CVSSv3 06/27/2022

CVSSv3 Base

≤10
≤20
≤30
≤412
≤525
≤628
≤78
≤810
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤413
≤524
≤629
≤711
≤86
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤312
≤429
≤529
≤64
≤79
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤31
≤40
≤528
≤68
≤712
≤823
≤97
≤106

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤42
≤51
≤60
≤74
≤85
≤93
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2028424.83.56.1
 
 
 
Ruckus Wireless ZoneDirector cross site scripting0.040.00954CVE-2020-21161
2028415.64.36.16.5
 
 
Hikvision Hybrid SAN Web Module cross site scripting0.050.00885CVE-2022-28172
2028406.03.55.49.0
 
 
Argo CD UI cross site scripting0.000.00890CVE-2022-31035
2028398.27.39.87.5
 
 
Hikvision Hybrid SAN Web Module os command injection0.040.00885CVE-2022-28171
2028385.53.57.5
 
 
 
Brocade SANnav Base64 Encoding log file0.070.00885CVE-2022-28168
2028375.03.56.5
 
 
 
Brocade SANnav Switch Password asyncjobscheduler-manager.log server log file0.040.00885CVE-2022-28167
2028365.63.77.5
 
 
 
Brocade SANnav SSL Server hard-coded key0.000.00885CVE-2022-28166
2028355.53.57.5
 
 
 
Apache SystemDS readExternal resource consumption0.080.00885CVE-2022-26477
2028345.53.57.5
 
 
 
Axiomatic Bento4 Ap4Array.h AP4_Array denial of service0.070.00885CVE-2021-40941
2028338.06.39.87.8
 
 
vim out-of-bounds write0.000.01018CVE-2022-2210
2028327.13.59.08.8
 
 
Elcomplus SmartICS Parameter cross site scripting0.040.00885CVE-2022-2140
2028313.74.72.73.8
 
 
Elcomplus SmartICS Filename path traversal0.070.00885CVE-2022-2106
2028304.82.74.96.8
 
 
Elcomplus SmartICS Process access control0.070.00885CVE-2022-2088
2028297.15.08.18.3
 
 
Argo CD SSO Login random values0.040.00885CVE-2022-31034
2028285.44.36.5
 
 
 
Devolutions Remote Desktop Manager My Account Settings information disclosure0.040.00885CVE-2022-2221
2028275.53.57.5
 
 
 
MindSpore Initialization Split divide by zero0.000.00885CVE-2021-33654
2028265.53.57.5
 
 
 
MindSpore Derivation Shape divide by zero0.070.00885CVE-2021-33653
2028255.53.57.5
 
 
 
MindSpore Reduce divide by zero0.000.00885CVE-2021-33652
2028245.53.57.5
 
 
 
MindSpore DepthwiseConv2D divide by zero0.070.00885CVE-2021-33651
2028235.53.57.5
 
 
 
MindSpore Inference Shape SparseToDense out-of-bounds0.040.00885CVE-2021-33650
2028226.55.57.5
 
 
 
MindSpore Inference Shape heap-based overflow0.040.00885CVE-2021-33649
2028216.55.57.5
 
 
 
MindSpore Inference Shape Gather heap-based overflow0.030.00885CVE-2021-33648
2028206.55.57.5
 
 
 
MindSpore Inference Shape out-of-bounds write0.040.00885CVE-2021-33647
2028195.63.77.5
 
 
 
HPE StoreOnce Software SSH Server key management0.040.01055CVE-2022-28622
2028186.54.36.19.1
 
 
ionicabizau parse-url cross site scripting0.070.00885CVE-2022-2218
2028178.87.39.89.4
 
 
ionicabizau parse-url server-side request forgery0.040.00885CVE-2022-2216
2028165.94.35.57.8
 
 
vim null pointer dereference0.040.01018CVE-2022-2208
2028158.06.39.87.8
 
 
vim heap-based overflow0.040.01018CVE-2022-2207
2028145.53.57.5
 
 
 
scniro-validator Invalid Email incorrect regex0.040.00885CVE-2021-40901
2028135.53.57.5
 
 
 
regexfn Email incorrect regex0.070.00885CVE-2021-40900
2028126.54.36.19.1
 
 
ionicabizau parse-url cross site scripting0.030.00885CVE-2022-2217
2028115.33.77.54.8
 
 
ionicabizau parse-url information disclosure0.040.00885CVE-2022-0722
2028105.53.57.5
 
 
 
repo-git-downloader Git Repository incorrect regex0.000.00885CVE-2021-40899
2028095.53.57.5
 
 
 
scaffold-helper Invalid File incorrect regex0.070.00885CVE-2021-40898
2028085.53.57.5
 
 
 
split-html-to-chars HTML incorrect regex0.040.00885CVE-2021-40897
2028075.53.57.5
 
 
 
that-value Invalid Email incorrect regex0.040.00885CVE-2021-40896
2028065.53.57.5
 
 
 
todo-regex TODO Statement incorrect regex0.000.00885CVE-2021-40895
2028054.34.34.3
 
 
 
Clean-Contact Plugin Setting cross-site request forgery0.070.00885CVE-2022-1914
2028044.34.34.3
 
 
 
Add Post URL Plugin Setting cross-site request forgery0.000.00885CVE-2022-1913
2028034.34.34.3
 
 
 
WP Sentry Plugin Setting cross-site request forgery0.070.00885CVE-2022-1844
2028024.34.34.3
 
 
 
OpenBook Book Data Plugin Setting cross-site request forgery0.070.00885CVE-2022-1842
2028015.24.36.1
 
 
 
Site Offline or Coming Soon Plugin Setting cross-site request forgery0.040.00885CVE-2022-1593
2028004.43.55.4
 
 
 
Brizy Plugin cross site scripting0.000.00885CVE-2022-2041
2027994.43.55.4
 
 
 
Brizy Plugin URL cross site scripting0.040.00885CVE-2022-2040
2027983.62.44.8
 
 
 
Malware Scanner Plugin Setting cross site scripting0.060.00885CVE-2022-1995
2027973.62.44.8
 
 
 
Nested Pages Plugin Setting cross site scripting0.000.00885CVE-2022-1990
2027963.62.44.8
 
 
 
NextCellent Gallery Plugin Image Setting cross site scripting0.040.00885CVE-2022-1971
2027954.43.55.4
 
 
 
Easy SVG Support Plugin cross site scripting0.040.00885CVE-2022-1964
2027944.34.34.3
 
 
 
MyCSS Plugin Setting cross-site request forgery0.070.00885CVE-2022-1960
2027935.24.36.1
 
 
 
Pricing Tables Plugin cross site scripting0.030.00885CVE-2022-1904

35 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!