CVSSv3 04/28/2022

CVSSv3 Base

≤10
≤21
≤33
≤416
≤528
≤624
≤739
≤84
≤95
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤35
≤415
≤527
≤651
≤713
≤84
≤94
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤22
≤34
≤429
≤524
≤619
≤733
≤86
≤93
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤21
≤35
≤47
≤59
≤616
≤714
≤88
≤96
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1986916.36.3
 
 
 
 
Google Chrome IFRAME Remote Code Execution0.73CVE-2022-1501
1986906.36.3
 
 
 
 
Google Chrome Dev Tools Remote Code Execution0.64CVE-2022-1500
1986896.36.3
 
 
 
 
Google Chrome WebAuthentication Remote Code Execution0.73CVE-2022-1499
1986886.36.3
 
 
 
 
Google Chrome HTML Parser Remote Code Execution0.78CVE-2022-1498
1986876.36.3
 
 
 
 
Google Chrome Input Remote Code Execution1.23CVE-2022-1497
1986866.36.3
 
 
 
 
Google Chrome File Manager use after free0.64CVE-2022-1496
1986856.36.3
 
 
 
 
Google Chrome Downloads Remote Code Execution0.41CVE-2022-1495
1986846.36.3
 
 
 
 
Google Chrome Trusted Types Remote Code Execution0.46CVE-2022-1494
1986836.36.3
 
 
 
 
Google Chrome Dev Tools use after free0.33CVE-2022-1493
1986826.36.3
 
 
 
 
Google Chrome Blink Editing Remote Code Execution0.35CVE-2022-1492
1986816.36.3
 
 
 
 
Google Chrome Bookmarks use after free0.32CVE-2022-1491
1986806.36.3
 
 
 
 
Google Chrome Browser Switcher use after free0.44CVE-2022-1490
1986796.36.3
 
 
 
 
Google Chrome UI Shelf out-of-bounds read0.27CVE-2022-1489
1986786.36.3
 
 
 
 
Google Chrome Extensions API Remote Code Execution0.39CVE-2022-1488
1986776.36.3
 
 
 
 
Google Chrome Ozone use after free0.15CVE-2022-1487
1986766.36.3
 
 
 
 
Google Chrome V8 type confusion0.15CVE-2022-1486
1986756.36.3
 
 
 
 
Google Chrome File System API use after free0.19CVE-2022-1485
1986746.36.3
 
 
 
 
Google Chrome Web UI Settings heap-based overflow0.16CVE-2022-1484
1986736.36.3
 
 
 
 
Google Chrome WebGPU heap-based overflow0.41CVE-2022-1483
1986726.36.3
 
 
 
 
Google Chrome WebGL Remote Code Execution0.23CVE-2022-1482
1986716.36.3
 
 
 
 
Google Chrome Sharing use after free0.42CVE-2022-1481
1986706.36.3
 
 
 
 
Google Chrome Device API use after free0.37CVE-2022-1480
1986696.36.3
 
 
 
 
Google Chrome ANGLE use after free0.48CVE-2022-1479
1986686.36.3
 
 
 
 
Google Chrome SwiftShader use after free0.50CVE-2022-1478
1986676.36.3
 
 
 
 
Google Chrome Vulkan use after free1.83CVE-2022-1477
1986665.44.3
 
6.5
 
 
Snipe-IT access control0.23CVE-2022-1511
1986657.05.3
 
8.8
 
 
Elcomplus SmartPTT Request improper authorization0.18CVE-2021-43939
1986648.57.3
 
9.8
 
 
Elcomplus SmartPTT Upload Request unrestricted upload0.09CVE-2021-43934
1986636.23.5
 
9.0
 
 
Elcomplus SmartPTT Dashboard/Main Page cross site scripting0.09CVE-2021-43932
1986623.82.7
 
4.9
 
 
Elcomplus SmartPTT Download Request path traversal0.09CVE-2021-43930
1986615.55.5
 
 
 
 
Encode httpx input validation0.37CVE-2021-41945
1986605.94.3
 
7.5
 
 
Shopware cross-site request forgery0.18CVE-2022-24879
1986596.36.3
 
 
 
 
Navigate CMS Feed feed_parser server-side request forgery0.23CVE-2022-28117
1986585.54.6
 
6.4
 
 
Shopware Password Reset Token password recovery0.23CVE-2022-24892
1986574.84.3
 
5.4
 
 
Shopware Storefront cross site scripting0.18CVE-2022-24873
1986565.24.3
 
6.1
 
 
Shea Bunge Footer Text Plugin cross-site request forgery0.14CVE-2022-27860
1986555.24.3
 
6.1
 
 
Rav Messer Ravpage Plugin cross site scripting0.05CVE-2022-29415
1986546.03.1
 
9.0
 
 
neorazorx facturascripts ZIP Format cross site scripting0.00CVE-2022-1514
1986534.34.3
 
 
 
 
Mahara cross-site request forgery0.00CVE-2022-28892
1986523.53.5
 
 
 
 
Mahara Cascading Style Sheet cross site scripting0.00CVE-2022-29584
1986513.53.5
 
 
 
 
Mahara Group information disclosure0.05CVE-2022-29585
1986506.36.3
 
 
 
 
Turtlapp Turtle Note meta Tag injection0.00CVE-2022-28101
1986495.44.3
 
6.5
 
 
Zoom On-Premise Meeting Connector Controller information disclosure0.29CVE-2022-22783
1986486.25.0
 
7.5
 
 
Zoom Client for Meetings Update Remote Code Execution0.55CVE-2022-22781
1986474.54.3
 
4.7
 
 
Hermit Plugin cross-site request forgery0.05CVE-2022-29413
1986464.84.3
 
5.4
 
 
Hermit Plugin cross-site request forgery0.00CVE-2022-29412
1986457.87.3
 
8.3
 
 
Hermit Plugin sql injection0.00CVE-2022-29411
1986446.86.3
 
7.4
 
 
Hermit Plugin sql injection0.05CVE-2022-29410
1986433.53.5
 
 
 
 
PHP MySQL Admin Panel Generator edit-db.php cross site scripting0.16CVE-2022-28102
1986425.44.3
 
6.5
 
 
IBM InfoSphere Information Server information disclosure0.16CVE-2022-22441

71 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!