CVSSv3 05/02/2022

CVSSv3 Base

≤10
≤20
≤36
≤49
≤57
≤612
≤77
≤87
≤90
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤36
≤49
≤57
≤616
≤77
≤83
≤90
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤36
≤410
≤56
≤612
≤77
≤87
≤90
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤50
≤62
≤70
≤82
≤91
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1988263.53.5
 
 
 
 
Fast Flow Plugin Admin Dashboard cross site scripting0.19CVE-2022-1269
1988252.42.4
 
 
 
 
Import and Export Users and Customers Plugin CSV Data cross site scripting0.12CVE-2022-1255
1988243.53.5
 
 
 
 
LifterLMS PayPal Plugin Payment Confirmation Page cross site scripting0.12CVE-2022-1250
1988232.42.4
 
 
 
 
Visual Form Builder Plugin cross site scripting0.12CVE-2022-1046
1988224.34.3
 
 
 
 
click5 Sitemap Plugin REST Endpoint authorization0.09CVE-2022-0952
1988212.42.4
 
 
 
 
AdRotate Plugin Advert Name cross site scripting0.05CVE-2022-0662
1988202.42.4
 
 
 
 
AdRotate Plugin Group Name cross site scripting0.09CVE-2022-0649
1988193.53.5
 
 
 
 
Content Egg Plugin Autoblogging Admin Dashboard cross site scripting0.06CVE-2022-0428
1988182.42.4
 
 
 
 
Event List Plugin Setting cross site scripting0.06CVE-2022-0418
1988174.34.3
 
 
 
 
Ad Invalid Click Protector Plugin cross-site request forgery0.03CVE-2022-0191
1988163.53.5
 
 
 
 
All In One WP Security & Firewall Plugin Location Header cross site scripting0.03CVE-2021-25102
1988154.34.3
 
 
 
 
Advanced Page Visit Counter Plugin Admin Dashboard Page cross site scripting0.15CVE-2021-25086
1988143.53.5
 
 
 
 
10Web Photo Gallery Plugin AJAX Action cross site scripting0.07CVE-2022-1282
1988136.36.3
 
 
 
 
10Web Photo Gallery Plugin sql injection0.12CVE-2022-1281
1988125.55.5
 
 
 
 
HubSpot Plugin Proxy REST Endpoint server-side request forgery0.00CVE-2022-1239
1988117.37.3
 
 
 
 
Documentor Plugin sql injection0.09CVE-2022-0773
1988107.37.3
 
 
 
 
SiteSuperCharger Plugin sql injection0.12CVE-2022-0771
1988095.35.3
 
 
 
 
Tipsacarrier Plugin Orders authorization0.15CVE-2021-25002
1988087.37.3
 
 
 
 
Multiple Shipping Address Woocommerce Plugin sql injection0.12CVE-2022-0783
1988072.92.4
 
3.5
 
 
IBM ICP4A information disclosure0.25CVE-2021-29859
1988064.74.7
 
 
 
 
Import WP Plugin Import File unrestricted upload0.06CVE-2022-1273
1988055.55.5
 
 
 
 
VanDyke VShell Value Privilege Escalation0.28CVE-2022-28054
1988046.36.3
 
 
 
 
mingSoft MCMS list.do sql injection0.09CVE-2022-27466
1988035.55.5
 
 
 
 
D-Link DIR-823-Pro SetNTPserverSeting command injection0.25CVE-2022-28573
1988025.55.5
 
 
 
 
ShopXO Add Index.php access control0.06CVE-2022-28056
1988013.53.5
 
 
 
 
Ruijie-NBR RG-NBR-E Enterprise Gateway check.php information disclosure0.25CVE-2022-27983
1988006.36.3
 
 
 
 
Ruijie-NBR RG-NBR-E Enterprise Gateway upLoadCfg.php Privilege Escalation0.06CVE-2022-27982
1987994.34.3
 
 
 
 
Rainworx Auctionworx Enterprise/Auctionworx Events Edition Admin Control Panel cross-site request forgery0.19CVE-2022-23904
1987983.33.3
 
 
 
 
relan exFAT Filesystem information disclosure0.06CVE-2022-29973
1987973.53.5
 
 
 
 
RSS Extension RSS Element cross site scripting0.12CVE-2022-29969
1987964.43.5
 
5.4
 
 
Vendure SVG File cross site scripting0.09CVE-2022-23065
1987955.55.5
 
 
 
 
Sinatra Static File Privilege Escalation0.18CVE-2022-29970
1987948.07.3
 
8.8
 
 
Snipe-IT Header injection0.18CVE-2022-23064
1987939.89.8
 
9.8
 
 
TRUMPF TruTops Boost/TruTops Fab/TruTops Monitor missing authentication0.28CVE-2022-1300
1987925.55.5
 
 
 
 
Tenda AX1806 SetIPv6Status command injection0.31CVE-2022-28572
1987915.55.5
 
 
 
 
D-Link DIR-882 cli command injection0.25CVE-2022-28571
1987905.55.5
 
 
 
 
Tuxera ntfs-3g ntfsck heap-based overflow0.03CVE-2021-46790
1987895.96.3
 
5.4
 
 
SUSE Rancher Catalog privileges management0.16CVE-2021-4200
1987887.27.2
 
7.2
 
 
SUSE Rancher privileges management0.18CVE-2021-36784
1987876.35.3
 
7.3
 
 
SUSE Rancher information disclosure0.11CVE-2021-36778
1987867.57.5
 
 
 
 
Linux Kernel systemd Nimbuspwn toctou0.56CVE-2022-29800
1987856.36.3
 
 
 
 
Linux Kernel systemd networkd-dispatcher Nimbuspwn pathname traversal0.40CVE-2022-29799
1987845.55.5
 
 
 
 
GeoServer Proxy Host server-side request forgery0.09CVE-2021-40822
1987833.53.5
 
 
 
 
Cyclos Pro Account Registration cross site scripting0.00CVE-2021-31673
1987827.87.8
 
 
 
 
Progress OpenEdge SUID Binary permissions0.00CVE-2022-29849
1987816.36.3
 
 
 
 
Nop Solution Ltd nopCommerce Maintenance Feature pathname traversal0.06CVE-2022-28451
1987804.34.3
 
 
 
 
Cyclos Pro Error cross site scripting0.09CVE-2021-31674
1987795.55.5
 
 
 
 
Linux Kernel kiocb io_uring.c io_rw_init_file initialization0.25CVE-2022-29968
1987786.36.3
 
 
 
 
Ransom.LockBit netapi32.dll untrusted search path0.00

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!