CVSSv3 06/09/2022

CVSSv3 Base

≤10
≤22
≤30
≤413
≤511
≤614
≤79
≤86
≤96
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤22
≤30
≤413
≤512
≤613
≤713
≤84
≤94
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤22
≤30
≤416
≤510
≤616
≤76
≤87
≤95
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤53
≤64
≤70
≤84
≤93
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤91
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2018177.97.1
 
8.38.3
 
Microsoft Edge Remote Code Execution0.080.01601CVE-2022-22021
2015503.53.5
 
 
 
 
SCORM Engine modern.html cross site scripting0.130.00885CVE-2022-2035
2015496.25.0
 
7.5
 
 
ITarian SAAS/On-Premise Service Desk Module missing secure attribute0.040.01055CVE-2022-25151
2015484.34.3
 
 
 
 
ihb eG FlexNow FrontControllerSS Endpoint resource injection0.000.01055CVE-2022-30760
2015479.38.8
 
9.9
 
 
ITarian SAAS/On-Premise procedures security check0.020.01440CVE-2022-25152
2015466.75.5
 
8.0
 
 
kromit titra csv injection0.000.00885CVE-2022-2027
2015454.03.5
 
4.6
 
 
HCL OneTest Server unknown vulnerability0.020.00885CVE-2021-27786
2015444.94.3
 
5.5
 
 
containerd ExecSync API resource consumption0.040.01034CVE-2022-31030
2015434.43.5
 
5.4
 
 
gogs cross site scripting0.030.00890CVE-2022-31038
2015424.83.7
 
5.9
 
 
Envoy GrpcHealthCheckerImpl null pointer dereference0.020.00885CVE-2022-29224
2015418.57.3
 
9.8
 
 
PJSIP STUN buffer overflow0.030.00885CVE-2022-31031
2015408.88.8
 
 
 
 
Firejail User Namespace join.c access control0.000.01365CVE-2022-31214
2015395.55.5
 
 
 
 
Apache Dubbo server-side request forgery0.020.00885CVE-2022-24969
2015385.55.5
 
 
 
 
Xen Mapping memory corruption0.020.00950CVE-2022-26364
2015375.55.5
 
 
 
 
Xen Mapping memory corruption0.000.00950CVE-2022-26363
2015364.64.6
 
 
 
 
Xen typeref race condition0.060.00950CVE-2022-26362
2015358.38.8
 
7.8
 
 
ITarian Endpoint Manage Communication Client OpenSSL Configuration openssl.conf permission0.020.00885CVE-2022-25153
2015347.37.3
 
 
 
 
Apache HTTP Server Connection Header access control0.130.01246CVE-2022-31813
2015335.35.3
 
 
 
 
Apache HTTP Server r:wsread information disclosure0.080.01246CVE-2022-30556
2015325.35.3
 
 
 
 
Apache HTTP Server mod_sed memory allocation0.560.01246CVE-2022-30522
2015315.35.3
 
 
 
 
Apache HTTP Server ap_rputs integer overflow0.130.01246CVE-2022-28614
2015307.37.3
 
 
 
 
Apache HTTP Server mod_isapi out-of-bounds0.090.00954CVE-2022-28330
2015297.37.3
 
 
 
 
Apache HTTP Server mod_proxy_ajp request smuggling0.130.01246CVE-2022-26377
2015285.35.3
 
 
 
 
Apache HTTP Server Lua Script r:parsebody allocation of resources0.060.01246CVE-2022-29404
2015277.37.3
 
 
 
 
Apache HTTP Server ap_strcmp_match integer overflow0.130.01246CVE-2022-28615
2015268.88.8
 
 
 
 
Linux Kernel File System Notification copy_event_to_user use after free0.040.00890CVE-2022-1998
2015253.53.5
 
 
 
 
Emlog Pro Background Management cross site scripting0.020.00885CVE-2021-40610
2015244.83.7
 
5.9
 
 
Trilogy uninitialized resource0.020.00885CVE-2022-31026
2015236.45.3
 
7.5
 
 
Vapor Request Body buffer overflow0.020.00885CVE-2022-31019
2015224.65.0
 
4.2
 
 
OAuthenticator CILogonOAuthenticator authorization0.020.00885CVE-2022-31027
2015215.55.5
 
 
 
 
slowscript HTTP File Server Directory Listing path traversal0.030.00885CVE-2021-40668
2015204.34.3
 
4.3
 
 
Enalean Tuleap Tracker Report Renderer authorization0.000.00950CVE-2022-24896
2015197.36.5
 
8.2
 
 
Vyper Contract Address control flow0.020.00885CVE-2022-29255
2015184.34.8
 
3.7
 
 
SilverStripe Omnipay Payment denial of service0.030.00885CVE-2022-29254
2015172.02.0
 
 
 
 
Verbatim Keypad Secure USB 3.2 Gen 1 Drive excessive authentication0.000.01034CVE-2022-28384
2015162.02.0
 
 
 
 
Verbatim Keypad Secure USB 3.2 Gen 1 risky encryption0.020.01537CVE-2022-28382
2015156.36.3
 
 
 
 
ChurchCRM WhyCameEditor.php sql injection0.030.01564CVE-2022-31325
2015143.53.5
 
 
 
 
Dolibarr SQL Error Page cross site scripting0.030.00885CVE-2022-30875
2015136.54.3
 
8.8
 
 
RosarioSIS cross site scripting0.020.00885CVE-2022-1997
2015123.53.5
 
 
 
 
Open edX Platform Logout cross site scripting0.040.00885CVE-2022-32195
2015116.36.3
 
 
 
 
Horde Webmail Address Book Driver.php create injection0.200.00000CVE-2022-30287
2015103.53.5
 
 
 
 
Razer Sila Gaming Router file inclusion0.040.07571CVE-2022-29014
2015093.53.5
 
 
 
 
PartKeepr part_categories cross site scripting0.000.00885CVE-2022-30899
2015083.53.5
 
 
 
 
ownCloud information disclosure0.000.00954CVE-2022-31649
2015075.55.5
 
 
 
 
Razer Sila Gaming Router POST Request command injection0.020.08382CVE-2022-29013
2015065.55.5
 
 
 
 
ZAngband plat.c integer underflow0.020.00885CVE-2021-40589
2015054.34.3
 
 
 
 
IGEL Universal Management Suite Registry Key permission0.060.00885CVE-2022-25804
2015046.46.4
 
 
 
 
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C Emulated CD-ROM Drive backdoor0.020.01108CVE-2022-28385
2015036.46.4
 
 
 
 
Verbatim Keypad Secure USB 3.2 Gen 1 Drive Firmware backdoor0.020.01537CVE-2022-28383
2015023.53.5
 
 
 
 
IGEL Universal Management Suite PrefDBCredentials hard-coded key0.060.00885CVE-2022-25806

12 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!