CVSSv3 06/28/2022

CVSSv3 Base

≤10
≤20
≤31
≤410
≤512
≤611
≤710
≤86
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤48
≤512
≤612
≤711
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤22
≤30
≤416
≤513
≤69
≤76
≤84
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤54
≤63
≤78
≤810
≤94
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2028935.55.5
 
 
 
 
XPDF object.cc Copy stack-based overflow0.05CVE-2022-33108
2028928.38.8
 
7.8
 
 
Douzone NeoRS ActiveX Module origin validation0.08CVE-2022-23763
2028913.53.5
 
 
 
 
MediaWiki Lemma Length denial of service0.04CVE-2022-34750
2028905.05.0
 
 
 
 
Yokogawa CENTUM CAMS information disclosure0.04CVE-2022-30707
2028893.53.5
 
 
 
 
ECShop information disclosure0.00CVE-2021-41460
2028885.44.3
 
6.5
 
 
Synapse URL Preview recursion0.00CVE-2022-31052
2028874.34.3
 
 
 
 
Dell EMC PowerScale OneFS information exposure0.00CVE-2022-31229
2028867.87.3
 
8.3
 
 
Clever underscore.deep deepFromFlat prototype pollution0.00CVE-2022-31106
2028856.36.3
 
 
 
 
piwigo LocalFiles Editor Privilege Escalation0.03CVE-2021-40553
2028844.34.3
 
 
 
 
HPE NonStop DSM/NonStop SCM information disclosure0.04CVE-2022-28621
2028833.13.1
 
 
 
 
ruby-mysql external reference0.04CVE-2021-3779
2028827.37.3
 
 
 
 
ionicabizau parse-path authorization0.00CVE-2022-0624
2028813.53.5
 
 
 
 
LightCMS PDF File cross site scripting0.00CVE-2022-33009
2028803.53.5
 
 
 
 
Delta Electronics DIAEnergie Settings Module cross site scripting0.00CVE-2022-33005
2028793.53.5
 
 
 
 
Apache Tika Incomplete Fix StandardsExtractingContentHandler incorrect regex0.11CVE-2022-33879
2028786.45.3
 
7.5
 
 
lettersanitizer CSS Rule unusual condition0.00CVE-2022-31103
2028777.26.3
 
8.1
 
 
PrestaShop blockwishlist sql injection0.07CVE-2022-31101
2028765.44.3
 
6.5
 
 
rulex Expression Parser assertion0.00CVE-2022-31100
2028755.44.3
 
6.5
 
 
rulex Expression Parser recursion0.00CVE-2022-31099
2028745.74.3
 
7.1
 
 
ScratchTools Recently Viewed Project cross site scripting0.03CVE-2022-31094
2028736.56.5
 
6.5
 
 
LDAP Account Manager Login injection0.00CVE-2022-31088
2028723.02.0
 
4.0
 
 
KubeEdge CSI Driver Controller null pointer dereference0.00CVE-2022-31077
2028715.03.5
 
6.5
 
 
BigBlueButton Private Chat cross site scripting0.00CVE-2022-31064
2028704.34.3
 
4.3
 
 
BigBlueButton Greenlight Room Setting privileges management0.04CVE-2022-31039
2028693.53.5
 
 
 
 
GPAC MP4Box filter.c filter_parse_dyn_args denial of service0.00CVE-2021-40942
2028685.25.6
 
4.8
 
 
Wasmtime calculation0.00CVE-2022-31104
2028675.55.5
 
 
 
 
Halo CMS upload unrestricted upload0.05CVE-2022-32994
2028666.45.3
 
7.5
 
 
NextAuth.js URL unusual condition0.00CVE-2022-31093
2028653.12.0
 
4.2
 
 
KubeEdge CloudCore null pointer dereference0.03CVE-2022-31076
2028645.03.5
 
6.5
 
 
Shopware cross site scripting0.00CVE-2022-31057
2028635.55.5
 
 
 
 
TRENDnet TEW-751DR/TEW-752DRU genacgi_main stack-based overflow0.00CVE-2022-33007
2028626.36.3
 
 
 
 
Halo CMS Template server-side request forgery0.00CVE-2022-32995
2028615.55.5
 
 
 
 
D-Link DIR-645 __ajax_explorer.sgi command injection0.11CVE-2022-32092
2028606.45.3
 
7.5
 
 
Parse Server Invalid File Request return value0.00CVE-2022-31089
2028597.35.6
 
9.0
 
 
LDAP Account Manager argument injection0.22CVE-2022-31084
2028585.03.5
 
6.5
 
 
BigBlueButton Private Chat cross site scripting0.05CVE-2022-31065
2028574.34.3
 
4.3
 
 
Argo CD symlink0.00CVE-2022-31036
2028564.63.5
 
5.7
 
 
Discourse Invite permissions0.05CVE-2022-31096
2028556.23.5
 
9.0
 
 
Weave GitOps log file0.00CVE-2022-31098
2028544.94.1
 
5.8
 
 
glpi-inventory-plugin Package Deployment Task deploypackage.public.php sql injection0.00CVE-2022-31082
2028534.34.3
 
 
 
 
Benjamin Balet Jorani Users.php cross-site request forgery0.04CVE-2022-34134
2028523.53.5
 
 
 
 
Benjamin Balet Jorani Leaves.php cross site scripting0.00CVE-2022-34133
2028513.53.5
 
 
 
 
GUnet Open eClass Platform index.php pathname traversal0.03CVE-2022-33116
2028505.73.7
 
7.7
 
 
Guzzle Redirect information disclosure0.04CVE-2022-31091
2028496.04.3
 
7.7
 
 
Guzzle Curl information disclosure0.00CVE-2022-31090
2028486.36.3
 
 
 
 
Benjamin Balet Jorani Leaves.php sql injection0.05CVE-2022-34132
2028477.87.8
 
7.8
 
 
LDAP Account Manager injection0.08CVE-2022-31087
2028466.66.6
 
6.6
 
 
LDAP Account Manager pdf injection0.00CVE-2022-31086
2028457.37.3
 
7.3
 
 
HTTP::Daemon request smuggling0.08CVE-2022-31081
2028446.25.0
 
7.5
 
 
Pimcore sql injection0.00CVE-2022-31092

1 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!