CVSSv3 05/24/2022

CVSSv3 Base

≤10
≤20
≤32
≤48
≤58
≤610
≤711
≤84
≤91
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤47
≤58
≤611
≤711
≤83
≤91
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤48
≤511
≤69
≤711
≤82
≤91
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤32
≤40
≤52
≤62
≤74
≤85
≤92
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2006263.53.5
 
 
 
 
SiteServer CMS cross site scripting0.30CVE-2021-42656
2006256.36.3
 
 
 
 
SiteServer CMS sql injection0.36CVE-2021-42655
2006245.55.5
 
 
 
 
SiteServer CMS unrestricted upload0.36CVE-2021-42654
2006237.25.5
 
9.0
 
 
erudika para behavioral workflow0.47CVE-2022-1848
2006224.34.3
 
 
 
 
Tenda AC9 httpd buffer overflow0.59CVE-2021-42659
2006213.53.5
 
 
 
 
Badminton Center Management System cross site scripting0.47CVE-2022-30456
2006206.36.3
 
 
 
 
Badminton Center Management System sql injection0.36CVE-2022-30455
2006196.36.3
 
 
 
 
Merchandise Online Store sql injection0.48CVE-2022-30454
2006187.87.8
 
7.8
 
 
Zyxel USG/ZyWALL packet-trace argument injection0.65CVE-2022-26532
2006175.75.3
 
6.1
 
 
Zyxel USG/ZyWALL buffer overflow0.36CVE-2022-26531
2006163.53.5
 
 
 
 
WonderCMS Simple Blog Plugin cross site scripting0.36CVE-2021-42233
2006154.34.3
 
 
 
 
XXL-Job add cross-site request forgery0.36CVE-2022-29002
2006144.34.3
 
 
 
 
Lumidek Simple Food Website cross-site request forgery0.59CVE-2022-30014
2006135.04.3
 
5.8
 
 
ZyXEL USG/ZyWALL CGI Program cross site scripting0.48CVE-2022-0734
2006123.53.5
 
 
 
 
SourceCodester Rescue Dispatch Management System cross site scripting0.53CVE-2022-30017
2006115.55.5
 
 
 
 
SourceCodester Rescue Dispatch Management System access control0.73CVE-2022-30016
2006105.55.5
 
 
 
 
Mastodon Email user.rb access control0.61CVE-2022-31263
2006095.44.3
 
6.5
 
 
ZyXEL USG/ZyWALL Two-Factor Authentication improper authentication0.85CVE-2022-0910
2006086.36.3
 
 
 
 
Dev-CPP devcpp.exe permission0.66CVE-2022-28999
2006075.55.5
 
 
 
 
mysiteforme server-side request forgery0.79CVE-2022-29309
2006064.64.6
 
 
 
 
imgurl localhost sql injection0.85CVE-2022-29305
2006055.75.7
 
 
 
 
TOTOLINK A3600R infostat.cgi fread stack-based overflow0.73CVE-2022-29377
2006046.86.3
 
7.4
 
 
AVEVA InTouch Access Anywhere Language Bar exposure of resource0.72CVE-2022-1467
2006037.16.3
 
7.9
 
 
Quick Heal Total Security Installation uncontrolled search path0.90CVE-2022-31467
2006026.45.0
 
7.9
 
 
Quick Heal Total Security toctou0.72CVE-2022-31466
2006017.76.3
 
9.1
 
 
publify unrestricted upload0.61CVE-2022-1811
2006006.04.3
 
7.7
 
 
Tipask Attachment information disclosure0.84CVE-2021-41714
2005994.94.3
 
5.5
 
 
Claroty Secure Remote Access Site Command Line Interface authentication bypass0.73CVE-2021-32958
2005988.88.8
 
8.8
 
 
Cognex In-Sight OPC Server deserialization0.74CVE-2021-32935
2005976.36.3
 
 
 
 
Xampp Installation default permission0.61CVE-2022-29376
2005965.55.5
 
 
 
 
D-Link DSL-G2452DG permission0.72CVE-2022-28932
2005953.13.1
 
 
 
 
EMCO Products Installation code download0.84CVE-2022-28944
2005949.69.8
 
9.4
 
 
Annke N48PBB stack-based overflow0.90CVE-2021-32941
2005933.53.5
 
 
 
 
SourceCodester Simple Food Website all_users.php cross site scripting0.61CVE-2022-30015
2005923.53.5
 
 
 
 
Online Birth Certificate System profile.php cross site scripting0.67CVE-2022-29005
2005916.97.3
 
6.5
 
 
Cisco IOS XR Health Check access control1.13CVE-2022-20821
2005905.55.5
 
 
 
 
Inout Blockchain AltExchanger about sql injection0.61CVE-2022-31489
2005896.36.3
 
 
 
 
Inout Blockchain AltExchanger update_marketboxslider sql injection0.61CVE-2022-31488
2005886.36.3
 
 
 
 
Inout Blockchain AltExchanger master.php sql injection0.55CVE-2022-31487
2005873.53.5
 
 
 
 
Diary Management System search-result.php cross site scripting0.42CVE-2022-29004
2005862.42.4
 
2.4
 
 
Student Information System Student Roll Module cross site scripting1.08CVE-2022-1819
2005852.42.4
 
2.4
 
 
Home Clean Services Management System cross site scripting1.25CVE-2022-1840
2005846.36.3
 
6.3
 
 
Home Clean Services Management System login.php sql injection1.31CVE-2022-1839
2005834.74.7
 
4.7
 
 
Home Clean Services Management System login.php sql injection1.37CVE-2022-1838
2005824.74.7
 
4.7
 
 
Home Clean Services Management System unrestricted upload1.02CVE-2022-1837

Do you need the next level of professionalism?

Upgrade your account now!