CVSSv3 05/11/2022

CVSSv3 Base

≤10
≤21
≤30
≤416
≤514
≤631
≤717
≤84
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤30
≤416
≤514
≤636
≤713
≤83
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤31
≤416
≤514
≤630
≤717
≤87
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤54
≤64
≤72
≤83
≤92
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1995104.34.3
 
4.3
 
 
GitLab unknown vulnerability0.03CVE-2022-1428
1995093.53.5
 
 
 
 
SAP NetWeaver Application Server ABAP Theme cross site scripting0.07CVE-2022-29610
1995085.55.5
 
 
 
 
SAP Host Agent/Netweaver/ABAP Platform out-of-bounds write0.07CVE-2022-29616
1995075.55.5
 
 
 
 
SAP NetWeaver Application Server for ABAP authorization0.17CVE-2022-29611
1995066.36.3
 
 
 
 
Shopwind Database.php sql injection0.00CVE-2022-30452
1995056.57.3
 
5.6
 
 
IBM Spectrum Virtualize access control0.03CVE-2021-38969
1995044.94.3
 
5.5
 
 
LibTIFF tif_lzw.c LZWDecode out-of-bounds read0.05CVE-2022-1623
1995034.94.3
 
5.5
 
 
LibTIFF TIFF File tif_lzw.c LZWDecode out-of-bounds read0.00CVE-2022-1622
1995023.53.5
 
 
 
 
ftcms tp.php path traversal0.07CVE-2022-30062
1995014.64.6
 
 
 
 
ftcms tp.php unknown vulnerability0.03CVE-2022-30060
1995003.62.4
 
4.8
 
 
IBM QRadar SIEM Web UI cross site scripting0.05CVE-2022-22320
1994994.43.5
 
5.4
 
 
IBM Jazz Foundation Web UI cross site scripting0.00CVE-2021-39059
1994986.36.3
 
 
 
 
Shopwind Database.php Privilege Escalation0.00CVE-2022-30453
1994974.64.6
 
 
 
 
Shopwind DbController.php denial of service0.00CVE-2022-30059
1994963.53.5
 
 
 
 
Shopwind DbController.php information disclosure0.00CVE-2022-30058
1994956.36.3
 
 
 
 
Hospital Management System in PHP room.php sql injection0.04CVE-2022-30449
1994946.36.3
 
 
 
 
Hospital Management System in PHP treatmentrecord.php unrestricted upload0.00CVE-2022-30448
1994936.36.3
 
 
 
 
waimairen wx.php Privilege Escalation0.05CVE-2022-30450
1994923.53.5
 
 
 
 
Survey Sparrow Enterprise Survey Software cross site scripting0.07CVE-2022-29728
1994915.55.5
 
 
 
 
bludit Backup Plugin unrestricted upload0.05CVE-2020-19228
1994903.53.5
 
 
 
 
Alt-N MDaemon cross site scripting0.05CVE-2022-29976
1994893.53.5
 
 
 
 
Alt-N MDaemon cross site scripting0.03CVE-2022-29975
1994887.57.5
 
 
 
 
Asus DSL-N14U-B1 TCP SYN denial of service0.00CVE-2021-3254
1994873.53.5
 
 
 
 
Survey Sparrow Enterprise Survey Software cross site scripting0.00CVE-2022-29727
1994865.55.5
 
 
 
 
Wedding Management System Upload Photos Module unrestricted upload0.05CVE-2022-29655
1994855.55.5
 
 
 
 
Car Rental Management System New Entry Module unrestricted upload0.03CVE-2022-29318
1994846.36.3
 
 
 
 
Wedding Management System package_detail.php sql injection0.04CVE-2022-29656
1994836.36.3
 
 
 
 
Simple Bus Ticket Booking System _handleLogin.php sql injection0.07CVE-2022-29317
1994826.36.3
 
 
 
 
Complete Online Job Search System sql injection0.07CVE-2022-29316
1994816.76.3
 
7.2
 
 
Fortinet FortiNAC Strings sql injection0.00CVE-2022-26116
1994804.54.5
 
 
 
 
Google Android RootWindowContainer.java startActivityForAttachedApplicationIfNeeded race condition0.03CVE-2022-20007
1994795.36.3
 
4.3
 
 
GitLab Community Edition/Enterprise Edition Project Members-only Wiki access control0.07CVE-2022-1417
1994784.64.6
 
 
 
 
AMD EPYC Elliptic Curve unknown vulnerability0.17CVE-2021-26408
1994775.55.5
 
 
 
 
AMD EPYC Bootloader SVC_LOAD_BINARY_BY_ATTRIB input validation0.10CVE-2021-26370
1994765.55.5
 
 
 
 
AMD EPYC DRTM UApp initialization0.00CVE-2021-26353
1994753.53.5
 
 
 
 
AMD EPYC System Management Unit memory corruption0.21CVE-2021-26352
1994744.64.6
 
 
 
 
AMD EPYC SEV-ES TMR denial of service0.03CVE-2021-26332
1994735.55.5
 
 
 
 
AMD EPYC SEV-ES TMR memory corruption0.05CVE-2021-26324
1994724.34.3
 
 
 
 
Black Duck Hub Embedded MadCap Flare Documentation File cross site scripting0.03CVE-2022-30278
1994715.35.3
 
 
 
 
Google Android ion.c ion_ioctl use after free0.07CVE-2022-20118
1994703.33.3
 
 
 
 
Google Android TelephonyRegistry.java broadcastServiceStateChanged information disclosure0.05CVE-2022-20115
1994693.33.3
 
 
 
 
Google Android NotificationManagerService.java getArray information disclosure0.13CVE-2022-20011
1994685.35.3
 
 
 
 
Google Android USB Gadget Subsystem out-of-bounds write0.04CVE-2022-20009
1994675.35.3
 
 
 
 
Google Android APK Parser PackageInstallerSession.java validateApkInstallLocked Local Privilege Escalation0.03CVE-2022-20005
1994663.33.3
 
 
 
 
Google Android CTS Listening Ports Test information disclosure0.05CVE-2021-39700
1994656.36.3
 
 
 
 
LMS Doctor Simple 2 Factor Authentication Plugin resource injection0.03CVE-2022-28986
1994645.55.5
 
 
 
 
TOTOLink N600R FUN_00415bf0 stack-based overflow0.13CVE-2022-29399
1994635.55.5
 
 
 
 
TOTOLink N600R FUN_0041309c stack-based overflow0.07CVE-2022-29398
1994625.55.5
 
 
 
 
TOTOLink N600R FUN_004196c8 stack-based overflow0.06CVE-2022-29397
1994615.55.5
 
 
 
 
TOTOLink N600R FUN_00418f10 stack-based overflow0.03CVE-2022-29396

36 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!