CVSSv3 07/02/2022

CVSSv3 Base

≤10
≤20
≤32
≤48
≤58
≤645
≤79
≤82
≤92
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤48
≤514
≤642
≤76
≤84
≤90
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤33
≤48
≤512
≤640
≤79
≤83
≤90
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤44
≤58
≤64
≤74
≤82
≤94
≤104

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2031645.55.5
 
 
 
 
Zoho ManageEngine ServiceDesk Plus MSP web.xml path traversal0.00CVE-2022-32551
2031638.07.8
 
8.2
 
 
NVIDIA DGX A100 BiosCfgTool memory corruption0.12CVE-2022-28200
2031625.55.5
 
 
 
 
TOTOLINK T6 FUN_0041621c stack-based overflow0.05CVE-2022-32053
2031615.55.5
 
 
 
 
TOTOLINK T6 FUN_004137a4 stack-based overflow0.00CVE-2022-32052
2031605.55.5
 
 
 
 
TOTOLINK T6 FUN_004133c4 stack-based overflow0.00CVE-2022-32051
2031595.55.5
 
 
 
 
TOTOLINK T6 FUN_0041af40 stack-based overflow0.03CVE-2022-32050
2031585.55.5
 
 
 
 
TOTOLINK T6 FUN_00418540 stack-based overflow0.06CVE-2022-32049
2031575.55.5
 
 
 
 
TOTOLINK T6 FUN_0041cc88 stack-based overflow0.04CVE-2022-32048
2031565.55.5
 
 
 
 
TOTOLINK T6 FUN_00412ef4 stack-based overflow0.06CVE-2022-32047
2031555.55.5
 
 
 
 
TOTOLINK T6 FUN_0041880c stack-based overflow0.04CVE-2022-32046
2031545.55.5
 
 
 
 
TOTOLINK T6 FUN_00413be4 stack-based overflow0.00CVE-2022-32045
2031535.55.5
 
 
 
 
TOTOLINK T6 FUN_00413f80 stack-based overflow0.06CVE-2022-32044
2031525.55.5
 
 
 
 
Tenda M3 formSetAccessCodeInfo stack-based overflow0.00CVE-2022-32043
2031515.55.5
 
 
 
 
Tenda M3 formGetPassengerAnalyseData stack-based overflow0.06CVE-2022-32041
2031505.55.5
 
 
 
 
Tenda M3 formSetCfm stack-based overflow0.04CVE-2022-32040
2031495.55.5
 
 
 
 
Tenda M3 fromDhcpListClient stack-based overflow0.04CVE-2022-32039
2031485.55.5
 
 
 
 
Tenda M3 formSetAPCfg stack-based overflow0.00CVE-2022-32037
2031475.55.5
 
 
 
 
Tenda M3 formSetStoreWeb stack-based overflow0.00CVE-2022-32036
2031465.55.5
 
 
 
 
Tenda M3 formMasterMng stack-based overflow0.03CVE-2022-32035
2031455.55.5
 
 
 
 
Tenda M3 formdelMasteraclist stack-based overflow0.06CVE-2022-32034
2031445.55.5
 
 
 
 
Tenda AX1806 formSetVirtualSer stack-based overflow0.00CVE-2022-32033
2031435.55.5
 
 
 
 
Tenda AX1806 formAddMacfilterRule stack-based overflow0.07CVE-2022-32032
2031425.55.5
 
 
 
 
Tenda AX1806 Parameter fromSetRouteStatic stack-based overflow0.00CVE-2022-32031
2031415.55.5
 
 
 
 
Tenda AX1806 Parameter formSetQosBand stack-based overflow0.03CVE-2022-32030
2031402.52.0
 
3.1
 
 
GitLab Autocomplete information disclosure0.07CVE-2022-0167
2031392.62.6
 
2.6
 
 
GitLab Enterprise Edition Group Milestone information disclosure0.06CVE-2022-2281
2031383.94.3
 
3.5
 
 
GitLab Conan Package permission0.03CVE-2022-2270
2031378.16.3
 
9.9
 
 
GitLab Project Import Privilege Escalation0.83CVE-2022-2185
2031363.74.2
 
3.1
 
 
GitLab Community Edition/Enterprise Edition REST API access control0.07CVE-2022-1999
2031355.64.7
 
6.5
 
 
GitLab Enterprise Edition Deploy improper authorization0.03CVE-2022-1983
2031345.34.7
 
5.9
 
 
GitLab Enterprise Edition Group Setting access control0.06CVE-2022-1981
2031335.85.5
 
6.2
 
 
link-preview-js server-side request forgery0.03CVE-2022-25876
2031325.55.5
 
 
 
 
HongCMS edit Privilege Escalation0.00CVE-2022-32412
2031315.55.5
 
 
 
 
HongCMS Languages Config File Privilege Escalation0.00CVE-2022-32411
2031306.13.5
 
8.7
 
 
GitLab Enterprise Edition ZenTao Link cross site scripting0.07CVE-2022-2235
2031295.22.4
 
8.1
 
 
GitLab Community Edition/Enterprise Edition cross site scripting0.00CVE-2022-2230
2031287.77.3
 
8.1
 
 
git-clone command injection0.04CVE-2022-25900
2031276.35.0
 
7.7
 
 
jsrsasign signature verification0.03CVE-2022-25898
2031265.25.6
 
4.8
 
 
passport Session Remote Code Execution0.00CVE-2022-25896
2031255.35.3
 
5.3
 
 
scss-tokenizer Regular Expression loadAnnotation incorrect regex0.24CVE-2022-25758
2031244.34.3
 
4.3
 
 
GitLab Community Edition/Enterprise Edition Response Header incorrect regex0.00CVE-2022-1954
2031234.32.4
 
6.2
 
 
Distributed Data Systems WebHMI cross site scripting0.07CVE-2022-2254
2031225.56.3
 
4.7
 
 
GitLab Community Edition/Enterprise Edition redirect0.00CVE-2022-2250
2031215.36.3
 
4.3
 
 
GitLab Community Edition/Enterprise Edition Error Tracking improper authorization0.03CVE-2022-2244
2031204.64.3
 
5.0
 
 
GitLab Enterprise Edition Non-linked Sentry Project access control0.07CVE-2022-2243
2031196.45.3
 
7.5
 
 
GitLab Community Edition/Enterprise Edition Private Project improper authorization0.03CVE-2022-2229
2031184.53.7
 
5.3
 
 
GitLab Enterprise Edition Group access control0.03CVE-2022-2228
2031174.34.3
 
4.3
 
 
GitLab Community Edition/Enterprise Edition Rrunner Jobs API access control0.06CVE-2022-2227
2031168.17.2
 
9.1
 
 
Distributed Data Systems WebHMI os command injection0.00CVE-2022-2253
2031153.53.5
 
 
 
 
Aerogear cross site scripting0.03CVE-2014-3650

28 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!