CVSSv3 04/30/2022

CVSSv3 Base

≤10
≤20
≤30
≤47
≤53
≤68
≤711
≤86
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤47
≤55
≤69
≤79
≤85
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤49
≤54
≤67
≤711
≤84
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤50
≤63
≤71
≤83
≤93
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1987513.53.5
 
 
 
 
MediaWiki SecurePoll Extension information disclosure0.00CVE-2022-28323
1987505.55.5
 
 
 
 
Apache NiFi Standard Content Viewer Service xml external entity reference0.03CVE-2022-29265
1987496.54.3
 
8.8
 
 
One Click Demo Import Plugin cross-site request forgery0.00CVE-2022-29451
1987484.84.3
 
5.4
 
 
WPKube Subscribe To Comments Reloaded Plugin Log Archive cross-site request forgery0.00CVE-2022-29414
1987476.66.6
 
6.6
 
 
NVIDIA Omniverse Nucleus/Omniverse Cache OpenSSL Configuration name resolution0.03CVE-2022-28198
1987464.83.7
 
5.9
 
 
IBM UrbanCode Deploy inadequate encryption0.00CVE-2021-39082
1987455.55.5
 
 
 
 
USU Oracle Optimization os command injection0.00CVE-2022-29937
1987443.53.5
 
 
 
 
USU Oracle Optimization Agent-Installer information disclosure0.00CVE-2022-29935
1987438.08.0
 
 
 
 
USU Oracle Optimization Polkit Authentication improper authentication0.00CVE-2022-29934
1987426.36.3
 
 
 
 
USU Oracle Optimization Java Deserialization save-data-upload-big-file deserialization0.03CVE-2022-29936
1987413.53.5
 
 
 
 
Woodpecker Build Log BuildLog.vue cross site scripting0.00CVE-2022-29947
1987404.84.3
 
5.4
 
 
yaireo tagify Field cross site scripting0.00CVE-2022-25854
1987393.53.5
 
 
 
 
pesign pwdata Invocation cms_common.c cms_set_pw_data null pointer dereference0.04CVE-2022-1249
1987385.55.5
 
 
 
 
Glewlwyd static_compressed_inmemory_website_callback.c pathname traversal0.00CVE-2022-29967
1987377.35.3
 
9.3
 
 
erudika scoold Text Size resource consumption0.06CVE-2022-1543
1987363.53.5
 
 
 
 
Automation Anywhere Automation 360 RPA Package hard-coded key0.06CVE-2022-29856
1987355.55.5
 
 
 
 
ALLPlayer ALLMediaServer MediaServer.exe buffer overflow0.05CVE-2022-28480
1987347.06.3
 
7.8
 
 
Delta Electronics ASDA-Soft Project File out-of-bounds write0.06CVE-2022-1403
1987337.06.3
 
7.8
 
 
Delta Electronics ASDA-Soft Project File out-of-bounds read0.05CVE-2022-1402
1987326.36.3
 
 
 
 
Moodle improper authentication0.06CVE-2022-0985
1987315.55.5
 
 
 
 
Moodle Badge Criteria access control0.00CVE-2022-0984
1987305.93.7
 
8.1
 
 
Elcomplus SmartPTT SCADA Server information disclosure0.03CVE-2021-43938
1987298.08.0
 
 
 
 
QEMU QXL Display Device Emulation heap-based overflow0.00CVE-2021-4207
1987288.08.0
 
 
 
 
QEMU QXL Display Device Emulation cursor_alloc heap-based overflow0.03CVE-2021-4206
1987277.56.3
 
8.8
 
 
Johnson Controls Metasys ADS/Metasys ADX/Metasys OAS privileges management0.00CVE-2021-36207
1987263.53.1
 
4.0
 
 
DJI Drone AeroScope Protocol information disclosure0.19CVE-2022-29945
1987257.37.3
 
 
 
 
Max Feoktistov Small HTTP Server GET Request buffer overflow0.06CVE-2022-28994
1987245.55.5
 
 
 
 
Podman Image permissions0.15CVE-2022-1227
1987236.36.3
 
 
 
 
ImageMagick DICOM Image dcm.c RelinquishDCMInfo use after free0.09CVE-2022-1114
1987225.94.3
 
7.6
 
 
Elcomplus SmartPTT SCADA Server Web Application cross-site request forgery0.03CVE-2021-43937
1987216.36.3
 
 
 
 
GNOME gnome-shell CAP_SYS_NICE dropped privileges0.22CVE-2021-3982
1987206.36.3
 
 
 
 
Linux Kernel Kernel Memory af_key.c pfkey_register information disclosure0.09CVE-2022-1353
1987196.36.3
 
 
 
 
Linux Kernel Sound Subsystem hw_params use after free0.12CVE-2022-1048
1987186.36.3
 
 
 
 
Linux Kernel Netfilter Subsystem nf_tables_api.c nft_do_chain out-of-bounds write0.03CVE-2022-1015
1987173.33.3
 
 
 
 
Linux Kernel Device hamradio use after free0.03CVE-2022-1195

Want to stay up to date on a daily basis?

Enable the mail alert feature now!