CVSSv3 05/17/2022

CVSSv3 Base

≤10
≤20
≤30
≤411
≤53
≤616
≤722
≤84
≤92
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤411
≤55
≤627
≤712
≤81
≤92
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤410
≤57
≤617
≤717
≤86
≤91
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤51
≤63
≤72
≤84
≤91
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2000665.35.3
 
 
 
 
jgraph drawio server-side request forgery0.40+CVE-2022-1711
2000653.53.5
 
 
 
 
cmseasy Database Configuration information disclosure0.34+CVE-2021-42644
2000645.55.5
 
 
 
 
cmseasy unrestricted upload0.37+CVE-2021-42643
2000296.45.3
 
7.5
 
 
jgraph drawio server-side request forgery0.71+CVE-2022-1723
2000284.34.3
 
 
 
 
Apache ShenYu Regular Expression RegexPredicateJudge.java Pattern.matches authorization0.77+CVE-2022-26650
2000273.53.5
 
 
 
 
IPPlan usermanager.php cross site scripting0.65+CVE-2021-42943
2000263.53.5
 
 
 
 
Parallels H-Sphere index_en.php cross site scripting1.59CVE-2022-30777
2000253.53.5
 
 
 
 
atmail cross site scripting1.71CVE-2022-30776
2000246.36.3
 
 
 
 
FeMiner wms datarec.php Privilege Escalation1.68CVE-2021-42897
2000233.53.5
 
 
 
 
totaljs CMS JavaScript Embedded PDF cross site scripting1.79CVE-2022-30013
2000226.36.3
 
 
 
 
Acronis Snap Deploy uncontrolled search path1.81CVE-2022-30697
2000216.36.3
 
 
 
 
Acronis Snap Deploy uncontrolled search path1.58CVE-2022-30696
2000206.36.3
 
 
 
 
Acronis Snap Deploy unnecessary privileges1.53CVE-2022-30695
2000198.88.8
 
 
 
 
Trend Micro Password Manager link following1.90CVE-2022-30523
2000186.55.6
 
7.5
 
 
jgraph drawio Editors Proxy server-side request forgery1.62CVE-2022-1722
2000176.45.3
 
7.5
 
 
jgraph drawio WellKnownServlet path traversal1.47CVE-2022-1721
2000165.55.5
 
 
 
 
Metasonic Doc WebClient sql injection1.58CVE-2022-1731
2000155.55.5
 
 
 
 
Joel Christner WatsonWebserver/IpMatcher IP Address input validation1.43CVE-2021-33318
2000145.36.3
 
4.3
 
 
Crafter CMS URL neutralization for logs1.47CVE-2021-23266
2000133.94.3
 
3.5
 
 
Crafter CMS Content Item privileges management1.34CVE-2021-23265
2000125.55.5
 
 
 
 
Connect-Multiparty PDF File unrestricted upload1.43CVE-2022-29623
2000115.55.5
 
 
 
 
formidable Filename unrestricted upload1.31CVE-2022-29622
2000105.55.5
 
 
 
 
Keystone unrestricted upload1.40CVE-2022-29354
2000095.55.5
 
 
 
 
Graphql-upload Filename unrestricted upload1.60CVE-2022-29353
2000085.55.5
 
 
 
 
TiddlyWiki5 SVG File unrestricted upload1.66CVE-2022-29351
2000076.45.3
 
7.5
 
 
jgraph drawio proxy server-side request forgery1.51CVE-2022-1713
2000067.56.3
 
8.8
 
 
publify access control1.35CVE-2022-1553
2000056.37.3
 
5.3
 
 
publify code injection1.29CVE-2022-0578
2000046.37.3
 
5.3
 
 
publify access control1.35CVE-2022-0574
2000033.53.5
 
 
 
 
ACCEL-PPP post_msg out-of-bounds read1.35CVE-2021-42870
2000025.24.3
 
6.1
 
 
xArrow SCADA xhisalarm.htm cross site scripting1.35CVE-2021-33021
2000015.24.3
 
6.1
 
 
xArrow SCADA xhisvalue.htm cross site scripting1.29CVE-2021-33001
2000006.84.3
 
9.4
 
 
Weintek cMT cross site scripting3.15CVE-2021-27442
1999994.74.7
 
 
 
 
Crafter CMS Crafter Studio os command injection1.26CVE-2021-23267
1999983.53.5
 
 
 
 
Aruba ClearPass Policy Manager cross site scripting1.13CVE-2022-23659
1999975.35.3
 
 
 
 
PCRE2 Regular Expression pcre2_jit_compile.c get_recurse_data_length out-of-bounds read1.13CVE-2022-1587
1999965.35.3
 
 
 
 
PCRE2 Regular Expression pcre2_jit_compile.c compile_xclass_matchingpath out-of-bounds read0.94CVE-2022-1586
1999955.55.5
 
5.6
 
 
xArrow SCADA Registry Key path traversal1.13CVE-2021-33025
1999948.57.3
 
9.8
 
 
Weintek cMT access control1.25CVE-2021-27444
1999936.36.3
 
 
 
 
Aruba ClearPass Policy Manager server-side request forgery1.25CVE-2022-23668
1999924.34.3
 
 
 
 
Aruba ClearPass Policy Manager information disclosure1.13CVE-2022-23670
1999916.36.3
 
 
 
 
Aruba ClearPass Policy Manager command injection0.97CVE-2022-23667
1999906.36.3
 
 
 
 
Aruba ClearPass Policy Manager command injection0.97CVE-2022-23666
1999896.36.3
 
 
 
 
Aruba ClearPass Policy Manager command injection0.94CVE-2022-23665
1999886.36.3
 
 
 
 
Aruba ClearPass Policy Manager command injection1.03CVE-2022-23664
1999876.36.3
 
 
 
 
Aruba ClearPass Policy Manager command injection1.03CVE-2022-23663
1999866.36.3
 
 
 
 
Aruba ClearPass Policy Manager command injection0.85CVE-2022-23662
1999856.36.3
 
 
 
 
Aruba ClearPass Policy Manager command injection0.85CVE-2022-23661
1999847.37.3
 
 
 
 
Aruba ClearPass Policy Manager improper authentication0.85CVE-2022-23660
1999837.37.3
 
 
 
 
Aruba ClearPass Policy Manager improper authentication0.85CVE-2022-23658

9 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!