CVSSv3 06/03/2022

CVSSv3 Base

≤10
≤20
≤30
≤448
≤524
≤658
≤799
≤813
≤96
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤446
≤524
≤666
≤790
≤813
≤96
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤33
≤457
≤519
≤657
≤794
≤813
≤94
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤41
≤53
≤68
≤79
≤816
≤98
≤105

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2012836.36.3
 
 
 
 
TOTOLINK EX1200T Telnet hard-coded credentials0.050.00885CVE-2021-42892
2012824.34.3
 
 
 
 
TOTOLINK EX1200T information disclosure0.020.00885CVE-2021-42891
2012813.53.5
 
 
 
 
TOTOLINK EX1200T information disclosure0.020.00885CVE-2021-42889
2012806.36.3
 
 
 
 
TOTOLINK EX1200T system.so NTPSyncWithHost command injection0.030.01055CVE-2021-42890
2012796.36.3
 
 
 
 
TOTOLINK EX1200T global.so setLanguageCfg command injection0.000.01055CVE-2021-42888
2012786.36.3
 
 
 
 
TOTOLINK EX1200T formLoginAuth.htm improper authentication0.000.00885CVE-2021-42887
2012773.53.5
 
 
 
 
TOTOLINK EX1200T apmib Configuration File information disclosure0.020.00885CVE-2021-42886
2012763.53.5
 
 
 
 
Fast Food Ordering System Master List Master.php cross site scripting0.000.00885CVE-2022-1991
2012756.36.3
 
 
 
 
zzcms dl_print.php sql injection0.060.00885CVE-2019-12351
2012743.53.5
 
 
 
 
Neos CMS cross site scripting0.040.00885CVE-2022-30429
2012733.53.5
 
 
 
 
SiteServer SSCMS cross site scripting0.030.00885CVE-2022-30349
2012723.53.5
 
 
 
 
Jfinal CMS HTTP Header cross site scripting0.030.00885CVE-2022-29648
2012715.03.5
 
6.5
 
 
neorazorx facturascripts cross site scripting0.020.00885CVE-2022-1988
2012703.53.5
 
 
 
 
ICT Protege cross site scripting0.060.00885CVE-2022-29734
2012693.53.5
 
 
 
 
Online Market Place Site payload seller cross site scripting0.020.00885CVE-2022-29628
2012683.53.5
 
 
 
 
Solutions Atlantic Regulatory Reporting System ShowDocument.aspx cross site scripting0.030.02561CVE-2022-29598
2012675.03.5
 
6.5
 
 
Black Rainbow Nimbus cross site scripting0.030.00885CVE-2022-24967
2012665.44.3
 
6.5
 
 
DotNetNuke server-side request forgery0.060.00885CVE-2021-40186
2012654.11.9
 
6.4
 
 
Dell Unity/UnityVSA/Unity XT Tools credentials storage0.030.00885CVE-2022-29085
2012643.53.5
 
 
 
 
BigBlueButton Greenlight Share Room Access cross site scripting0.060.00885CVE-2022-26497
2012634.34.3
 
 
 
 
Keep My Notes access control0.040.00885CVE-2022-1716
2012625.55.5
 
 
 
 
Netscout nGeniusONE xml external entity reference0.040.00885CVE-2021-45981
2012613.53.5
 
 
 
 
bbs-go cross site scripting0.000.00885CVE-2021-38221
2012606.36.3
 
 
 
 
oretnom23 Badminton Center Management System sql injection0.020.00885CVE-2022-31994
2012596.36.3
 
 
 
 
oretnom23 Badminton Center Management System sql injection0.030.00885CVE-2022-31992
2012586.36.3
 
 
 
 
oretnom23 Badminton Center Management System sql injection0.000.00885CVE-2022-31989
2012576.36.3
 
 
 
 
oretnom23 Badminton Center Management System sql injection0.020.00885CVE-2022-31988
2012566.36.3
 
 
 
 
oretnom23 Badminton Center Management System sql injection0.000.00885CVE-2022-31986
2012556.36.3
 
 
 
 
oretnom23 Badminton Center Management System sql injection0.020.00885CVE-2022-31985
2012546.36.3
 
 
 
 
oretnom23 Badminton Center Management System sql injection0.050.00885CVE-2022-32000
2012536.36.3
 
 
 
 
oretnom23 Badminton Center Management System sql injection0.020.00885CVE-2022-31998
2012526.36.3
 
 
 
 
oretnom23 Badminton Center Management System sql injection0.020.00885CVE-2022-31996
2012516.36.3
 
 
 
 
oretnom23 ChatBot App with Suggestion sql injection0.030.00885CVE-2022-31971
2012506.36.3
 
 
 
 
oretnom23 ChatBot App with Suggestion sql injection0.020.00885CVE-2022-31970
2012496.36.3
 
 
 
 
oretnom23 ChatBot App with Suggestion sql injection0.030.00885CVE-2022-31969
2012483.53.5
 
 
 
 
OFCMS update.json cross site scripting0.040.00885CVE-2022-29653
2012476.36.3
 
 
 
 
TOTOLINK EX1200T global.so setDeviceMac command injection0.000.01055CVE-2021-42885
2012466.36.3
 
 
 
 
TOTOLINK EX1200T global.so setDeviceName command injection0.030.01055CVE-2021-42884
2012453.53.5
 
 
 
 
Barco TransForm N Control Room Management Suite Web Application checklogin.jsp cross site scripting0.030.00885CVE-2022-26978
2012445.55.5
 
 
 
 
Barco TransForm N Control Room Management Suite Web Application unrestricted upload0.040.00885CVE-2022-26977
2012433.53.5
 
 
 
 
Barco TransForm N Control Room Management Suite Web Application cross site scripting0.060.00885CVE-2022-26976
2012423.53.5
 
 
 
 
Barco TransForm N Control Room Management Suite Web Application cross site scripting0.000.00885CVE-2022-26974
2012413.53.5
 
 
 
 
Barco TransForm N Control Room Management Suite Web Application cgi-bin cross site scripting0.060.00885CVE-2022-26972
2012405.75.7
 
 
 
 
adbyby Service Port 8118 denial of service0.030.00885CVE-2022-29767
2012397.26.3
 
8.2
 
 
Owl Labs Meeting Owl Bluetooth improper authentication0.030.00954CVE-2022-31463
2012386.23.1
 
9.3
 
 
Owl Labs Meeting Owl Bluetooth Broadcast backdoor0.040.00954CVE-2022-31462
2012376.45.4
 
7.4
 
 
Owl Labs Meeting Owl Passcode Protection protection mechanism0.030.00954CVE-2022-31461
2012366.86.3
 
7.4
 
 
Owl Labs Meeting Owl Tethering Mode hard-coded credentials0.030.00954CVE-2022-31460
2012355.84.3
 
7.4
 
 
Owl Labs Meeting Owl Bluetooth information disclosure0.090.00954CVE-2022-31459
2012347.36.3
 
8.3
 
 
Schneider Electric Wiser Smart/EER21000/EER21001 improper authentication0.030.00885CVE-2022-30238

199 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!