CVSSv3 06/10/2022

CVSSv3 Base

≤10
≤20
≤31
≤43
≤54
≤612
≤710
≤83
≤94
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤43
≤54
≤612
≤712
≤81
≤94
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤33
≤49
≤52
≤614
≤75
≤84
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤51
≤62
≤75
≤86
≤96
≤105

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2015873.33.3
 
3.3
 
 
Gemalto SafeNet KeySecure path traversal0.00CVE-2021-42811
2015866.45.3
 
7.5
 
 
Guzzle Header information disclosure0.07CVE-2022-31043
2015856.45.3
 
7.5
 
 
Guzzle Header information disclosure0.16CVE-2022-31042
2015846.45.3
 
7.5
 
 
Envoy Header use after free0.04CVE-2022-29227
2015836.35.6
 
7.0
 
 
Istio Header out-of-bounds read0.22CVE-2022-31045
2015827.26.3
 
8.1
 
 
GLPI Search Page sql injection0.09CVE-2022-29250
2015818.67.3
 
10.0
 
 
Envoy OAuth Filter missing authentication0.22CVE-2022-29226
2015806.45.3
 
7.5
 
 
Envoy Decompression resource consumption0.04CVE-2022-29225
2015796.45.3
 
7.5
 
 
Envoy OAuth Filter continueDecoding assertion0.03CVE-2022-29228
2015784.53.1
 
5.9
 
 
Mechanize Header information disclosure0.03CVE-2022-31033
2015773.53.5
 
 
 
 
Trend Micro Security 2021/Security 2022 out-of-bounds read0.05CVE-2022-30702
2015766.36.1
 
6.5
 
 
Linux Kernel KGDB/KDB kdb_main.c kdb_check_for_lockdown access control0.04CVE-2022-21499
2015755.55.5
 
 
 
 
Trend Micro Security 2021/Security 2022 Kernel access control0.08CVE-2022-30703
2015743.32.2
 
4.4
 
 
semantic-release Repository URL information disclosure0.03CVE-2022-31051
2015735.55.5
 
 
 
 
CMS Made Simple function.admin_articlestab.php sql injection0.00CVE-2021-40961
2015725.55.5
 
 
 
 
Jizhicms PluginsController.php Index server-side request forgery0.03CVE-2022-31393
2015715.55.5
 
 
 
 
Jizhicms TemplateController.php Update server-side request forgery0.03CVE-2022-31390
2015705.55.5
 
 
 
 
Baidu Kity Minder ImageCapture.class.php init server-side request forgery0.00CVE-2022-31830
2015695.55.5
 
 
 
 
MonstaFTP HTTPFetcher.php performFetchRequest server-side request forgery0.04CVE-2022-31827
2015686.23.5
 
9.0
 
 
RosarioSIS cross site scripting0.03CVE-2022-2036
2015675.13.5
 
6.8
 
 
neorazorx facturascripts cross site scripting0.03CVE-2022-2016
2015665.24.3
 
6.1
 
 
jgraph drawio cross site scripting0.03CVE-2022-2015
2015654.34.3
 
 
 
 
CSCMS Music Portal System cross-site request forgery0.03CVE-2022-30898
2015644.43.5
 
5.4
 
 
GLPI Kanban cross site scripting0.08CVE-2022-24876
2015634.32.5
 
6.2
 
 
ZyXEL GS1200 timing discrepancy0.00CVE-2022-0823
2015627.75.6
 
9.8
 
 
ToolJet Remote Code Execution0.03CVE-2022-2037
2015615.83.5
 
8.2
 
 
kromit titra cross site scripting0.08CVE-2022-2029
2015605.83.5
 
8.2
 
 
kromit titra cross site scripting0.08CVE-2022-2028
2015595.83.5
 
8.2
 
 
kromit titra cross site scripting0.00CVE-2022-2026
2015588.47.3
 
9.6
 
 
jgraph drawio code injection0.06CVE-2022-2014
2015577.06.3
 
7.8
 
 
vim out-of-bounds write0.03CVE-2022-2000
2015567.26.3
 
8.1
 
 
gogs path traversal0.07CVE-2022-1993
2015558.67.3
 
10.0
 
 
gogs path traversal0.07CVE-2022-1992
2015548.67.3
 
10.0
 
 
gogs os command injection0.00CVE-2022-1986
2015535.55.5
 
 
 
 
OPSWAT MetaDefender access control0.26CVE-2022-32272
2015526.36.3
 
 
 
 
nbnbk CMS URL Parameter server-side request forgery0.05CVE-2022-31386
2015512.62.6
 
 
 
 
ZTE MF297D random values0.03CVE-2022-23138

Do you need the next level of professionalism?

Upgrade your account now!