CVSSv3 05/19/2022

CVSSv3 Base

≤10
≤20
≤31
≤410
≤512
≤619
≤712
≤87
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤49
≤512
≤622
≤710
≤86
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤412
≤521
≤611
≤711
≤85
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤42
≤54
≤65
≤75
≤812
≤95
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2003816.86.3
 
7.3
 
 
vim out-of-bounds write1.47+CVE-2022-1785
2003807.57.5
 
7.5
 
 
ISC BIND TLS Session assertion2.02CVE-2022-1183
2003795.55.5
 
 
 
 
Octopus Server Privilege Escalation2.08CVE-2022-1670
2003785.25.6
 
4.8
 
 
IBM DataPower Gateway HTTP Header injection1.73-CVE-2021-38944
2003774.34.3
 
4.3
 
 
Lenovo XClarity Controller LDAP Authentication authorization1.70-CVE-2021-3956
2003764.34.3
 
 
 
 
Meikyo WATCH BOOT/PoE BOOT/TIME BOOT/POSE SE10-8A7B1 cross-site request forgery1.63-CVE-2022-27632
2003755.24.3
 
6.1
 
 
TIBCO BusinessConnect Trading Community Management Web Server cross site scripting1.57-CVE-2022-22777
2003746.54.3
 
8.8
 
 
TIBCO BusinessConnect Trading Community Management Web Server cross-site request forgery1.79-CVE-2022-22778
2003735.73.5
 
8.0
 
 
TIBCO BusinessConnect Trading Community Management Web Server cross site scripting1.31-CVE-2022-22776
2003728.88.8
 
8.8
 
 
Lenovo Personal Cloud Storage Web Interface/Serial Port hard-coded credentials1.49-CVE-2021-42850
2003716.84.3
 
9.4
 
 
erudika para cross site scripting1.29-CVE-2022-1782
2003705.94.3
 
7.5
 
 
OctoPrint cross site scripting1.32-CVE-2022-1432
2003695.94.3
 
7.5
 
 
OctoPrint cross site scripting1.26-CVE-2022-1430
2003683.53.5
 
 
 
 
Moodle Bulk Allocating Marker cross site scripting1.34-CVE-2022-30596
2003676.45.3
 
7.5
 
 
jgraph drawio server-side request forgery1.28-CVE-2022-1767
2003666.06.5
 
5.5
 
 
Lenovo Smart Standby Driver buffer overflow1.35-CVE-2022-1110
2003656.86.8
 
6.8
 
 
Lenovo Personal Cloud Storage hard-coded credentials1.29-CVE-2021-42849
2003647.67.5
 
7.8
 
 
Lenovo System Interface Foundation IMController toctou1.41-CVE-2021-3969
2003637.67.5
 
7.8
 
 
Lenovo System Interface Foundation IMController toctou1.46-CVE-2021-3922
2003623.73.7
 
 
 
 
Acronis Cyber Protect cleartext transmission1.32-CVE-2022-30994
2003615.55.5
 
 
 
 
Tenda TX9 Pro httpd setIPv6Status buffer overflow1.41-CVE-2022-30033
2003604.93.5
 
6.3
 
 
Hydrogen cross site scripting1.38-CVE-2022-29230
2003596.24.3
 
8.2
 
 
jgraph drawio information disclosure1.21-CVE-2022-1774
2003585.96.3
 
5.5
 
 
vim stack-based overflow1.67-CVE-2022-1771
2003573.13.1
 
 
 
 
Moodle Failed Login calculation1.40-CVE-2022-30600
2003566.36.3
 
 
 
 
Moodle Badge Code sql injection1.40-CVE-2022-30599
2003553.53.5
 
 
 
 
Moodle Search Result information disclosure1.25-CVE-2022-30598
2003546.36.3
 
 
 
 
Moodle Description User Field access control1.15-CVE-2022-30597
2003535.05.0
 
 
 
 
MCK Smartlock authentication replay1.10-CVE-2022-30111
2003524.34.3
 
 
 
 
BlogEngine.NET cross-site request forgery0.91-CVE-2022-28921
2003515.05.0
 
 
 
 
Zoom Client for Meetings/Rooms for Conference Room Installation Remote Code Execution1.03-CVE-2022-22786
2003507.78.0
 
7.3
 
 
Snow License Manager unquoted search path0.94-CVE-2022-0883
2003496.36.3
 
6.3
 
 
Lenovo Personal Cloud Storage authorization1.21-CVE-2021-42851
2003487.06.3
 
7.8
 
 
Inkscape out-of-bounds write1.23-CVE-2021-42704
2003473.84.3
 
3.3
 
 
Inkscape uninitialized pointer1.20-CVE-2021-42702
2003465.55.5
 
 
 
 
ARM Midgard/Bifrost/Valhall Mali GPU Kernel Driver use after free0.96-CVE-2022-28349
2003455.55.5
 
 
 
 
ARM Valhall Mali GPU Kernel Driver use after free0.94-CVE-2022-28350
2003445.55.5
 
 
 
 
ARM Midgard/Bifrost/Valhall Mali GPU Kernel Driver use after free0.96-CVE-2022-28348
2003433.33.3
 
3.3
 
 
Inkscape out-of-bounds read1.18-CVE-2021-42700
2003424.43.5
 
5.4
 
 
ToolJet injection0.98-CVE-2022-23068
2003416.14.9
 
7.3
 
 
GPAC use after free0.96-CVE-2022-1795
2003407.36.3
 
8.3
 
 
jgraph drawio input validation0.99-CVE-2022-1727
2003394.34.3
 
 
 
 
Xpdf XFAScanner.cc scanNode null pointer dereference1.25-CVE-2021-27548
2003385.45.0
 
5.9
 
 
Zoom Client for Meetings Hostname Privilege Escalation1.21-CVE-2022-22787
2003375.45.0
 
5.9
 
 
Zoom Client for Meetings Session Cookie Privilege Escalation1.03-CVE-2022-22785
2003367.26.3
 
8.1
 
 
Zoom Client for Meetings XMPP Message access control1.13-CVE-2022-22784
2003353.53.5
 
 
 
 
Meikyo WATCH BOOT/PoE BOOT/TIME BOOT/POSE SE10-8A7B1 cross site scripting0.94-CVE-2022-28717
2003343.73.7
 
 
 
 
Acronis Cyber Protect cleartext transmission0.96-CVE-2022-30993
2003334.94.9
 
 
 
 
Acronis Cyber Protect redirect1.08-CVE-2022-30992
2003323.03.0
 
 
 
 
Acronis Cyber Protect Report Name injection0.99-CVE-2022-30991

13 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!