CVSSv3 05/04/2022

CVSSv3 Base

≤10
≤20
≤36
≤422
≤526
≤628
≤733
≤811
≤90
≤103

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤36
≤431
≤517
≤631
≤731
≤810
≤90
≤103

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤39
≤423
≤527
≤627
≤730
≤810
≤93
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤47
≤513
≤62
≤710
≤815
≤92
≤105

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1990505.55.5
 
 
 
 
Jspxcms fetch_url.do server-side request forgery1.50CVE-2022-28090
1990495.82.6
 
9.1
 
 
Secomea SiteManager Web UI cross site scripting1.30CVE-2022-25784
1990483.42.6
 
4.2
 
 
Secomea GateManager Web UI cross site scripting1.34CVE-2022-25781
1990474.34.3
 
4.2
 
 
Secomea GateManager Web UI cross-site request forgery1.34CVE-2022-25778
1990466.36.3
 
 
 
 
SonicWALL Global VPN Client Installer uncontrolled search path1.26CVE-2021-20051
1990456.36.3
 
 
 
 
Cscms Song Module sql injection1.15CVE-2022-28552
1990446.36.3
 
 
 
 
H3C MagicR100 ajaxget Interface improper authorization1.34CVE-2022-28940
1990435.55.5
 
 
 
 
Tenda AC15 setpptpservercfg stack-based overflow1.22CVE-2022-28556
1990425.54.6
 
6.4
 
 
Ping Identity PingID cryptographic issues1.46CVE-2022-23724
1990415.55.5
 
 
 
 
osTicket password recovery1.26CVE-2021-42235
1990406.36.3
 
6.3
 
 
Fortinet FortiOS SSL-VPN Tunnel Status access control1.70CVE-2021-41032
1990397.56.3
 
8.8
 
 
Fortinet FortiIsolator CA Certificate access control1.42CVE-2021-41020
1990385.55.5
 
 
 
 
libwav libwav.c wav_format_write uninitialized pointer1.58CVE-2022-28488
1990373.53.5
 
 
 
 
tcpreplay fix_ipv6_checksums memory leak1.42CVE-2022-28487
1990363.53.5
 
 
 
 
Sandboxie Classic Executable denial of service1.42CVE-2022-28067
1990355.73.9
 
7.5
 
 
Secomea GateManager LMM API Local Privilege Escalation1.34CVE-2022-25787
1990344.34.3
 
4.3
 
 
Secomea GateManager Log information disclosure1.34CVE-2022-25783
1990335.96.3
 
5.4
 
 
Secomea GateManager insufficient privileges1.30CVE-2022-25782
1990324.34.3
 
4.3
 
 
Secomea GateManager Web UI information disclosure1.34CVE-2022-25780
1990314.95.4
 
4.3
 
 
Secomea GateManager Audit Log unknown vulnerability1.46CVE-2022-25779
1990304.63.7
 
5.6
 
 
Secomea SiteManager/LinkManager/GateManager TLS Stack inadequate encryption1.42CVE-2021-32010
1990296.36.3
 
 
 
 
wdja Foreground Search sql injection1.34CVE-2021-42185
1990286.46.3
 
6.6
 
 
Secomea SiteManager stack-based overflow1.50CVE-2022-25785
1990276.45.3
 
7.5
 
 
Fortinet FortiSOAR Gateway API access control1.58CVE-2022-23443
1990266.36.3
 
 
 
 
Experian Hunter Rule Privilege Escalation1.34CVE-2022-29950
1990255.55.5
 
 
 
 
Fujitsu Lifebook FjGabiFlashCoreAbstractionSmm Driver buffer overflow1.50CVE-2022-28806
1990245.55.5
 
 
 
 
Tenda AX12 SetNetControlList stack-based overflow1.26CVE-2022-28082
1990233.53.5
 
 
 
 
Libarchive lzma_decode information disclosure1.26CVE-2022-28066
1990226.36.3
 
 
 
 
nopCommerce redirect1.46CVE-2022-27461
1990215.55.5
 
 
 
 
Tenda AC15 setsambacfg command injection1.26CVE-2022-28557
1990204.34.3
 
4.3
 
 
Fortinet FortiOS/FortiProxy information exposure1.46CVE-2021-43206
1990193.33.3
 
 
 
 
ClamAV Scanning Library denial of service1.30CVE-2022-20796
1990186.45.3
 
7.5
 
 
ClamAV Scanning Library HTML File Parser memory leak1.26CVE-2022-20785
1990176.45.3
 
7.5
 
 
ClamAV Scanning Library TIFF File Parser resource management1.50CVE-2022-20771
1990166.95.3
 
8.6
 
 
ClamAV Scanning Library CHM Parser resource management1.15CVE-2022-20770
1990153.32.3
 
4.4
 
 
Cisco SD-WAN vManage Software File System access control1.38CVE-2022-20734
1990146.05.5
 
6.5
 
 
Cisco TelePresence Collaboration Endpoint/RoomOS redirect1.03CVE-2022-20794
1990139.38.8
 
9.9
 
 
Cisco Enterprise NFV Infrastructure Software access control1.66CVE-2022-20780
1990129.38.8
 
9.9
 
 
Cisco Enterprise NFV Infrastructure Software access control1.42CVE-2022-20779
1990119.38.8
 
9.9
 
 
Cisco Enterprise NFV Infrastructure Software access control1.50CVE-2022-20777
1990106.05.5
 
6.5
 
 
Cisco TelePresence Collaboration Endpoint/RoomOS Web Engine redirect1.15CVE-2022-20764
1990094.74.7
 
4.7
 
 
Cisco RV340/RV345 Web-based Management Interface stack-based overflow1.19CVE-2022-20753
1990084.74.7
 
4.7
 
 
Cisco RV340/RV345 Web-based Management Interface command injection1.22CVE-2022-20801
1990074.74.7
 
 
 
 
Cisco RV340/RV345 Web-based Management Interface command injection1.07CVE-2022-20799
1990065.05.0
 
 
 
 
MyBatis PageHelper sql injection1.03CVE-2022-28111
1990056.36.3
 
 
 
 
Sourcecodester Doctor's Appointment System Administrator Panel unrestricted upload0.99CVE-2022-28568
1990046.36.3
 
 
 
 
Eve-NG Professional/Community UNL File os command injection1.11CVE-2022-27903
1990036.36.3
 
 
 
 
Seacms Mail Server Settings Privilege Escalation0.95CVE-2022-28076
1990023.53.5
 
 
 
 
arPHP Query.php cross site scripting1.07CVE-2022-28081
1990015.55.5
 
 
 
 
Web@archiv unrestricted upload1.26CVE-2022-29347

79 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!