CVSSv3 06/29/2022

CVSSv3 Base

≤10
≤20
≤31
≤44
≤519
≤621
≤719
≤88
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤44
≤519
≤622
≤718
≤88
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤33
≤424
≤515
≤613
≤715
≤82
≤92
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤43
≤54
≤614
≤713
≤827
≤91
≤107

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤43
≤56
≤63
≤73
≤82
≤91
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2041876.36.3
 
 
 
 
Mozilla Firefox Internal URL Protection access control0.000.00000CVE-2022-31746
2029707.04.77.29.1
 
 
grav code injection0.000.00885CVE-2022-2073
2029695.13.55.46.5
 
 
Enalean Tuleap MyDocmanSearch Widget cross site scripting0.040.00950CVE-2022-31063
2029685.94.7
 
7.2
 
 
Enalean Tuleap Tracker Report sql injection0.070.00950CVE-2022-31058
2029674.34.3
 
4.3
 
 
Enalean Tuleap Project information disclosure0.070.01034CVE-2022-31032
2029666.05.37.55.3
 
 
RSSHub resource consumption0.030.00954CVE-2022-31110
2029656.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.000.00885CVE-2022-33061
2029646.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.000.00885CVE-2022-33060
2029636.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.000.00885CVE-2022-33059
2029626.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.040.00885CVE-2022-33058
2029616.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.040.00885CVE-2022-33057
2029605.66.36.14.3
 
 
microweber redirect0.000.00885CVE-2022-2252
2029595.54.36.16.1
 
 
IBM Security Guardium Web UI cross site scripting0.030.00885CVE-2021-39074
2029586.76.37.2
 
 
 
oretnom23 Online Railway Reservation System view_details.php sql injection0.170.00885CVE-2022-33042
2029544.73.55.9
 
 
 
MetaMask BIP39 Mnemonic information disclosure0.000.00954CVE-2022-32969
2029535.54.96.1
 
 
 
ApiFest OAuth 2.0 Server URI redirect0.090.00954CVE-2020-26877
2029527.06.37.8
 
 
 
XLPD unquoted search path0.030.00885CVE-2022-33035
2029516.86.37.3
 
 
 
NoMachine permission0.040.01036CVE-2022-34043
2029506.65.57.8
 
 
 
Embarcadero Dev-CPP EXE File uncontrolled search path0.060.01036CVE-2022-33037
2029496.65.57.8
 
 
 
Embarcadero Dev-CPP EXE File uncontrolled search path0.040.01036CVE-2022-33036
2029486.55.57.5
 
 
 
CVA6 Multiplication Unit permission0.030.00885CVE-2022-33023
2029476.55.57.5
 
 
 
CVA6 memory corruption0.000.00885CVE-2022-33021
2029467.65.59.8
 
 
 
ThinkPHP AbstractCache.php deserialization0.040.01086CVE-2022-33107
2029454.03.74.3
 
 
 
Textpattern CMS txplib_misc.php missing secure attribute0.040.00885CVE-2021-40642
2029444.02.65.4
 
 
 
SilverStripe Framework cwp-core Module cross site scripting0.000.00950CVE-2022-25238
2029435.44.36.5
 
 
 
Marval MSM 2FA cross-site request forgery0.020.01018CVE-2022-31886
2029424.43.55.4
 
 
 
Admidio cross site scripting0.020.00885CVE-2022-23896
2029414.43.55.4
 
 
 
SilverStripe Framework XMLHttpRequest cross site scripting0.000.00885CVE-2022-28803
2029403.93.54.3
 
 
 
SilverStripe Assets cross site scripting0.030.01034CVE-2022-29858
2029394.83.56.1
 
 
 
wuzhicms cross site scripting0.000.01055CVE-2020-19897
2029384.23.75.33.7
 
 
dompdf server-side request forgery0.000.00885CVE-2022-0085
2029374.83.56.1
 
 
 
SourceCodester Zoo Management System register_visitor cross site scripting0.030.00885CVE-2022-31897
2029365.54.96.1
 
 
 
Nagios XI Login redirect0.090.01018CVE-2022-29272
2029355.03.56.5
 
 
 
Nagios XI Downtime permission0.080.00950CVE-2022-29271
2029344.95.54.3
 
 
 
Nagios XI Email Address access control0.000.00950CVE-2022-29270
2029334.73.06.5
 
 
 
Nagios XI Schedule Report injection0.090.00950CVE-2022-29269
2029327.65.59.8
 
 
 
Marval MSM Administrator Password access control0.060.00954CVE-2022-31887
2029315.54.66.5
 
 
 
Marval MSM API Key access control0.030.00890CVE-2022-31884
2029306.46.36.5
 
 
 
SilverStripe Framework session fixiation0.000.01018CVE-2022-24444
2029297.65.59.8
 
 
 
Marval MSM VBScript os command injection0.000.02211CVE-2022-31885
2029286.13.58.8
 
 
 
Marval MSM API Key resource injection0.050.00890CVE-2022-31883
2029275.94.35.57.8
 
 
vim null pointer dereference0.030.01018CVE-2022-2231
2029265.74.57.84.9
 
 
zephyrproject-rtos le_ecred_conn_req stack-based overflow0.030.00885CVE-2021-3434
2029253.53.33.34.0
 
 
zephyrproject-rtos CONNECT_IND unknown vulnerability0.040.00885CVE-2021-3433
2029245.44.37.54.3
 
 
zephyrproject-rtos CONNECT_IND divide by zero0.030.00885CVE-2021-3432
2029235.44.37.54.3
 
 
zephyrproject-rtos LL_FEATURE_REQ assertion0.030.00885CVE-2021-3431
2029226.86.57.56.5
 
 
zephyrproject-rtos LL_CONNECTION_PARAM_REQ assertion0.000.00885CVE-2021-3430
2029215.35.3
 
5.3
 
 
GLPI information disclosure0.050.00885CVE-2022-31068
2029208.57.3
 
9.8
 
 
GLPI Login Page sql injection0.000.00885CVE-2022-31061
2029196.76.67.85.8
 
 
Cloudflare WARP Client Installation link following0.030.00885CVE-2022-2145

25 more entries are not shown

Do you know our Splunk app?

Download it now for free!