CVSSv3 05/06/2022

CVSSv3 Base

≤10
≤20
≤30
≤412
≤513
≤639
≤730
≤810
≤96
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤412
≤513
≤644
≤729
≤810
≤92
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤33
≤415
≤520
≤633
≤727
≤810
≤92
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤41
≤59
≤614
≤79
≤824
≤95
≤106

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1992023.73.7
 
 
 
 
3CX Phone System Management Console missing encryption0.00CVE-2022-28005
1992013.53.5
 
 
 
 
Tenda AX1806 fromAdvSetMacMtuWan denial of service0.07CVE-2022-28973
1992003.53.5
 
 
 
 
Tenda AX1806 form_fast_setting_wifi_set denial of service0.04CVE-2022-28972
1991993.53.5
 
 
 
 
Tenda AX1806 GetParentControlInfo denial of service0.07CVE-2022-28970
1991983.53.5
 
 
 
 
Tenda AX1806 fromSetWifiGusetBasic denial of service0.04CVE-2022-28969
1991973.53.5
 
 
 
 
Tenda AX1806 fromSetIpMacBind denial of service0.03CVE-2022-28971
1991966.36.3
 
 
 
 
Piwigo batch_manager.php sql injection0.06CVE-2020-19217
1991956.36.3
 
 
 
 
Piwigo user_perm.php sql injection0.03CVE-2020-19216
1991946.36.3
 
 
 
 
Piwigo user_perm.php sql injection0.07CVE-2020-19215
1991936.36.3
 
 
 
 
Piwigo cat_move.php move_categories sql injection0.00CVE-2020-19213
1991926.36.3
 
 
 
 
Piwigo group_list.php sql injection0.06CVE-2020-19212
1991914.94.3
 
5.5
 
 
Netty Incomplete Fix CVE-2021-21290 temp file0.03CVE-2022-24823
1991906.34.6
 
8.0
 
 
Johnson Controls Metasys ADS/Metasys ADX/Metasys OAS password recovery0.04CVE-2022-21934
1991895.55.5
 
 
 
 
uClibc/uClibc-ng DNS Transaction Privilege Escalation0.03CVE-2022-30295
1991886.36.3
 
 
 
 
WebKitGTK TextureMapperLayer.cpp setContentsLayer use after free0.03CVE-2022-30294
1991876.36.3
 
 
 
 
WebKitGTK TextureMapperLayer.cpp setContentsLayer heap-based overflow0.03CVE-2022-30293
1991866.36.3
 
 
 
 
Trojan-Ransom.LockerGoga wow64log.dll untrusted search path0.03
1991856.36.3
 
 
 
 
Ransom.CTBLocker SHFOLDER.DLL untrusted search path0.03
1991846.36.3
 
 
 
 
Trojan.Ransom.Cryptowall urlmon.dll untrusted search path0.00
1991836.36.3
 
 
 
 
REvil.Ransom urlmon.dll untrusted search path0.00
1991826.36.3
 
 
 
 
Trojan-Ransom.Cerber CLDAPI.dll untrusted search path0.00
1991815.55.6
 
5.4
 
 
XWiki Platform x509 Certificate risky encryption0.03CVE-2022-29161
1991805.42.4
 
8.4
 
 
Sophos Firewall Webadmin cross site scripting0.04CVE-2021-25268
1991794.62.4
 
6.8
 
 
Sophos Firewall Webadmin cross site scripting0.00CVE-2021-25267
1991783.64.3
 
2.9
 
 
TkVideoplayer Video File resource consumption0.07CVE-2022-24902
1991776.55.4
 
7.7
 
 
Flux/kustomize-controller kustomization.yaml path traversal0.08CVE-2022-24878
1991768.16.3
 
9.9
 
 
Flux/kustomize-controller kustomization.yaml path traversal0.00CVE-2022-24877
1991756.36.3
 
 
 
 
Zoho ManageEngine OpManager Default Report sql injection0.00CVE-2022-29535
1991746.35.3
 
7.4
 
 
Mozilla Hawk HTTP Authentication resource consumption0.03CVE-2022-29167
1991736.75.5
 
8.0
 
 
matrix-appservice-irc Reply injection0.00CVE-2022-29166
1991725.55.5
 
 
 
 
TOTOLINK A7100RU setWiFiWpsStart command injection0.00CVE-2022-28584
1991715.55.5
 
 
 
 
TOTOLINK A7100RU setWiFiWpsCfg command injection0.00CVE-2022-28583
1991705.55.5
 
 
 
 
TOTOLINK A7100RU setWiFiSignalCfg command injection0.00CVE-2022-28582
1991695.55.5
 
 
 
 
TOTOLINK A7100RU setWiFiAdvancedCfg command injection0.04CVE-2022-28581
1991685.55.5
 
 
 
 
TOTOLINK A7100RU setL2tpServerCfg command injection0.00CVE-2022-28580
1991675.55.5
 
 
 
 
TOTOLINK A7100RU setParentalRules command injection0.00CVE-2022-28579
1991665.55.5
 
 
 
 
TOTOLINK A7100RU setOpenVpnCfg command injection0.06CVE-2022-28578
1991655.55.5
 
 
 
 
TOTOLINK A7100RU delParentalRules command injection0.03CVE-2022-28577
1991645.55.5
 
 
 
 
TOTOLINK A7100RU setopenvpnclientcfg command injection0.06CVE-2022-28575
1991633.53.5
 
 
 
 
Poppler PDF File Hints denial of service0.06CVE-2022-27337
1991626.96.5
 
7.4
 
 
Anker Eufy Homebase libxm_av.so DemuxCmdInBuffer integer overflow0.00CVE-2022-26073
1991616.76.3
 
7.1
 
 
Anker Eufy Homebase DHCP libxm_av.so getpeermac authentication spoofing0.00CVE-2022-25989
1991605.55.5
 
 
 
 
Tenda TX9 Pro set_route os command injection0.00CVE-2022-29592
1991595.55.5
 
 
 
 
SchedMD Slurm access control0.00CVE-2022-29502
1991585.53.5
 
7.5
 
 
F5 BIG-IP AFM/BIG-IP CGNAT/BIG-IP PEM Configuration Utility cross site scripting0.05CVE-2022-28716
1991579.89.8
 
9.8
 
 
QNAP QVR command injection0.00CVE-2022-27588
1991566.46.3
 
6.5
 
 
F5 NGINX Service Mesh Control Plane Endpoint missing authentication0.03CVE-2022-27495
1991555.55.5
 
 
 
 
Wenzhou Huoyin BossCMS unrestricted upload0.12CVE-2022-28606
1991544.94.3
 
5.5
 
 
F5 Access information disclosure0.03CVE-2022-27875
1991538.67.3
 
10.0
 
 
ecdsautils CLI Command ecdsa_verify_list_legacy signature verification0.07CVE-2022-24884

62 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!