-28058
1985326.36.3
 
 
 
 
ED01-CMS unrestricted upload0.00CVE-2022-28525

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!