CVSSv3 04/29/2022

CVSSv3 Base

≤10
≤20
≤30
≤47
≤53
≤68
≤72
≤81
≤92
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤46
≤53
≤69
≤71
≤81
≤92
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤46
≤53
≤68
≤72
≤83
≤90
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤43
≤51
≤60
≤72
≤80
≤90
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1987163.53.5
 
 
 
 
Intelliants Subrion CMS List of Subjects cross site scripting0.00CVE-2021-41948
1987155.55.5
 
 
 
 
Red Planet Laundry Management System sql injection0.00CVE-2022-28452
1987148.67.3
 
9.9
 
 
onlaj Piano LED Visualizer os.path.join file inclusion0.00CVE-2022-24900
1987137.37.3
 
 
 
 
MSVOD sql injection0.03CVE-2021-41942
1987129.89.8
 
 
 
 
Wondershare Dr. Fone ElevationService.exe access control0.03CVE-2021-44595
1987119.89.8
 
 
 
 
Wondershare Dr. Fone InstallAssistService.exe Remote Code Execution0.03CVE-2021-44596
1987105.95.3
 
6.6
 
 
bfabiszewski libmobi parse_rawml.c buffer overflow0.00CVE-2022-1534
1987095.95.3
 
6.6
 
 
bfabiszewski libmobi buffer overflow0.00CVE-2022-1533
1987083.12.4
 
3.8
 
 
livehelperchat cross site scripting0.07CVE-2022-1530
1987078.67.3
 
10.0
 
 
RTX ARAX-UI Synonym Lookup sql injection0.04CVE-2022-1531
1987063.53.5
 
3.5
 
 
automad Dashboard cross site scripting1.08CVE-2022-1536
1987053.53.5
 
3.5
 
 
Emlog Pro POST Parameter cross site scripting1.33CVE-2022-1526
1987043.53.5
 
 
 
 
WBCE CMS cross site scripting0.00CVE-2022-28477
1987033.53.5
 
 
 
 
Limbas cross site scripting0.07CVE-2022-28454
1987023.53.5
 
 
 
 
Nimbus Skin Advertise Link Message cross site scripting0.00CVE-2022-29907
1987014.34.3
 
 
 
 
Private Domains Extension Extension Configuration Special:PrivateDomains cross-site request forgery0.00CVE-2022-29903
1987005.55.5
 
 
 
 
Solar appScreener License server-side request forgery0.00CVE-2022-24449
1986996.36.3
 
 
 
 
SemanticDrilldown Extension sql injection0.03CVE-2022-29904
1986985.55.5
 
 
 
 
Northern.tech Mender Enterprise Deviceconnect Microservice unknown vulnerability0.08CVE-2022-29555
1986975.55.5
 
 
 
 
Zoho ManageEngine Access Manager Plus/Password Manager Pro/PAM360 RestAPI Synchronize access control0.06CVE-2022-29081
1986964.34.3
 
 
 
 
FanBoxes Extension cross-site request forgery0.08CVE-2022-29905
1986955.55.5
 
 
 
 
QuizGame Extension Admin API Module improper authorization0.03CVE-2022-29906
1986944.84.7
 
4.9
 
 
xwiki-commons-xml XML Script Service xml external entity reference0.03CVE-2022-24898
1986935.55.5
 
 
 
 
Northern.tech Mender Enterprise iot-manager Microservice server-side request forgery0.00CVE-2022-29556
1986926.36.3
 
 
 
 
Victor CMS login.php sql injection0.00CVE-2022-28060

Want to stay up to date on a daily basis?

Enable the mail alert feature now!