CVSSv3 05/03/2022

CVSSv3 Base

≤10
≤20
≤32
≤46
≤53
≤65
≤79
≤81
≤911
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤46
≤53
≤67
≤77
≤81
≤911
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤32
≤46
≤53
≤65
≤78
≤81
≤911
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤42
≤50
≤62
≤71
≤86
≤90
≤1011

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1988633.53.5
 
 
 
 
Xtend Voice Logger Error Page cross site scripting0.30+CVE-2020-23618
1988623.53.5
 
 
 
 
TOTOLINK N200RE/N100RE Error Page cross site scripting0.30+CVE-2020-23617
1988612.42.0
 
2.9
 
 
Micro Focus NetIQ Access Manager cross site scripting0.34+CVE-2022-26325
1988605.55.5
 
 
 
 
Mozilla geckodriver Host Header Privilege Escalation0.27+CVE-2021-4138
1988595.55.5
 
 
 
 
Email Isolation On-Premise Links Privilege Escalation0.30+CVE-2022-24974
1988584.14.1
 
 
 
 
Ping Identity PingFederate PingOne MFA Integration Kit authentication bypass0.46+CVE-2022-23723
1988576.36.3
 
 
 
 
Ping Identity PingID Authentication API authentication bypass0.30+CVE-2022-23722
1988564.94.3
 
5.5
 
 
Adobe XMP Toolkit File Parser null pointer dereference0.38+CVE-2021-42528
1988557.57.5
 
7.5
 
 
Hitachi ABB RTU500 HCI Modbus TCP denial of service0.34+CVE-2022-28613
1988543.93.9
 
4.0
 
 
Micro Focus NetIQ Access Manager URL redirect0.31+CVE-2022-26326
1988538.98.1
 
9.8
 
 
Delta Electronics DIAEnergie DIAE_pgHandler.ashx sql injection0.34+CVE-2022-1378
1988528.98.1
 
9.8
 
 
Delta Electronics DIAEnergie DIAE_rltHandler.ashx sql injection0.27+CVE-2022-1377
1988518.98.1
 
9.8
 
 
Delta Electronics DIAEnergie DIAE_privgrpHandler.ashx sql injection0.31+CVE-2022-1376
1988508.98.1
 
9.8
 
 
Delta Electronics DIAEnergie DIAE_slogHandler.ashx sql injection0.27+CVE-2022-1375
1988498.98.1
 
9.8
 
 
Delta Electronics DIAEnergie DIAE_unHandler.ashx sql injection0.34+CVE-2022-1374
1988488.98.1
 
9.8
 
 
Delta Electronics DIAEnergie dlSlog.aspx sql injection0.23+CVE-2022-1372
1988478.98.1
 
9.8
 
 
Delta Electronics DIAEnergie ReadRegf sql injection0.23+CVE-2022-1371
1988468.98.1
 
9.8
 
 
Delta Electronics DIAEnergie ReadREGbyID sql injection0.23+CVE-2022-1370
1988458.98.1
 
9.8
 
 
Delta Electronics DIAEnergie ReadRegIND sql injection0.23+CVE-2022-1369
1988448.98.1
 
9.8
 
 
Delta Electronics DIAEnergie Handler_TCV.ashx sql injection0.23+CVE-2022-1367
1988438.98.1
 
9.8
 
 
Delta Electronics DIAEnergie HandlerChart.ashx sql injection0.27+CVE-2022-1366
1988425.75.7
 
 
 
 
QEMU USB EHCI Controller Emulation use after free0.27+CVE-2021-3750
1988416.25.0
 
7.5
 
 
xwiki-commons API path traversal0.30+CVE-2022-24897
1988407.06.3
 
7.8
 
 
Adobe XMP Toolkit SDK File stack-based overflow0.27+CVE-2021-42532
1988397.06.3
 
7.8
 
 
Adobe XMP Toolkit SDK File stack-based overflow0.27+CVE-2021-42531
1988387.06.3
 
7.8
 
 
Adobe XMP Toolkit SDK File stack-based overflow0.30+CVE-2021-42530
1988377.06.3
 
7.8
 
 
Adobe XMP Toolkit SDK File stack-based overflow0.34+CVE-2021-42529
1988363.82.4
 
5.2
 
 
M-Files Server Admin Tool cross site scripting0.34+CVE-2021-41810
1988353.53.5
 
 
 
 
matio File mat5.c Mat_VarReadNextInfo5 memory leak0.30+CVE-2022-1515
1988343.53.5
 
 
 
 
sox libsox lsx_adpcm_init out-of-bounds read0.34+CVE-2021-3643
1988335.55.5
 
 
 
 
Squire SVI MS Management System Java Remote Management Interface deserialization0.27+CVE-2020-23621
1988325.55.5
 
 
 
 
Orlansoft ERP Java Remote Management Interface deserialization0.30+CVE-2020-23620
1988315.03.5
 
6.5
 
 
Cloudways Breeze Plugin CDN Setting cross site scripting0.65+CVE-2022-29444
1988302.92.4
 
3.4
 
 
MyThemeShop WP Subscribe Plugin cross site scripting0.65+CVE-2021-36844
1988296.36.3
 
 
 
 
FFmpeg g729_parser.c g729_parse integer overflow0.61+CVE-2022-1475
1988286.36.3
 
 
 
 
BlackBasta Ransom wow64log.dll untrusted search path0.76+
1988276.36.3
 
 
 
 
Ransom.AvosLocker mpr.dll untrusted search path0.80+

Do you want to use VulDB in your project?

Use the official API to access entries easily!