CVSSv3 06/22/2022

CVSSv3 Base

≤10
≤20
≤30
≤47
≤53
≤69
≤711
≤81
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤47
≤54
≤610
≤79
≤81
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤47
≤54
≤68
≤711
≤80
≤94
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤62
≤71
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2024833.53.5
 
 
 
 
Unioncms Default Setting cross site scripting0.89+CVE-2022-25585
2024823.53.5
 
 
 
 
NukeViet cross site scripting0.92+CVE-2022-30874
2024813.53.5
 
 
 
 
IdeaLMS cross site scripting0.80+CVE-2022-31786
2024803.53.5
 
 
 
 
Webkul krayin cross site scripting0.89+CVE-2021-41924
2024793.53.5
 
 
 
 
UserTakeOver Search information disclosure0.83+CVE-2022-31478
2024783.53.5
 
 
 
 
OBDA Mastro xml entity expansion0.89+CVE-2021-40511
2024775.55.5
 
 
 
 
Qlik Sense GeoAnalytics server-side request forgery0.95+CVE-2021-36761
2024768.88.8
 
 
 
 
Comodo Antivirus Quarantine access control1.20+CVE-2022-34008
2024758.88.8
 
 
 
 
Tenable Nessus PowerShell cmdlet Check access control1.01+CVE-2022-32973
2024746.36.3
 
 
 
 
iSpyConnect iSpy URL improper authentication1.04+CVE-2022-29775
2024735.55.5
 
 
 
 
iSpyConnect iSpy path traversal1.01+CVE-2022-29774
2024725.55.5
 
 
 
 
Quectel RG502Q-EA os command injection1.07+CVE-2022-26147
2024713.53.5
 
 
 
 
Hyland Onbase Application Server/OnBase Connect information disclosure1.01+CVE-2022-23342
2024707.48.8
 
5.9
 
 
Atlas VPN Named Pipe access control1.07+CVE-2022-23171
2024695.35.3
 
 
 
 
VMware Spring Cloud Function Function Catalog allocation of resources1.35+CVE-2022-22979
2024684.34.3
 
4.3
 
 
discourse-chat Chat Message Lookup Endpoint information disclosure0.95+CVE-2022-31095
2024675.55.5
 
 
 
 
OBDA Mastro DTD xml external entity reference0.95+CVE-2021-40510
2024665.45.4
 
 
 
 
Devolutions Remote Desktop Manager Entry Attachment path traversal1.07+CVE-2022-33995
2024656.36.3
 
 
 
 
oretnom23 Online Railway Reservation System sql injection0.98+CVE-2022-33049
2024644.34.3
 
 
 
 
Tenable Nessus Compliance Audit File information disclosure1.01+CVE-2022-32974
2024634.34.3
 
 
 
 
Autodesk Navisworks PDF File Parser null pointer dereference0.86+CVE-2022-27872
2024626.36.3
 
 
 
 
Autodesk AutoCAD PDFTron buffer overflow0.83+CVE-2022-27871
2024616.36.3
 
 
 
 
Autodesk AutoCAD TGA File Parser buffer overflow0.92+CVE-2022-27870
2024606.36.3
 
 
 
 
Autodesk AutoCAD CAT File use after free0.92+CVE-2022-27868
2024596.36.3
 
 
 
 
Autodesk AutoCAD JT File use after free0.92+CVE-2022-27867
2024585.55.5
 
 
 
 
Red Hat AMQ Broker Operator default permission0.86+CVE-2022-1833
2024575.44.3
 
6.5
 
 
ABB REX640 PCL1/REX640 PCL2/REX640 PCL3 User Database File permission assignment0.95+CVE-2022-1596
2024566.36.3
 
 
 
 
Autodesk AutoCAD TIFF File Parser buffer overflow0.89+CVE-2022-27869
2024555.35.3
 
5.3
 
 
IBM IBM QRadar WinCollect Agent information disclosure1.01+CVE-2021-39006
2024546.36.3
 
 
 
 
OpenSSL Incomplete Fix CVE-2022-1292 c_rehash os command injection1.96+CVE-2022-2068
2024536.36.3
 
 
 
 
oretnom23 Online Railway Reservation System manage_schedule.php sql injection1.14+CVE-2022-33056
2024526.36.3
 
 
 
 
oretnom23 Online Railway Reservation System manage_train.php sql injection1.07+CVE-2022-33055
2024516.36.3
 
 
 
 
oretnom23 Online Railway Reservation System view_details.php sql injection0.95+CVE-2022-33048
2024508.48.4
 
 
 
 
Red Hat Enterprise Linux Kernel hard-coded key1.32+CVE-2022-1665

Interested in the pricing of exploits?

See the underground prices here!